Active Fences against Voltage-based Side Channels in Multi-Tenant FPGAs

Dynamic and partial reconfiguration together with hardware parallelism make FPGAs attractive as virtualized accelerators. However, recently it has been shown that multi-tenant FPGAs are vulnerable to remote side-channel attacks (SCA) from malicious users, allowing them to extract secret keys without a logical connection to the victim core. Typical mitigations against such attacks are hiding and masking schemes, to increase attackers' efforts in terms of side-channel measurements. However, they require significant efforts and tailoring for a specific algorithm, hardware implementation and mapping. In this paper, we show a hiding countermeasure against voltage-based SCA that can be integrated into any implementation, without requiring modifications or tailoring to the protected module. We place a properly mapped Active Fence of ring oscillators between victim and attacker circuit, enabled as a feedback of an FPGA-based sensor, leading to reduced side-channel leakage. Our experimental results based on a Lattice ECP5 FPGA and an AES-128 module show that two orders of magnitude more traces are needed for a successful key recovery, while no modifications to the underlying cryptographic module are necessary.

[1]  Lilian Bossuet,et al.  Correlated power noise generator as a low cost DPA countermeasures to secure hardware AES cipher , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).

[2]  Meeta Sharma Gupta,et al.  Understanding Voltage Variations in Chip Multiprocessors using a Distributed Power-Delivery Network , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[3]  Mehdi Baradaran Tahoori,et al.  FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[4]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[5]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[6]  Mehdi Baradaran Tahoori,et al.  Remote Inter-Chip Power Analysis Side-Channel Attacks at Board-Level , 2018, 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[7]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[8]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[9]  Steven Trimberger,et al.  Security of FPGAs in data centers , 2017, 2017 IEEE 2nd International Verification and Security Workshop (IVSW).

[10]  Edoardo Charbon,et al.  Design techniques for a stable operation of cryogenic field-programmable gate arrays. , 2018, The Review of scientific instruments.

[11]  Tim Güneysu,et al.  GliFreD: Glitch-Free Duplication Towards Power-Equalized Circuits on FPGAs , 2018, IEEE Transactions on Computers.

[12]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[13]  Paul Chow,et al.  FPGAs in the Cloud: Booting Virtualized Hardware Accelerators with OpenStack , 2014, FCCM 2014.

[14]  Kevin Skadron,et al.  Architecture implications of pads as a scarce resource , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[15]  Mehdi Baradaran Tahoori,et al.  Voltage drop-based fault attacks on FPGAs using valid bitstreams , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[16]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[17]  Mehdi B. Tahoori,et al.  Checking for Electrical Level Security Threats in Bitstreams for Multi-tenant FPGAs , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[18]  Amir Moradi,et al.  Assessment of Hiding the Higher-Order Leakages in Hardware - What Are the Achievements Versus Overheads? , 2015, CHES.

[19]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[20]  Mehdi B. Tahoori,et al.  An Experimental Evaluation and Analysis of Transient Voltage Fluctuations in FPGAs , 2018, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[21]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Meeta Srivastav,et al.  Sensing nanosecond-scale voltage attacks and natural transients in FPGAs , 2013, FPGA '13.

[23]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[24]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[25]  John D. Corbett The Xilinx Isolation Design Flow for Fault-Tolerant Systems , 2013 .

[26]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[27]  Kizheppatt Vipin,et al.  Virtualized FPGA Accelerators for Efficient Cloud Computing , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[28]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Mark McLean,et al.  FPGA-BASED SINGLE CHIP CRYPTOGRAPHIC SOLUTION ( U ) , 2007 .

[30]  Pradip Bose,et al.  Voltage Noise in Multi-Core Processors: Empirical Characterization and Optimization Opportunities , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[31]  Eby G. Friedman,et al.  Scaling trends of on-chip power distribution noise , 2004 .

[32]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[33]  Sylvain Guilley,et al.  Overview of Dual rail with Precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).