Checking for Electrical Level Security Threats in Bitstreams for Multi-tenant FPGAs

Multi-tenant FPGAs, in which 3rd parties have partial access to the FPGA fabric, are a rising usage trend in cloud and reconfigurable SoCs. This gives rise to new types of attacks in FPGAs, as shown in recent studies. These attacks can operate on the electrical level through the common power delivery network, making them very hard to isolate. Thus, software-controlled FPGA configuration can be exploited to insert hardware trojans, impacting the security of the entire system. The attacks can be separated into fault and side-channel attacks to either actively manipulate a system or quietly extract secret information. In this paper, we show the first attempt of countermeasures against these voltage fluctuation based attacks, by analyzing FPGA bitstreams for malicious logic, basically implementing an FPGA antivirus. We provide a way to check bitstreams for potentially malicious structures, by extending a combination of commercial and open-source tools.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Mehdi Baradaran Tahoori,et al.  FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[3]  Kizheppatt Vipin,et al.  Virtualized FPGA Accelerators for Efficient Cloud Computing , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[4]  Meeta Srivastav,et al.  Sensing nanosecond-scale voltage attacks and natural transients in FPGAs , 2013, FPGA '13.

[5]  Jim Tørresen,et al.  Short-Circuits on FPGAs Caused by Partial Runtime Reconfiguration , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[6]  Mehdi Baradaran Tahoori,et al.  Voltage drop-based fault attacks on FPGAs using valid bitstreams , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[7]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[8]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[9]  John P. Hayes,et al.  Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems , 2012, TRETS.

[10]  Mehdi Baradaran Tahoori,et al.  Remote Inter-Chip Power Analysis Side-Channel Attacks at Board-Level , 2018, 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  Resve A. Saleh,et al.  Power Supply Noise in SoCs: Metrics, Management, and Measurement , 2007, IEEE Design & Test of Computers.

[12]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[13]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[14]  Daniel E. Holcomb,et al.  FPGA Side Channel Attacks without Physical Access , 2018, 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[15]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).