Dina G. Mahmoud,Beatrice Shokry,Vincent Lenders,Wei Hu,Mirjana Stojilović

DOI: https://doi.org/10.1109/access.2024.3353134

IF: 3.9

2024-01-01

IEEE Access

Abstract:Cloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in the literature. However, the spatial multitenancy of FPGAs opens up new attack surfaces. Investigating potential security threats to multitenant FPGAs is thus essential for better understanding and eventually mitigating the security risks. This work makes a notable step forward by systematically analyzing the combined threat of FPGA power wasters and satisfiability don’t-care hardware Trojans in shared cloud FPGAs. We demonstrate a successful remote undervolting attack that activates a hardware Trojan concealed within a victim FPGA design and exploits the payload. The attack is carried out entirely remotely, assuming two spatially colocated FPGA users isolated from one another. The victim user’s circuit is infected with a Trojan, triggered by a pair of don’t-care signals that never reach the combined trigger condition during regular operation. The adversary, targeting the exploitation of the Trojan, deploys power waster circuits to lower the supply voltage of the FPGA. The assumption is that, under the effect of the lowered voltage, don’t-care signals may reach the particular state that triggers the Trojan. We name this exploit X-Attack and demonstrate its feasibility on an embedded FPGA and real-world cloud FPGA instances. Additionally, we study the effects of various attack tuning parameters on the exploit’s success. Finally, we discuss potential countermeasures against this security threat and present a lightweight self-calibrating countermeasure. To the best of our knowledge, this is the first work on undervolting-based fault-injection attacks in multitenant FPGAs to demonstrate the attack on commercially available cloud FPGA instances.

computer science, information systems,telecommunications,engineering, electrical & electronic

George Provelengios,Daniel Holcomb,Russell Tessier

DOI: https://doi.org/10.1145/3451236

IF: 2.837

2021-07-29

ACM Transactions on Reconfigurable Technology and Systems

Abstract:Recent research has exposed a number of security issues related to the use of FPGAs in embedded system and cloud computing environments. Circuits that deliberately waste power can be carefully crafted by a malicious cloud FPGA user and deployed to cause denial-of-service and fault injection attacks. The main defense strategy used by FPGA cloud services involves checking user-submitted designs for circuit structures that are known to aggressively consume power. Unfortunately, this approach is limited by an attacker’s ability to conceive new designs that defeat existing checkers. In this work, our contributions are twofold. We evaluate a variety of circuit power wasting techniques that typically are not flagged by design rule checks imposed by FPGA cloud computing vendors. The efficiencies of five power wasting circuits, including our new design, are evaluated in terms of power consumed per logic resource. We then show that the source of voltage attacks based on power wasters can be identified. Our monitoring approach localizes the attack and suppresses the clock signal for the target region within 21 μs, which is fast enough to stop an attack before it causes a board reset. All experiments are performed using a state-of-the-art Intel Stratix 10 FPGA.

computer science, hardware & architecture

Jayeeta Chaudhuri,Hassan Nassar,Dennis R.E. Gnad,Jorg Henkel,Mehdi B. Tahoori,Krishnendu Chakrabarty

2024-10-22

Abstract:FPGAs are now ubiquitous in cloud computing infrastructures and reconfigurable system-on-chip, particularly for AI acceleration. Major cloud service providers such as Amazon and Microsoft are increasingly incorporating FPGAs for specialized compute-intensive tasks within their data centers. The availability of FPGAs in cloud data centers has opened up new opportunities for users to improve application performance by implementing customizable hardware accelerators directly on the FPGA fabric. However, the virtualization and sharing of FPGA resources among multiple users open up new security risks and threats. We present a novel fault attack methodology capable of causing persistent fault injections in partial bitstreams during the process of FPGA reconfiguration. This attack leverages power-wasters and is timed to inject faults into bitstreams as they are being loaded onto the FPGA through the reconfiguration manager, without needing to remain active throughout the entire reconfiguration process. Our experiments, conducted on a Pynq FPGA setup, demonstrate the feasibility of this attack on various partial application bitstreams, such as a neural network accelerator unit and a signal processing accelerator unit.

