Rethinking FPGA Security in the New Era of Artificial Intelligence

With various possible attacks against commercial electronic devices reported over the past few decades, the security of hardware devices and systems has become an urgent problem. Accordingly, a large number of solutions and countermeasures have been explored to mitigate these attacks. Artificial intelligence, as one of the fastest-growing research areas, also makes a unique impact on the landscape of vulnerabilities and countermeasures of hardware. As a vital subset of artificial intelligence, machine learning algorithms are found of great use in hardware security from both constructive and destructive perspectives. In this paper, we provide a survey of such double-edged sword impact of machine learning techniques on the security of hardware. In particular, we focus on the discussion of FPGA security. We enumerate both countermeasures and attacks based on pure machine learning algorithms, as well as the integration of machine learning and other methods, such as side-channel analysis. In addition, we also discuss the security concerns of FPGAs when they are used as carriers or accelerators for machine learning algorithms. Specifically, we present the security issues of FPGAs in two different application scenarios: 1) as a standalone computing resource and 2) as a public-leased computing resource shared by multiple users.

[1]  Jiliang Zhang,et al.  Set-Based Obfuscation for Strong PUFs Against Machine Learning Attacks , 2018, IEEE Transactions on Circuits and Systems I: Regular Papers.

[2]  Ingrid Verbauwhede,et al.  Electromagnetic circuit fingerprints for Hardware Trojan detection , 2015, 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[3]  Yanzhi Wang,et al.  Fault Sneaking Attack: a Stealthy Framework for Misleading Deep Neural Networks , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[4]  Srinivas Devadas,et al.  Controlled physical random functions and applications , 2008, TSEC.

[5]  Jie Zhang,et al.  BoardPUF: Physical Unclonable Functions for printed circuit board authentication , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[6]  Jan Sölter,et al.  Efficient Power and Timing Side Channels for Physical Unclonable Functions , 2014, CHES.

[7]  Nidish Vashistha,et al.  Trojan Scanner: Detecting Hardware Trojans with Rapid SEM Imaging Combined with Image Processing and Machine Learning , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[8]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[9]  Fabio Roli,et al.  Poisoning Adaptive Biometric Systems , 2012, SSPR/SPR.

[10]  Miodrag Potkonjak,et al.  Lightweight secure PUFs , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[11]  Debdeep Mukhopadhyay,et al.  A Multiplexer-Based Arbiter PUF Composition with Enhanced Reliability and Security , 2018, IEEE Transactions on Computers.

[12]  Qiang Xu,et al.  Fault injection attack on deep neural network , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[13]  Georg T. Becker,et al.  On the Pitfalls of Using Arbiter-PUFs as Building Blocks , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[14]  Ramesh Karri,et al.  Multi-Tenant FPGA-based Reconfigurable Systems: Attacks and Defenses , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  Ulrich Rührmair,et al.  Security Evaluation and Enhancement of Bistable Ring PUFs , 2015, RFIDSec.

[16]  Takeshi Kumaki,et al.  Detection technique for hardware Trojans using machine learning in frequency domain , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[17]  Dina G. Mahmoud,et al.  Timing Violation Induced Faults in Multi-Tenant FPGAs , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[18]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[19]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[20]  Ben Y. Zhao,et al.  Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[21]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[22]  Daniel E. Holcomb,et al.  FPGA Side Channel Attacks without Physical Access , 2018, 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[23]  Siddharth Garg,et al.  Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes , 2015, NDSS.

[24]  Daniel E. Holcomb,et al.  Using Statistical Models to Improve the Reliability of Delay-Based PUFs , 2016, 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[25]  Ben Y. Zhao,et al.  Latent Backdoor Attacks on Deep Neural Networks , 2019, CCS.

[26]  Jakub Szefer,et al.  Temporal Thermal Covert Channels in Cloud FPGAs , 2019, FPGA.

[27]  Srinivas Devadas,et al.  PUF Modeling Attacks on Simulated and Silicon Data , 2013, IEEE Transactions on Information Forensics and Security.

[28]  Bo Luo,et al.  I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators , 2018, ACSAC.

[29]  Jiliang Zhang,et al.  Adversarial Examples: Opportunities and Challenges , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[30]  Christof Paar,et al.  Side-channel based watermarks for integrated circuits , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[31]  Yu-Shen Chen,et al.  Adversarial Attack against Modeling Attack on PUFs , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[32]  Gustavo Alonso,et al.  Providing Multi-tenant Services with FPGAs: Case Study on a Key-Value Store , 2018, 2018 28th International Conference on Field Programmable Logic and Applications (FPL).

[33]  Wayne P. Burleson,et al.  Hybrid side-channel/machine-learning attacks on PUFs: A new threat? , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[34]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[35]  Jeyavijayan Rajendran,et al.  VLSI testing based security metric for IC camouflaging , 2013, 2013 IEEE International Test Conference (ITC).

[36]  Mark Mohammad Tehranipoor,et al.  Identification of recovered ICs using fingerprints from a light-weight on-chip sensor , 2012, DAC Design Automation Conference 2012.

[37]  Tim Güneysu,et al.  Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering , 2009, CHES.

[38]  Rajesh Gupta,et al.  Accelerating Binarized Convolutional Neural Networks with Software-Programmable FPGAs , 2017, FPGA.

[39]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[40]  Xiaolin Xu,et al.  HILL: A Hardware Isolation Framework Against Information Leakage on Multi-Tenant FPGA Long-Wires , 2019, 2019 International Conference on Field-Programmable Technology (ICFPT).

[41]  Ankur Srivastava,et al.  Neural Trojans , 2017, 2017 IEEE International Conference on Computer Design (ICCD).

[42]  Mahmoud Khalafalla,et al.  PUFs Deep Attacks: Enhanced modeling attacks using deep learning techniques to break the security of double arbiter PUFs , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[43]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[44]  Wen-Chuan Lee,et al.  Trojaning Attack on Neural Networks , 2018, NDSS.

[45]  Ken Eguro,et al.  Leaky Wires: Information Leakage and Covert Communication Between FPGA Long Wires , 2016, AsiaCCS.

[46]  Christof Paar,et al.  FPGA Trojans Through Detecting and Weakening of Cryptographic Primitives , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[47]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[48]  Mehdi Baradaran Tahoori,et al.  Voltage drop-based fault attacks on FPGAs using valid bitstreams , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[49]  Meng Li,et al.  Provably secure camouflaging strategy for IC protection , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[50]  Fabio Roli,et al.  Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning , 2018, CCS.

[51]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[52]  Jeyavijayan Rajendran,et al.  Security analysis of integrated circuit camouflaging , 2013, CCS.

[53]  Mehdi Baradaran Tahoori,et al.  FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[54]  Eric Schkufza,et al.  Sharing, Protection, and Compatibility for Reconfigurable Fabric with AmorphOS , 2018, OSDI.

[55]  Hyrum S. Anderson,et al.  The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation , 2018, ArXiv.

[56]  Nozomu Togawa,et al.  Hardware Trojans classification for gate-level netlists based on machine learning , 2016, 2016 IEEE 22nd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[57]  Jeroen Delvaux,et al.  Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[58]  Patrick D. McDaniel,et al.  Adversarial Examples for Malware Detection , 2017, ESORICS.