Search for: All records

Field-Programmable Gate Arrays (FPGAs) are ver-satile, reconfigurable integrated circuits that can be used ashardware accelerators to process highly-sensitive data. Leakingthis data and associated cryptographic keys, however, can un-dermine a system’s security. To prevent potentially unintentionalinteractions that could break separation of privilege betweendifferent data center tenants, FPGAs in cloud environments arecurrently dedicated on a per-user basis. Nevertheless, while theFPGAs themselves are not shared among different users, otherparts of the data center infrastructure are. This paper specificallyshows for the first time that powering FPGAs, CPUs, and GPUsthrough the same power supply unit (PSU) can be exploitedin FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covertchannels between independent boards. These covert channelscan operate remotely, without the need for physical access to,or modifications of, the boards. To demonstrate the attacks, thispaper uses a novel combination of “sensing” and “stressing” ringoscillators as receivers on the sink FPGA. Further, ring oscillatorsare used as transmitters on the source FPGA. The transmittingand receiving circuits are used to determine the presence of theleakage on off-the-shelf Xilinx boards containing Artix 7 andKintex 7 FPGA chips. Experiments are conducted with PSUs bytwo vendors, as well as CPUs and GPUs of different generations.Moreover, different sizes and types of ring oscillators are alsotested. In addition, this work discusses potential countermeasuresto mitigate the impact of the cross-board leakage. The results ofthis paper highlight the dangers of shared power supply unitsin local and cloud FPGAs, and therefore a fundamental need tore-think FPGA security for shared infrastructures. 

In recent years, multiple public cloud FPGA providers have emerged,increasing interest in FPGA acceleration of cryptographic, bioinformatic, financial, and machine learning algorithms. To help understand the security of the cloud FPGA infrastructures, this paper focuses on a fundamental question of understanding what an adversary can learn about the cloud FPGA infrastructure itself, without attacking it or damaging it. In particular, this work explores how unique features of FPGAs can be exploited to instantiate Physical Unclonable Functions (PUFs) that can distinguish between otherwise-identical FPGA boards. This paper specifically introduces the first method for identifying cloud FPGA instances by extracting a unique and stable FPGA fingerprint based on PUFs measured from the FPGA boards’ DRAM modules. Experiments conducted on the Amazon Web Services (AWS) cloud reveal the probability of renting the same physical board more than once. Moreover, the experimental results show that hardware is not shared amongf1.2xlarge,f1.4xlarge, andf1.16xlargeinstance types. As the approach used does not violate any restrictions currently placed by Amazon,this paper also presents a set of defense mechanisms that can be added to existing countermeasures to mitigate users’ attempts to fingerprint cloud FPGA infrastructures.