M04 Remote Side-Channel and Fault Attacks in FPGAs
The shared FPGA platform in the cloud is based on the concept that the FPGA real estate can be shared among various users, probably event at different privilege levels. Such multi-tenancy comes with new security challenges, in which one user, while being completely logically isolated from another, can cause security breaches to another user on the same FPGA. In addition, such a hardware security vulnerability does not require physical access to the hardware to perform measurements or fault attacks, hence it can be done completely remotely. The main objective of this tutorial, which consists of the three components of in-depth lecture, live demo and hands-on experience is to introduce the new challenges coming from sharing FPGAs in both cloud as well as state of the art heterogeneous Systems on Chip (SoCs). It will explore the remote active and passive attacks at the electrical level for multi-tenant FPGAs in the cloud and SoCs and discusses possible countermeasures to deal with such security vulnerabilities.
The first part of this tutorial is an in-depth lecture covering the new trends in design of heterogeneous FPGA-SoCs as well as sharing the FPGAs in the clouds and the associated security vulnerabilities. The lecture part is given by Mehdi Tahoori. In this part, the traditional side channel and fault attacks are reviewed. We also show how the power delivery network (PDN) on the chip, board and system level can be utilized as a side channel medium and how the legitimate programmable logic constructs of the FPGA can be exploited for side channel voltage fluctuation measurements as well as injecting faults on the PDN for fault attacks and denial of service. Also, various countermeasures in terms of offline bitstream checking and online approaches based on fencing and sandboxing will be covered.
In the second part of the tutorial, we present attacks live on recent cloud FPGAs, such as the Intel Stratix 10 and the Xilinx Virtex Ultrascale+. The respective attacks, which are Correlation Power Analysis as well as a Differential Fault Attack on the AES will be explained in details to the attendees, who will be able to learn how to derive secret AES keys from faulty ciphertexts and side-channel measurements in a real system. Moreover, we demonstrate how recent FPGAs can be crashed in a Denial-of-Service attack, making recovery without power cycling impossible. This part is administrated by Dennis Gnad and Jonas Krautter.
Finally, the third part is a hands-on experience using low cost Lattice iCE40-HX8K breakout boards together with a comprehensive graphical interface, which can be used to control various parameters of the measurement or fault injection process on the FPGA. On this platform, participants of the tutorial are able to perform the demonstrated attacks themselves and learn about the importance of the respective parameters as well as the details of the attacked implementation.