Cryptography and Security

Mukta Debnath,Animesh Basak Chowdhury,Debasri Saha,Susmita Sur-Kolay

2024-05-30

Abstract:High-Level Synthesis (HLS) has transformed the development of complex Hardware IPs (HWIP) by offering abstraction and configurability through languages like SystemC/C++, particularly for Field Programmable Gate Array (FPGA) accelerators in high-performance and cloud computing contexts. These IPs can be synthesized for different FPGA boards in cloud, offering compact area requirements and enhanced flexibility. HLS enables designs to execute directly on ARM processors within modern FPGAs without the need for Register Transfer Level (RTL) synthesis, thereby conserving FPGA resources. While HLS offers flexibility and efficiency, it also introduces potential vulnerabilities such as the presence of hidden circuitry, including the possibility of hosting hardware trojans within designs. In cloud environments, these vulnerabilities pose significant security concerns such as leakage of sensitive data, IP functionality disruption and hardware damage, necessitating the development of robust testing frameworks. This research presents an advanced testing approach for HLS-developed cloud IPs, specifically targeting hidden malicious functionalities that may exist in rare conditions within the design. The proposed method leverages selective instrumentation, combining greybox fuzzing and concolic execution techniques to enhance test generation capabilities. Evaluation conducted on various HLS benchmarks, possessing characteristics of FPGA-based cloud IPs with embedded cloud related threats, demonstrates the effectiveness of our framework in detecting trojans and rare scenarios, showcasing improvements in coverage, time efficiency, memory usage, and testing costs compared to existing methods.

Cryptography and Security,Software Engineering

Fan Zhang,Xinjie Zhao,Wei He,Shivam Bhasin,Shize Guo

DOI: https://doi.org/10.1007/s11432-016-0233-0

2017-01-01

Science China Information Sciences

Abstract:>Fault analysis is a very powerful technique to break cryptographic implementations.In particular,bitlevel fault analysis(BLFA),where faults are injected by flipping one or a few isolated bits,are among the most efficient of the lot.BLFA requires both precise fault injection capabilities and sophisticated key extraction skills.Algebraic fault analysis(AFA)[1]is a good analysis technique for BLFA.Compared with differential fault analysis(DFA),AFA relies on the automation from machine solvers.Since it fully utilizes the leakages

Junge Xu,Fan Zhang,Wenguang Jin,Kun Yang,Zeke Wang,Weixiong Jiang,Yajun Ha

DOI: https://doi.org/10.1109/tcad.2024.3426364

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:With increasing computation of various applications, dynamic voltage and frequency scaling (DVFS) is gradually deployed on FPGAs to improve performance and save energy. However, its reliability and security have not been sufficiently evaluated, which incurs quite many concerns. In this paper, we propose an evaluation framework for deep investigation of stealthy DVFS fault injection attacks on the state-of-the-art deep neural networks (DNNs) deployed on modern FPGAs. The evaluation framework mainly consists of a DVFS attack striker and a time-to-digital converter (TDC) based hardware profiler. Two modes of evaluation are derived, and their effectiveness is demonstrated on a platform composed of a SkyNet accelerator and three ImageNet models built on a Xilinx deep learning processor unit (DPU). Experimental results show that more than 99% detection accuracy loss can be measured targeting at all tested DNN models under prospective operation mode but without any performance degradation in frame per second (FPS). In our investigation of sensitive layer mode, more than 93% average accuracy loss with 84.7% fault probability can be measured on a single bundle of the SkyNet. We characterize the vulnerabilities of different DNN layers subject to DVFS attacks through leveraging the TDC-based hardware profiler to precisely control the timing of fault injection.

