fpgahammer remote voltage fault attacks on shared fpgas
play

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable - PowerPoint PPT Presentation

Aug 23, 2023 •374 likes •995 views

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING www.kit.edu KIT Die

  1. FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING – CHAIR OF DEPENDABLE NANO COMPUTING www.kit.edu KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

  2. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs

  3. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  4. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... Proof-of-Concept work: Successful DFA on AES 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  5. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN)

  6. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated

  7. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface

  8. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface Chosen-Plaintext Attack scenario

  9. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  10. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  11. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori

  12. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt

  13. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation

  14. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation Lower supply voltage ⇒ Timing faults

  15. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  16. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  17. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  18. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  19. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 Toggle frequency decrease 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  20. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  21. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  22. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  23. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  24. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round Successful injection can be verified 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  25. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Shared FPGAs Attacker issues encryption request J. Krautter, D.R.E. Gnad to get correct ciphertext and M.B. Tahoori

Recommend

FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by

FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by

FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by Maitreyi Ashok Motivation FPGAs are used in most cloud computing environments for hardware acceleration The SoCs used for these can have multiple

390 views • 22 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
AQ 100 Series Arc Flash Protection System THE CONSEQUENCES OF AN ARC FAULT IN HIGH VOLTAGE

AQ 100 Series Arc Flash Protection System THE CONSEQUENCES OF AN ARC FAULT IN HIGH VOLTAGE

AQ 100 Series Arc Flash Protection System THE CONSEQUENCES OF AN ARC FAULT IN HIGH VOLTAGE SWITCHGEAR THE CONSEQUENCES OF AN ARC FAULT IN OIL-FILLED SWITCHGEAR Arc Phenomena Arc Phenomena Arc fault - facts Most devastating type of fault in

584 views • 47 slides
Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia Laguna, Sardinia (Italy) 19 October 2015 Introduction to Fault Attacks 19 October 2015 What are fault attacks? Active attacks against

571 views • 27 slides
Fault Characterization Through FPGAs Undervolting Behzad Salami, Osman S. Unsal, and Adrian

Fault Characterization Through FPGAs Undervolting Behzad Salami, Osman S. Unsal, and Adrian

www.bsc.es Fault Characterization Through FPGAs Undervolting Behzad Salami, Osman S. Unsal, and Adrian Cristal Kestelman Presented by Alberto Gonzlez 28 th Field Programmable Logic & Applications (FPL) Conference, 27-Aug-2018, Dublin,

188 views • 16 slides
Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France November 16, 2017 Cryptacus Workshop, Nijmegen, Netherlands the attacker only needs unprivileged execution on the victims machine

1.99k views • 164 slides
Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics, University of Auckland PQCrypto 2017, 26th of June 1/15 Outline 1 Preliminaries Introduction Supersingular isogenies SSI cryptosystems 2 Fault attack

379 views • 33 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max DUTERTRE Jessy

voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max DUTERTRE Jessy

Analysis of a fault injection mechanism related to voltage glitches using an on-chip voltmeter Loc ZUSSA Jean-Max DUTERTRE Jessy CLEDIERE Bruno ROBISSON Thesis subject Cryptanalysis of secure circuits by physical fault

741 views • 46 slides
Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Introduction Threats Setups Attacks Countermeasures Conclusion 1 / 31 Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of Cryptographic Algorithms and Devices for Real-World Applications Sibenik,

849 views • 31 slides
Becoming More Tolerant: Designing FPGAs for Variable Supply Voltage Ibrahim Ahmed Linda Shen

Becoming More Tolerant: Designing FPGAs for Variable Supply Voltage Ibrahim Ahmed Linda Shen

Becoming More Tolerant: Designing FPGAs for Variable Supply Voltage Ibrahim Ahmed Linda Shen Vaughn Betz Technology Scaling: Transforming the World Packing ever more computations on a single chip 2 Technology Scaling: Transforming the

924 views • 60 slides
Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @ Security Evaluation Kudelski Security Lab @ Kudelski IoT Embedded systems Hardware attacks security research Glitch / EM Reverse

889 views • 51 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs marc.joye@thomson.net CryptoPuces 2009 Porquerolles, June 26, 2009 Outline Elliptic Curve Cryptography Inducing Faults Fault Attacks Countermeasures

363 views • 24 slides
Its Not My Fault 1915: rotor machines: (electro-)mechanical - On Fault Attacks on

Its Not My Fault 1915: rotor machines: (electro-)mechanical - On Fault Attacks on

Its Not My Fault Bart Preneel FDTC12 9 September 2011 Symmetric crypto history 101 http://www.ecrypt.eu.org pre-1915: manual encryption or simple devices Its Not My Fault 1915: rotor machines: (electro-)mechanical - On

296 views • 6 slides
HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T.

HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T.

HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, A. Gupta CSE 598C Presented by: Sandra Rueda The Problem O.S. for managing FLASH architecture (large shared-memory

464 views • 22 slides
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. Introduction to Fault Attacks 2. Persistent Fault Analysis (PFA) 3. PFA on Fault

588 views • 19 slides
Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice

Extracting keys from FPGAs, OTP Tokens and Door Locks Side-Channel (and other) Attacks in Practice David Oswald david.oswald@rub.de No, I did not do all this stuff alone Christof Paar Benedikt Driessen Timo Kasper Gregor Leander

1.2k views • 95 slides
Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and SEU Emulation for FPGAs Emulation for FPGAs Bradley Dutton, Mustafa Ali, John Bradley Dutton, Mustafa Ali, John Sunwoo, and Charles Stroud Sunwoo,

305 views • 26 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn e, F. Mendel ASK 2016 The research leading to these results has received funding from the European Unions Horizon

551 views • 26 slides
Practical validation of several fault attacks against the Miller algorithm Nadia El Mrabet 1 ,

Practical validation of several fault attacks against the Miller algorithm Nadia El Mrabet 1 ,

Practical validation of several fault attacks against the Miller algorithm Nadia El Mrabet 1 , Jacques Fournier 2 , Louis Goubin 3 , Ronan Lashermes 2 , 3 , Marie Paindavoine 4 , 5 . 1 - LIASD, Paris 8, France. 2 - CEA Tech, DPACA/LSAS, Gardanne,

446 views • 22 slides
EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 ,

EXPERIMENTAL EVALUATION OF TWO SOFTWARE COUNTERMEASURES AGAINST FAULT ATTACKS Nicolas Moro 1,3 , Karine Heydemann 3 , Amine Dehbaoui 2 , Bruno Robisson 1 , Emmanuelle Encrenaz 3 1 CEA Commissariat lEnergie Atomique et aux Energies

679 views • 22 slides

More recommend