Characterization of Side Channels on FPGA-based Off-The-Shelf Boards against Automated Attacks

Abstract

FPGAs offer fast and reliable near-data processing and are therefore suitable candidates for implementing IoT and edge computing systems. As they are usually deployed in exposed locations, they are vulnerable to physical attacks, especially Side-Channel Analysis (SCA).In this paper, we characterize side-channels and how they can be exploited for SCA on FPGA-based off-the-shelf boards, i.e. without having to make any modifications to the board, hardware, or software. The basic requirement for any kind of SCA is that the individual Cryptographic Operations (COs) in the side-channel traces can be detected.To this end, we apply a SCA for semi-automatic CO detection that can be generically applied off-the-shelf to a wide variety of boards. Additionally, we introduce a new metric called Signal of COs to Noise Ratio (SCONR), that allows to quantify the pronouncedness of COs versus noise in a side channel. We then evaluate side channels measured on three different boards containing Xilinx 7 series FPGAs. We further investigate the influence of other sources of noise and how much they affect the attackability of a system.Our results show that FPGAs have a high vulnerability to SCA in general and that even noise from an operating system will not hinder the recording and finding of COs in an automated fashion as long as there are no countermeasures in place. Finally, SCONR converges after fewer recorded traces and gives a clearer indication whether a side channel is susceptible to this type of automated attack than leakage assessment techniques such as TVLA.