FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING – CHAIR OF DEPENDABLE NANO COMPUTING www.kit.edu KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs
FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Motivation Remote Voltage Fault Attacks on More resources per FPGA ⇒ Multi-user environments: Shared FPGAs Amazon, Microsoft and introduce FPGA usage in cloud computing J. Krautter, D.R.E. Gnad and M.B. Tahoori System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration ⇒ Multi-tenant FPGAs New attack scenarios: Passive on-chip side-channels 1 Denial-of-Service 2 This work: Fault attacks ... Proof-of-Concept work: Successful DFA on AES 1 Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN)
FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated
FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface
FPGAhammer: Threat model Remote Voltage Fault Attacks on Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface Chosen-Plaintext Attack scenario
FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6
FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6
FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori
FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt
FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation
FPGAhammer: Power Distribution Network (PDN) Remote Voltage Fault Attacks on Shared FPGAs Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) J. Krautter, D.R.E. Gnad and M.B. Tahoori Law of Inductance: V drop = I · R + L · dI dt High current variation ⇒ Power supply voltage variation Lower supply voltage ⇒ Timing faults
FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Malicious Logic Remote Voltage Fault Attacks on Shared FPGAs Logic element to cause high current variation 2 : Ring Oscillators (ROs) J. Krautter, D.R.E. Gnad and M.B. Tahoori Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay) ⇒ Calibration of fault injection parameters required 1.20 V CC max recommended 1.15 V CC (V) 1.10 V CC min recommended 1.05 1.00 Toggle frequency decrease 0.95 0 5 10 15 20 Time (s) FPGA supply voltage V CC during frequency scan 2 Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017
FPGAhammer: Outline Remote Voltage Fault Attacks on Shared FPGAs Background 1 J. Krautter, D.R.E. Gnad and M.B. Tahoori Fault Injection and Analysis 2 3 Experimental Setup Results 4 5 Discussion and Future Work Conclusion 6
FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs J. Krautter, D.R.E. Gnad and M.B. Tahoori 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003
FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003
FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003
FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Differential Fault Analysis on AES 3 Shared FPGAs Original scheme: Single-byte faults before 8th round J. Krautter, D.R.E. Gnad and M.B. Tahoori ⇒ All output bytes faulty Injection requires high precision ⇒ Fault injection before 9th round Successful injection can be verified 3 Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003
FPGAhammer: Fault Injection and Analysis Remote Voltage Fault Attacks on Shared FPGAs Attacker issues encryption request J. Krautter, D.R.E. Gnad to get correct ciphertext and M.B. Tahoori
Recommend
More recommend