Remote and Stealthy Fault Attacks on Virtualized FPGAs

Jonas Krauttera, Dennis R. E. Gnadb and Mehdi B. Tahooric
Chair of Dependable Nano Computing (CDNC) Karlsruhe Institute of Technology (KIT) Karlsruhe, Germany
ajonas.krautter@kit.edu
bdennis.gnad@kit.edu
bmehdi.tahoori@kit.edu

ABSTRACT


The increasing amount of resources per FPGA chip makes virtualization and multi-tenancy a promising direction to improve utilization and efficiency of these flexible accelerators in the cloud. However, the freedom given to untrusted parties on a multi-tenant FPGA can result in severe security issues. Sidechannel, fault, and Denial-of-Service attacks are possible through malicious use of FPGA logic resources. In this work, we perform a detailed analysis of fault attacks between logically isolated designs on a single FPGA. Attacks were often based on mapping a massive amount of Ring Oscillators into FPGA logic, which naturally induce a high current and subsequent voltage drop. However, they are easy to detect as combinational loops and can be prevented by a hypervisor. Here, we demonstrate how even elaborate fault attacks to recover a secret key of an AES encryption module can be deployed using seemingly benign benchmark circuits or even AES modules themselves to generate critical voltage fluctuations.

Keywords: FPGA, DFA, Fault, Attack, On-Chip, Remote, Multi-user, Multi-tenant, Cloud, AES.



Full Text (PDF)