Skip to main content

FPGA-Based Remote Power Side-Channel Attacks

This post introduces a power side-channel attack on FPGAs and cloud computing.
Field Programmable Gate Arrays (FPGAs) have been widely adopted as hardware accelerators, as it allows end users to customize their own integrated circuits for specific tasks. Cloud computing vendors such as Amazon lease FPGAs to customers, since FPGAs can be virtualized and shared among users. This results in the fact that circuits belonging to multiple users may co-resides on one physical FPGA, which makes side-channel attacks possible.
However, even if circuits from different users co-resides on the same FPGA board, they are physically partitioned with a “fence” made of unused configurable logic blocks. This prohibits one malicious user to directly steal secrets from victim’s circuit on the same FPGA. A noticeable observation is, a common power supply is shared with all circuits on the same FPGA.  The activities of one single circuit will be reflected in the voltage from the power supply and can be sensed by other circuits. [1] introduced a novel method which takes advantage of this fact and conducts a side-channel attack on RSA encryption process.


In the thread model, the adversary has no physical proximity to a target system and cannot measure its physical properties. However, the adversary is allowed to control the behavior of part of the logic gates on that same FPGA where the victim system resides.
Heavy computation task generally leads to high switching activities of CMOS. High switching activities lead to transient voltage drops of the power supply of the FPGA. In other words, if one of the circuits reside on the FPGA has intensive computation tasks, the result will be a voltage drop of the power supply. This voltage drop can be observed by other circuits, and this fact may be utilized by an adversary.

In order to gather voltage data, an adversary can put a Ring Oscillator on the system. A ring oscillator generates a square wave, whose frequency is determined by the latency of logic gates. Generally, the higher the latency, the lower the frequency. The gate latency is affected by the applied voltage. In other words, the frequency is inversely proportional to the applied voltage. 

A counter is connected to the output of the RO and is incremented by the rising edges. Another counter is triggered by the system clock, whose frequency is known to the adversary. The values of two counters are compared occasionally to derive the average frequency of the RO in one period.
Till now, the adversary can observe the change of voltage in the power supply in a given time range. A case study is presented to illustrate how to conduct a side-channel attack.
Encrypting a message using RSA requires the computation of a large modular exponentiation, which is computationally expensive due to the large operands, and inefficient to be performed in CPU. A practical approach is to design a hardware accelerator using FPGA to implements the square-and-multiply algorithm, as shown in the following figure.

In the above figure, d represents the secret key. There are two multipliers presented. If ith bit of d is 1, both two multipliers will work. If ith bit of d is 0, one multiplier will be idle. Thus, the value of ith bit of d can be inferred by observing the voltage drop. By repeating this process, an adversary can get the entire secret key.


The novelty of this paper is that it introduced a power side-channel vulnerability that beneath the integration of cloud computing and FPGA. It is particularly important as it does not require an adversary to have physical proximity to the victim system, which is practical as the prevalence of cloud computing nowadays.

Comments

Post a Comment

Popular posts from this blog

Angr: A Multi-Architecture Binary Analysis Toolkit

This blog is quoted from several angr blogs and documentations, click  here  and  here . angr is a multi-architecture binary analysis toolkit, with the capability to perform dynamic symbolic execution (like Mayhem, KLEE, etc.) and various static analyses on binaries. We've tried to make using angr as pain-free as possible - our goal is to create a user-friendly binary analysis suite, allowing a user to simply start up iPython and easily perform intensive binary analyses with a couple of commands. That being said, binary analysis is complex, which makes angr complex. This documentation is an attempt to help out with that, providing narrative explanation and exploration of angr and its design. Several challenges must be overcome to programmatically analyze a binary. They are, roughly: Loading a binary into the analysis program. Translating a binary into an intermediate representation (IR). Performing the actual analysis. This could be: A partial or full-prog...
Post a Comment
Read more

SWAPGS Attack: A Spectre Variant

With the recent developments of Spectre [1] and Meltdown [1] as we discussed in class, it should come to no surprise that various odd methods of accessing kernel memory through user level permissions have popped up.   One such interesting method utilizes the SWAPGS instruction, called the SWAPGS Attack, found by Bitdefender researchers just a few months ago [2].   This article will explore what the attack is, how to exploit it on existing hardware and operating systems, and what mitigations can be implemented for current hardware. SWAPGS Attack Overview The SWAPGS Attack, as the name implies, utilizes the SWAPGS instruction.   This instruction swaps two Model Specific Registers (MSRs), IA32_GS_BASE and IA32_GS_KERNEL_BASE, which point to the user mode's per-thread data structure and kernel mode per-thread data structure respectively.   In Windows, the addresses stored in these registers are used to quickly access information about the current Thread Informa...
Post a Comment
Read more

ARM TrustZone, its Applications, and the MCU Xpresso55S69

ARM TrustZone, its Applications, and the MCU Xpresso55S69 Overview: The creation of ARM TrustZone stems from a simple question: how can high-value code and data be protected (primarily in IoT devices and systems) without significantly slowing development?  The core idea put forth by the developers of ARM TrustZone is that the objective above can be accomplished by isolating critical firmware and private information. TrustZone’s isolation is hardware-enforced, with a “Secure” and a “Non-Secure”/”Normal” world (shown as “Trusted view” and “None-trusted view” in Figure 1 below). Present on ARM’s Cortex-M and Cortex-A processors, TrustZone is a “SoC (System-on-Chip) and CPU system-wide security solution”, per Pinto and Santos [4]. By restricting access to “secure” (“trusted”) memory and I/O, ARM TrustZone reduces the attack surface of critical components.    Figure 1: An Overview of TrustZone Being implemented at the hardware level gives TrustZone s...
Post a Comment
Read more