Security of Cloud FPGAs: A Survey

Integrating Field Programmable Gate Arrays (FPGAs) with cloud computing instances is a rapidly emerging trend on commercial cloud computing platforms such as Amazon Web Services (AWS), Huawei cloud, and Alibaba cloud. Cloud FPGAs allow cloud users to build hardware accelerators to speed up the computation in the cloud. However, since the cloud FPGA technology is still in its infancy, the security implications of this integration of FPGAs in the cloud are not clear. In this paper, we survey the emerging field of cloud FPGA security, providing a comprehensive overview of the security issues related to cloud FPGAs, and highlighting future challenges in this research area.

[1]  Berk Sunar,et al.  Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware , 2015, CHES.

[2]  Axel Jantsch,et al.  Malicious LUT: A stealthy FPGA Trojan injected and triggered by the design flow , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[3]  Jean-Pierre Seifert,et al.  Differential Photonic Emission Analysis , 2013, COSADE.

[4]  QuGang,et al.  Recent Attacks and Defenses on FPGA-based Systems , 2019 .

[5]  Gang Qu,et al.  Recent Attacks and Defenses on FPGA-based Systems , 2019, ACM Trans. Reconfigurable Technol. Syst..

[6]  Mehdi Baradaran Tahoori,et al.  Voltage drop-based fault attacks on FPGAs using valid bitstreams , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[7]  Alessandro Cilardo,et al.  Securing the cloud with reconfigurable computing: An FPGA accelerator for homomorphic encryption , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  Srinivas Devadas,et al.  Proof of Space from Stacked Expanders , 2016, TCC.

[9]  Sorin A. Huss,et al.  Bil: A tool-chain for bitstream reverse-engineering , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[10]  Mehdi Baradaran Tahoori,et al.  Active Fences against Voltage-based Side Channels in Multi-Tenant FPGAs , 2019, 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  Gary Anthes,et al.  Security in the cloud , 2010, Commun. ACM.

[12]  Kenneth B. Kent,et al.  The VTR project: architecture and CAD for FPGAs from verilog to routing , 2012, FPGA '12.

[13]  Yang Li,et al.  An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[14]  Christoph Hagleitner,et al.  An FPGA Platform for Hyperscalers , 2017, 2017 IEEE 25th Annual Symposium on High-Performance Interconnects (HOTI).

[15]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[16]  Hassan Salmani,et al.  COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist , 2017, IEEE Transactions on Information Forensics and Security.

[17]  Dirk Koch,et al.  Invited Tutorial: FPGA Hardware Security for Datacenters and Beyond , 2020, FPGA.

[18]  Dina G. Mahmoud,et al.  Timing Violation Induced Faults in Multi-Tenant FPGAs , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[19]  Jakub Szefer,et al.  Temporal Thermal Covert Channels in Cloud FPGAs , 2019, FPGA.

[20]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[21]  Mirjana Stojilovic,et al.  Physical Side-Channel Attacks and Covert Communication on FPGAs: A Survey , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[22]  Vaughn Betz,et al.  Improving Confidentiality in Virtualized FPGAs , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[23]  Bharat Sukhwani,et al.  Database analytics acceleration using FPGAs , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[24]  Nektarios Georgios Tsoutsos,et al.  The HEROIC Framework: Encrypted Computation Without Shared Keys , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[25]  Jean-Pierre Seifert,et al.  Simple photonic emission analysis of AES , 2013, Journal of Cryptographic Engineering.

[26]  Seyedeh Sharareh Mirzargar,et al.  Closing Leaks: Routing Against Crosstalk Side-Channel Attacks , 2020, FPGA.

[27]  Srinivas Devadas,et al.  FPGA Implementation of a Cryptographically-Secure PUF Based on Learning Parity with Noise , 2017, Cryptogr..

[28]  Eric S. Chung,et al.  A Configurable Cloud-Scale DNN Processor for Real-Time AI , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[29]  Ramesh Karri,et al.  TAINT: Tool for Automated INsertion of Trojans , 2017, 2017 IEEE International Conference on Computer Design (ICCD).

[30]  Debdeep Mukhopadhyay,et al.  Cryptographically Secure Multi-Tenant Provisioning of FPGAs , 2018, SPACE.

[31]  Mehdi B. Tahoori,et al.  Voltage-based Covert Channels in Multi-Tenant FPGAs , 2019, IACR Cryptol. ePrint Arch..

[32]  Jakub Szefer,et al.  Measuring Long Wire Leakage with Ring Oscillators in Cloud FPGAs , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[33]  Jakub Szefer,et al.  Reading Between the Dies: Cross-SLR Covert Channels on Multi-Tenant Cloud FPGAs , 2019, 2019 IEEE 37th International Conference on Computer Design (ICCD).