Fan Zhang,Chen Dong,Wucheng Hu,Jinghui Chen,Guorong He

DOI: https://doi.org/10.1109/IAEAC47372.2019.8997863

2019-01-01

Abstract:EDA tools almost completely automate the current chip design. However, EDA tools are all provided by third-party companies, therefore the credibility of EDA tools and the trust issues brought by their process libraries have attracted people's attention. Given these problems, this paper proposes a self-training hardware Trojan confrontation framework based on machine learning embedded in EDA tools. The framework focuses on the gate-level netlist files generated during the integrated chip comprehensive optimization phase, thereby detects, locates and deletes hardware Trojans that may appear. The experimental results show that the framework can achieve more than 85% detection effect for unknown hardware Trojans. Moreover, for known hardware Trojans, this framework can achieve almost 100% detection. Accordingly, hardware Trojans can be located and deleted.

Shashwat Khandelwal,Shreejith Shanker

DOI: https://doi.org/10.1109/FPL57034.2022.00070

2024-01-19

Abstract:Rising connectivity in vehicles is enabling new capabilities like connected autonomous driving and advanced driver assistance systems (ADAS) for improving the safety and reliability of next-generation vehicles. This increased access to in-vehicle functions compromises critical capabilities that use legacy invehicle networks like Controller Area Network (CAN), which has no inherent security or authentication mechanism. Intrusion detection and mitigation approaches, particularly using machine learning models, have shown promising results in detecting multiple attack vectors in CAN through their ability to generalise to new vectors. However, most deployments require dedicated computing units like GPUs to perform line-rate detection, consuming much higher power. In this paper, we present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA, which is trained and validated using the public CAN Intrusion Detection dataset. The quantised model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature. The Intrusion Detection System (IDS) execution consumes just 2.0 W with software tasks running on the ECU and achieves a 25 % reduction in per-message processing latency over the state-of-the-art implementations. This deployment allows the ECU function to coexist with the IDS with minimal changes to the tasks, making it ideal for real-time IDS in in-vehicle systems.

Cryptography and Security,Machine Learning,Systems and Control

Hongsen Liu,Guangyi Liu,Shizhong Li,Wenchao Meng,Lin Wang,Yong Sun

DOI: https://doi.org/10.1109/isie54533.2024.10595763

2024-01-01

Abstract:The false data injection attack (FDIA) is emerging as a significant threat to the state estimation of smart grids. Approaches of FDIA detection based on deep learning have been proven to accurately identify the location of external attacks. However, these AI-based models require a large number of calculations, leading to excessive time and energy consumption. In order to tackle the challenges related to latency and energy efficiency in FDIA detection, this paper introduces a FPGA-based hardware-software co-design accelerator. In comparison to software implementations, our hardware accelerator significantly reduces inference latency and energy consumption without compromising detection accuracy. The proposed accelerator achieves up to 40x speedup compared to the ARM Cortex-A53 quad-core CPU, while consuming only a quarter of the CPU energy.

Dillon Staub,Rashmi Jha,David Kapp

DOI: https://doi.org/10.48550/arXiv.2005.07332

2020-05-15

Cryptography and Security

Abstract:Hardware security has risen in prominence in recent years with concerns stemming from a globalizing semiconductor supply chain and increased third-party IP (intellectual property) usage. Trojan detection is of paramount importance for ensuring systems with confidentiality, integrity, and availability. Existing methods for hardware Trojan detection in FPGA (field programmable gate array) devices include test-time methods, pre-implementation methods, and run-time methods. The first two methods provide effective ways of detecting some Trojans; however, Trojans may be specifically designed to avoid detection at test-time or before implementation making run-time detection a more attractive option. Run-time detection and removal of Trojans is highly desirable due to the wide range of critical systems which are deployed on FPGAs and may be difficult or costly to remove from operation. Many parallels can be drawn between hardware and natural systems, and one example creates an analogy between hardware attacks and biological attacks. We propose a CRISPR-Cas-inspired (clustered regularly interspaced palindromic repeats) method for detecting hardware Trojans in FPGAs. The fundamental concepts of the Type 1-E CRISPR-Cas mechanism are discussed and simulated to predict the flow of genetic information through this biological system. The basic structure of this system is utilized to propose a novel run-time Trojan detection method titled CADEFT (CRISPR-Cas-based Algorithm for DEtection of FPGA Trojans). Different levels of FPGA application design flow are explored, and CADEFT is proposed for realization at the bitstream level to monitor the configuration bitstream and the run-time properties of the FPGA. The flexibility of CADEFT originates in the CRISPR-Cas mechanism's ability to recognize similar albeit previously unseen patterns which may pose a threat to the system.

