fpgahammer remote voltage fault attacks on shared fpgas
play

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable - PowerPoint PPT Presentation

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING www.kit.edu KIT Die


  1. FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING – CHAIR OF DEPENDABLE NANO COMPUTING www.kit.edu KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

  2. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs

  3. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  4. FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... Proof-of-Concept work: Successful DFA on AES 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  5. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN)

  6. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated

  7. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface

  8. FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface Chosen-Plaintext Attack scenario

  9. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  10. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  11. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori

  12. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt

  13. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation

  14. FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation Lower supply voltage ⇒ Timing faults

  15. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  16. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  17. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  18. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  19. FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 Toggle frequency decrease 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

  20. FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6

  21. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  22. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  23. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  24. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round Successful injection can be verified 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

  25. FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Shared FPGAs Attacker issues encryption request J. Krautter, D.R.E. Gnad to get correct ciphertext and M.B. Tahoori

Recommend


More recommend