Remote and Stealthy Fault Attacks on Virtualized FPGAs

Jonas Krautter^a, Dennis R. E. Gnad^b and Mehdi B. Tahoori^c
Chair of Dependable Nano Computing (CDNC) Karlsruhe Institute of Technology (KIT) Karlsruhe, Germany
^ajonas.krautter@kit.edu
^bdennis.gnad@kit.edu
^bmehdi.tahoori@kit.edu

ABSTRACT

The increasing amount of resources per FPGA chip makes virtualization and multi-tenancy a promising direction to improve utilization and efficiency of these flexible accelerators in the cloud. However, the freedom given to untrusted parties on a multi-tenant FPGA can result in severe security issues. Sidechannel, fault, and Denial-of-Service attacks are possible through malicious use of FPGA logic resources. In this work, we perform a detailed analysis of fault attacks between logically isolated designs on a single FPGA. Attacks were often based on mapping a massive amount of Ring Oscillators into FPGA logic, which naturally induce a high current and subsequent voltage drop. However, they are easy to detect as combinational loops and can be prevented by a hypervisor. Here, we demonstrate how even elaborate fault attacks to recover a secret key of an AES encryption module can be deployed using seemingly benign benchmark circuits or even AES modules themselves to generate critical voltage fluctuations.

Keywords: FPGA, DFA, Fault, Attack, On-Chip, Remote, Multi-user, Multi-tenant, Cloud, AES.

---

Full Text (PDF)

© 2021 EDAA. All rights reserved.