Shayan Moini,Shanquan Tian,Jakub Szefer,Daniel Holcomb,Russell Tessier

DOI: https://doi.org/10.48550/arXiv.2011.07603

2021-04-18

Abstract:To lower cost and increase the utilization of Cloud Field-Programmable Gate Arrays (FPGAs), researchers have recently been exploring the concept of multi-tenant FPGAs, where multiple independent users simultaneously share the same remote FPGA. Despite its benefits, multi-tenancy opens up the possibility of malicious users co-locating on the same FPGA as a victim user, and extracting sensitive information. This issue becomes especially serious when the user is running a machine learning algorithm that is processing sensitive or private information. To demonstrate the dangers, this paper presents a remote, power-based side-channel attack on a deep neural network accelerator running in a variety of Xilinx FPGAs and also on Cloud FPGAs using Amazon Web Services (AWS) F1 instances. This work in particular shows how to remotely obtain voltage estimates as a deep neural network inference circuit executes, and how the information can be used to recover the inputs to the neural network. The attack is demonstrated with a binarized convolutional neural network used to recognize handwriting images from the MNIST handwritten digit database. With the use of precise time-to-digital converters for remote voltage estimation, the MNIST inputs can be successfully recovered with a maximum normalized cross-correlation of 79% between the input image and the recovered image on local FPGA boards and 72% on AWS F1 instances. The attack requires no physical access nor modifications to the FPGA hardware.

Cryptography and Security

Junge Xu,Bohan Xuan,Anlin Liu,Mo Sun,Fan Zhang,Zeke Wang,Kui Ren

DOI: https://doi.org/10.1145/3489517.3530516

2022-01-01

Abstract:With increasing computation of various applications, dynamic voltage and frequency scaling (DVFS) is gradually deployed on FPGAs. However, its reliability and security haven't been sufficiently evaluated. In this paper, we present a practical DVFS fault attack targeting at the SkyNet accelerator IP and successfully destroy the detection accuracy. With no knowledge about the internal accelerator structure, our attack can achieve more than 98% detection accuracy loss under ten vulnerable operating point pairs (OPPs). Meanwhile, we explore the local injection with 1 ms duration and next double the intensity which can achieve more than 50% and 74% average accuracy loss respectively.

Maik Ender,Felix Hahn,Marc Fyrbiak,Amir Moradi,Christof Paar

2024-02-15

Abstract:Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access (HDL source code). Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces (JTAG, and minimal introspection of internal modules). In this work, we investigate fuzzing for 7-Series and UltraScale(+) FPGA configuration engines, the control plane governing the (secure) bitstream configuration within the FPGA. Our goal is to examine the effectiveness of fuzzing to analyze and document the opaque inner workings of FPGA configuration engines, with a primary emphasis on identifying security vulnerabilities. Using only the publicly available chip and dispersed documentation, we first design and implement ConFuzz, an advanced FPGA configuration engine fuzzing and rapid prototyping framework. Based on our detailed understanding of the bitstream file format, we then systematically define 3 novel key fuzzing strategies for Xilinx configuration engines. Moreover, our strategies are executed through mutational structure-aware fuzzers and incorporate various novel custom-tailored, FPGA-specific optimizations. Our evaluation reveals previously undocumented behavior within the configuration engine, including critical findings such as system crashes leading to unresponsive states of the FPGA. In addition, our investigations not only lead to the rediscovery of the starbleed attack but also uncover JustSTART (CVE-2023-20570), capable of circumventing RSA authentication for Xilinx UltraScale(+). Note that we also discuss countermeasures.