[34]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[35]  Mark Mohammad Tehranipoor,et al.  Counterfeit Integrated Circuits: A Rising Threat in the Global Semiconductor Supply Chain , 2014, Proceedings of the IEEE.

[36]  Omer Khan,et al.  Advancing the State-of-the-Art in Hardware Trojans Detection , 2019, IEEE Transactions on Dependable and Secure Computing.

[37]  Ramarathnam Venkatesan,et al.  A secure coprocessor for database applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[38]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[39]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[40]  Ramesh Karri,et al.  FPGA Trust Zone: Incorporating trust and reliability into FPGA designs , 2016, 2016 IEEE 34th International Conference on Computer Design (ICCD).

[41]  Ulrich Rührmair,et al.  The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks , 2019, IACR Cryptol. ePrint Arch..

[42]  Domenic Forte,et al.  RAM-Jam: Remote Temperature and Voltage Fault Attack on FPGAs using Memory Collisions , 2019, 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[43]  Vyas Sekar,et al.  Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration , 2015, CCS.

[44]  Xiaolin Xu,et al.  HILL: A Hardware Isolation Framework Against Information Leakage on Multi-Tenant FPGA Long-Wires , 2019, 2019 International Conference on Field-Programmable Technology (ICFPT).

[45]  Frederik Vercauteren,et al.  HEPCloud: An FPGA-Based Multicore Processor for FV Somewhat Homomorphic Function Evaluation , 2018, IEEE Transactions on Computers.

[46]  Debdeep Mukhopadhyay,et al.  Security analysis of concurrent error detection against differential fault analysis , 2014, Journal of Cryptographic Engineering.

[47]  James F. Plusquellic,et al.  Self-authenticating secure boot for FPGAs , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[48]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[49]  Jason Cong,et al.  When Spark Meets FPGAs: A Case Study for Next-Generation DNA Sequencing Acceleration , 2016, 2016 IEEE 24th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[50]  Srinivas Devadas,et al.  Physical Unclonable Functions and Applications: A Tutorial , 2014, Proceedings of the IEEE.

[51]  Jakub Szefer,et al.  Fingerprinting Cloud FPGA Infrastructures , 2020, FPGA.

[52]  Weidong Shi,et al.  PFC: Privacy Preserving FPGA Cloud - A Case Study of MapReduce , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[53]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[54]  Vyas Sekar,et al.  Rethinking Security in the Era of Cloud Computing , 2017, IEEE Security & Privacy.

[55]  Srinivas Devadas,et al.  Controlled physical random functions and applications , 2008, TSEC.

[56]  Miodrag Potkonjak,et al.  Signature hiding techniques for FPGA intellectual property protection , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[57]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[58]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[59]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[60]  Kurt Rohloff,et al.  Designing an FPGA-Accelerated Homomorphic Encryption Co-Processor , 2017, IEEE Transactions on Emerging Topics in Computing.

[61]  Lilian Bossuet,et al.  A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices , 2016, 2016 26th International Conference on Field Programmable Logic and Applications (FPL).

[62]  Ken Eguro,et al.  Leaky Wires: Information Leakage and Covert Communication Between FPGA Long Wires , 2016, AsiaCCS.

[63]  Meeta Srivastav,et al.  Sensing nanosecond-scale voltage attacks and natural transients in FPGAs , 2013, FPGA '13.

[64]  Nathalie Bochard,et al.  Enhancing security of ring oscillator-based trng implemented in FPGA , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[65]  M. Tehranipoor,et al.  Hardware Trojans: Lessons Learned after One Decade of Research , 2016, TODE.

[66]  Jakub Szefer,et al.  FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes , 2018, IACR Cryptol. ePrint Arch..

[67]  Eduardo I. Boemo,et al.  Thermal monitoring on FPGAs using ring-oscillators , 1997, FPL.

[68]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[69]  Stratis Ioannidis,et al.  Garbled Circuits in the Cloud using FPGA Enabled Nodes , 2019, 2019 IEEE High Performance Extreme Computing Conference (HPEC).

[70]  Jakub Szefer,et al.  C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[71]  Ramesh Karri,et al.  NIST Post-Quantum Cryptography- A Hardware Evaluation Study , 2019, IACR Cryptol. ePrint Arch..

[72]  Jens Teubner,et al.  FPGA: what's in it for a database? , 2009, SIGMOD Conference.

[73]  Li Song,et al.  FPGA Based Video Transcoding System with 2K-4K Super-Resolution Conversion , 2019, 2019 IEEE Visual Communications and Image Processing (VCIP).

[74]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[75]  Mehdi Baradaran Tahoori,et al.  FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[76]  Ken Eguro,et al.  Leakier Wires , 2019, ACM Trans. Reconfigurable Technol. Syst..

[77]  Srinivas Devadas,et al.  Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions , 2017, IEEE Transactions on Dependable and Secure Computing.

