An Inside Job: Remote Power Analysis Attacks on FPGAs
Falk Schellenberg1,a, Dennis R.E. Gnad2,c, Amir Moradi1,b and Mehdi B. Tahoori1,d
1Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany
afalk.schellenberg@rub.de
bamir.moradi@rub.de
2Institute of Computer Engineering, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany
cdennis.gnad@kit.edu
dmehdi.tahoori@kit.edu
ABSTRACT
Hardware Trojans have gained increasing interest during the past few years. Undeniably, the detection of such malicious designs needs a deep understanding of how they can practically be built and developed. In this work we present a design methodology dedicated to FPGAs which allows measuring a fraction of the dynamic power consumption. More precisely, we develop internal sensors which are based on FPGA primitives, and transfer the internally-measured side-channel leakages outside. These are distributed and calibrated delay sensors which can indirectly measure voltage fluctuations due to power consumption. By means of a cryptographic core as a case study, we present different settings and parameters for our employed sensors. Using their side-channel measurements, we further exhibit practical key-recovery attacks confirming the applicability of the underlying measurement methodology. This opens a new door to integrate hardware Trojans in a) applications where the FPGA is remotely accessible and b) FPGAbased multi-user platforms where the reconfigurable resources are shared among different users. This type of Trojan is highly difficult to detect since there is no signal connection between targeted (cryptographic) core and the internally-deployed sensors.