Cryptography and Security

Mukta Debnath,Animesh Basak Chowdhury,Debasri Saha,Susmita Sur-Kolay

DOI: https://doi.org/10.48550/arXiv.2111.00805

2021-11-01

Abstract:High-level synthesis (HLS) is the next emerging trend for designing complex customized architectures for applications such as Machine Learning, Video Processing. It provides a higher level of abstraction and freedom to hardware engineers to perform hardware software co-design. However, it opens up a new gateway to attackers to insert hardware trojans. Such trojans are semantically more meaningful and stealthy, compared to gate-level trojans and therefore are hard-to-detect using state-of-the-art gate-level trojan detection techniques. Although recent works have proposed detection mechanisms to uncover such stealthy trojans in high-level synthesis (HLS) designs, these techniques are either specially curated for existing trojan benchmarks or may run into scalability issues for large designs. In this work, we leverage the power of greybox fuzzing combined with concolic execution to explore deeper segments of design and uncover stealthy trojans. Experimental results show that our proposed framework is able to automatically detect trojans faster with fewer test cases, while attaining notable branch coverage, without any manual pre-processing analysis.

Cryptography and Security

Robert Karam,Tamzidul Hoque,Sandip Ray,Mark Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2017.7858391

2017-01-01

Abstract:Field Programmable Gate Arrays (FPGAs) are being increasingly deployed in diverse applications including the emerging Internet of Things (IoT), biomedical, and automotive systems. However, security of the FPGA configuration file (i.e. bitstream), especially during in-field reconfiguration, as well as effective safeguards against unauthorized tampering and piracy during operation, are notably lacking. The current practice of bitstreram encryption is only available in high-end FPGAs, incurs unacceptably high overhead for area/energy-constrained devices, and is susceptible to side channel attacks. In this paper, we present a fundamentally different and novel approach to FPGA security that can protect against all major attacks on FPGA, namely, unauthorized in-field reprogramming, piracy of FPGA intellectual property (IP) blocks, and targeted malicious modification of the bitstream. Our approach employs the security through diversity principle to FPGA, which is often used in the software domain. We make each device architecturally different from the others using both physical (static) and logical (time-varying) configuration keys, ensuring that attackers cannot use a priori knowledge about one device to mount an attack on another. It therefore mitigates the economic motivation for attackers to reverse engineering the bitstream and IP. The approach is compatible with modern remote upgrade techniques, and requires only small modifications to existing FPGA tool flows, making it an attractive addition to the FPGA security suite. Our experimental results show that the proposed approach achieves provably high security against tampering and piracy with worst-case 14% latency overhead and 13% area overhead.

Mahya Morid Ahmadi,Lilas Alrahis,Ozgur Sinanoglu,Muhammad Shafique

2023-04-05

Abstract:We propose FPGA-Patch, the first-of-its-kind defense that leverages automated program repair concepts to thwart power side-channel attacks on cloud FPGAs. FPGA-Patch generates isofunctional variants of the target hardware by injecting faults and finding transformations that eliminate failure. The obtained variants display different hardware characteristics, ensuring a maximal diversity in power traces once dynamically swapped at run-time. Yet, FPGA-Patch forces the variants to have enough similarity, enabling bitstream compression and minimizing dynamic exchange costs. Considering AES running on AMD/Xilinx FPGA, FPGA-Patch increases the attacker's effort by three orders of magnitude, while preserving the performance of AES and a minimal area overhead of 14.2%.

Cryptography and Security

Zhe Chen,Shize Guo,Jian Wang,Yubai Li,Zhonghai Lu

DOI: https://doi.org/10.1109/jiot.2019.2914079

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, field programmable gate array (FPGA) has been widely used in Internet of Things (IoT) since it can provide flexible and scalable solutions to various IoT requirements. Meanwhile, hardware Trojan (HT), which may lead to undesired chip function or leak sensitive information, has become a great challenge for FPGA security. Therefore, distinguishing the Trojan-infected FPGAs is quite crucial for reinforcing the security of IoT. To achieve this goal, we propose a clock-tree-concerned technique to detect the HTs on FPGA. First, we present an experimental framework which helps us to collect the electromagnetic (EM) radiation emitted by FPGA clock tree. Then, we propose a Trojan identifying approach which extracts the mathematical feature of obtained EM traces, i.e., 2-D principal component analysis (2DPCA) in this paper, and automatically isolates the Trojan-infected FPGAs from the Trojan-free ones by using a BP neural network. Finally, we perform extensive experiments to evaluate the effectiveness of our method. The results reveal that our approach is valid in detecting HTs on FPGA. Specifically, for the trust-hub benchmarks, we can find out the FPGA with always on Trojans (100% detection rate) while identifying the triggered Trojans with high probability (by up to 92%). In addition, we give a thorough discussion on how the experimental setup, such as probe step size, scanning area, and chip ambient temperature, affects the Trojan detection rate.