[78]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[79]  Daniel E. Holcomb,et al.  Characterizing Power Distribution Attacks in Multi-User FPGA Environments , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[80]  Takeshi Sugawara,et al.  Oscillator without a combinatorial loop and its threat to FPGA in data centre , 2019, Electronics Letters.

[81]  Stefan Katzenbeisser,et al.  Run-Time Accessible DRAM PUFs in Commodity Devices , 2016, CHES.

[82]  Marten van Dijk,et al.  Advancing the state-of-the-art in hardware Trojans design , 2017, 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS).

[83]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[84]  Ramesh Karri,et al.  Multi-Tenant FPGA-based Reconfigurable Systems: Attacks and Defenses , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[85]  Mehdi B. Tahoori,et al.  Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud , 2019, ACM Trans. Reconfigurable Technol. Syst..

[86]  Jason Cong,et al.  Optimizing FPGA-based Accelerator Design for Deep Convolutional Neural Networks , 2015, FPGA.

[87]  Jianying Zhou,et al.  Proof of aliveness , 2019, ACSAC.

[88]  Kurt Rohloff,et al.  A Scalable Implementation of Fully Homomorphic Encryption Built on NTRU , 2014, Financial Cryptography Workshops.

[89]  Domenic Forte,et al.  Power-based Side-Channel Instruction-level Disassembler , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[90]  Yu Wang,et al.  [DL] A Survey of FPGA-based Neural Network Inference Accelerators , 2019, ACM Trans. Reconfigurable Technol. Syst..

[91]  Frederik Vercauteren,et al.  FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data , 2019, 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[92]  Farinaz Koushanfar,et al.  MAXelerator: FPGA Accelerator for Privacy Preserving Multiply-Accumulate (MAC) on Cloud Servers , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[93]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[94]  Hervé Chabanne,et al.  Electromagnetic Side Channels of an FPGA Implementation of AES , 2004, IACR Cryptol. ePrint Arch..

[95]  Daniel E. Holcomb,et al.  FPGA Side Channel Attacks without Physical Access , 2018, 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[96]  Thomas Eisenbarth,et al.  JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms , 2020, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[97]  YU WANG,et al.  A Survey of FPGA-Based Neural Network Inference Accelerator , 2019 .

[98]  Mehdi B. Tahoori,et al.  Checking for Electrical Level Security Threats in Bitstreams for Multi-tenant FPGAs , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[99]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[100]  Srinivas Devadas,et al.  FPGA-Based True Random Number Generation Using Circuit Metastability with Adaptive Feedback Control , 2011, CHES.

[101]  Jean-Baptiste Note,et al.  From the bitstream to the netlist , 2008, FPGA '08.

[102]  Gang Qu,et al.  Zero overhead watermarking technique for FPGA designs , 2003, GLSVLSI '03.

[103]  Resve A. Saleh,et al.  Power Supply Noise in SoCs: Metrics, Management, and Measurement , 2007, IEEE Design & Test of Computers.

[104]  Christophe Bobda,et al.  Secure Hardware Kernels Execution in CPU+FPGA Heterogeneous Cloud , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[105]  Francesco Regazzoni,et al.  Are Cloud FPGAs Really Vulnerable to Power Analysis Attacks? , 2020, 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[106]  K. Rameshwaraiah,et al.  Provably Secure Key-Aggregate Cryptosystems with Broadcast Aggregate Keys for Online Data Sharing on the Cloud , 2018 .

[107]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[108]  Jean-Max Dutertre,et al.  Remote Side-Channel Attacks on Heterogeneous SoC , 2019, CARDIS.

[109]  John P. Hayes,et al.  Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems , 2012, TRETS.

[110]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[111]  Ramesh Karri,et al.  A Primer on Hardware Security: Models, Methods, and Metrics , 2014, Proceedings of the IEEE.

[112]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[113]  Mehdi Baradaran Tahoori,et al.  Remote Inter-Chip Power Analysis Side-Channel Attacks at Board-Level , 2018, 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[114]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[115]  Michael Naehrig,et al.  Accelerating Homomorphic Evaluation on Reconfigurable Hardware , 2015, CHES.

[116]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[117]  Daniel E. Holcomb,et al.  Characterization of Long Wire Data Leakage in Deep Submicron FPGAs , 2019, FPGA.

[118]  Yu Cao,et al.  Throughput-Optimized OpenCL-based FPGA Accelerator for Large-Scale Convolutional Neural Networks , 2016, FPGA.

[119]  Jim Tørresen,et al.  Go Ahead: A Partial Reconfiguration Framework , 2012, 2012 IEEE 20th International Symposium on Field-Programmable Custom Computing Machines.

[120]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[121]  Steven Trimberger,et al.  Security of FPGAs in data centers , 2017, 2017 IEEE 2nd International Verification and Security Workshop (IVSW).