Stealthy Logic Misuse for Power Analysis Attacks in Multi-Tenant FPGAs

Dennis R. E. Gnad1,a, Vincent Meyers1,b, Nguyen Minh Dang1,c, Falk Schellenberg2,a, Amir Moradi2,b and Mehdi B. Tahoori1,d
1Institute of Computer Engineering, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany
adennis.gnad@kit.edu
bmehdi.tahoori@kit.edu
cvincent.meyers@student.kit.edu
dnguyen.dang@student.kit.edu
2Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany
afalk.schellenberg@rub.de
bamir.moradi@rub.de

ABSTRACT


FPGAs have been used in the cloud since several years, for workloads such as machine learning, database processes and security tasks. As for other cloud services, a highly desired feature is virtualization in which multiple tenants share a single FPGA to increase utilization and by that efficiency. By solely using standard FPGA logic in the untrusted tenant, onchip logic sensors have recently been proposed, allowing remote power analysis side-channel and covert channel attacks on the victim tenant. However, such sensors are implemented by unusual circuit constructions, such as ring oscillators or delay lines, which might be easily detected by bitstream and/or netlist checking. In this paper we show that such structural checking methods are not universal solutions as the attacks can make use of “benign-looking” circuits. We demonstrate this by showing a successful Correlation Power Analysis attack on the Advanced Encryption Standard.



Full Text (PDF)