Amalia Artemis Koufopoulou,Kalliopi Xevgeni,Athanasios Papadimitriou,Mihalis Psarakis,David Hely

DOI: https://doi.org/10.48550/arXiv.2312.06268

2023-12-11

Cryptography and Security

Abstract:As the complexity of digital circuits increases, High-Level Synthesis (HLS) is becoming a valuable tool to increase productivity and design reuse by utilizing relevant Electronic Design Automation (EDA) flows, either for Application-Specific Integrated Circuits (ASIC) or for Field Programmable Gate Arrays (FPGA). Side Channel Analysis (SCA) and Fault Injection (FI) attacks are powerful hardware attacks, capable of greatly weakening the theoretical security levels of secure implementations. Furthermore, critical applications demand high levels of reliability including fault tolerance. The lack of security and reliability driven optimizations in HLS tools makes it necessary for the HLS-based designs to validate that the properties of the algorithm and the countermeasures have not been compromised due to the HLS flow. In this work, we provide results on the resilience evaluation of HLS-based FPGA implementations for the aforementioned threats. As a test case, we use multiple versions of an on-the-fly SBOX algorithm integrating different countermeasures (hiding and masking), written in C and implemented using Vivado HLS. We perform extensive evaluations for all the designs and their optimization scenarios. The results provide evidence of issues arising due to HLS optimizations on the security and the reliability of cryptographic implementations. Furthermore, the results put HLS algorithms to the test of designing secure accelerators and can lead to improving them towards the goal of increasing productivity in the domain of secure and reliable cryptographic implementations.

Lilas Alrahis,Hassan Nassar,Jonas Krautter,Dennis Gnad,Lars Bauer,Jorg Henkel,Mehdi Tahoori

2024-03-04

Abstract:The security of cloud field-programmable gate arrays (FPGAs) faces challenges from untrusted users attempting fault and side-channel attacks through malicious circuit configurations. Fault injection attacks can result in denial of service, disrupting functionality or leaking secret information. This threat is further amplified in multi-tenancy scenarios. Detecting such threats before loading onto the FPGA is crucial, but existing methods face difficulty identifying sophisticated attacks.

Cryptography and Security

Shaza Zeitouni,Ghada Dessouky,Ahmad-Reza Sadeghi

DOI: https://doi.org/10.48550/arXiv.2009.13914

2020-09-29

Cryptography and Security

Abstract:In their continuous growth and penetration into new markets, Field Programmable Gate Arrays (FPGAs) have recently made their way into hardware acceleration of machine learning among other specialized compute-intensive services in cloud data centers, such as Amazon and Microsoft. To further maximize their utilization in the cloud, several academic works propose the spatial multi-tenant deployment model, where the FPGA fabric is simultaneously shared among mutually mistrusting clients. This is enabled by leveraging the partial reconfiguration property of FPGAs, which allows to split the FPGA fabric into several logically isolated regions and reconfigure the functionality of each region independently at runtime. In this paper, we survey industrial and academic deployment models of multi-tenant FPGAs in the cloud computing settings, and highlight their different adversary models and security guarantees, while shedding light on their fundamental shortcomings from a security standpoint. We further survey and classify existing academic works that demonstrate a new class of remotely exploitable physical attacks on multi-tenant FPGA devices, where these attacks are launched remotely by malicious clients sharing physical resources with victim users. Through investigating the problem of end-to-end multi-tenant FPGA deployment more comprehensively, we reveal how these attacks actually represent only one dimension of the problem, while various open security and privacy challenges remain unaddressed. We conclude with our insights and a call for future research to tackle these challenges.