Abstract
With each new technology generation, the available resources on Field Programmable Gate Arrays increase, making them more attractive for partial access from multiple users. They get increasingly adopted as accelerators in various application domains, embedded in shared Systems on Chip or remote cloud services. Thus, some recent works have already explored Denial-of-Service and side-channel attacks, where an FPGA fabric is shared among multiple users. In this work, we show how fault attacks can be launched within an FPGA, through software-provided bitstreams alone. Excessive voltage drops can be generated from legitimate logic mapped into the FPGA to cause timing faults, reaching from spatially and logically isolated partitions of one to another user of the FPGA fabric. To cause this voltage drop, we first show how specific patterns to activate Ring Oscillators can cause timing failures in simple test designs on various FPGA boards. Subsequently, we analyze and adapt an existing fault model for the Advanced Encryption Standard to match the accuracy of our fault attack. In the same multi-user scenario, we show as a proof-of-concept how a successful Differential Fault Analysis attack on an AES module can be launched. We perform experiments on three FPGA boards of the same model and confirm that the attack adapts to all systems and is successful under process variation, but with different susceptibility to faults. The paper is concluded by validating the attack on another platform, and analyzing the vulnerability based on a timing analysis, proving the applicability to different devices.
Highlights
Field Programmable Gate Arrays (FPGAs) are increasingly used to accelerate computational hotspots of various applications, both in small Systems on Chip (SoCs), as well as in the data-center
We introduce a new category of software-initiated fault attacks in FPGA systems, possible with remote access to the target only, based on supply voltage drops generated by means of malicious yet legitimate switching activity
We prove fault attacks on shared FPGAs possible by applying a Differential Fault Analysis attack on the Advanced Encryption Standard in a similar scenario, implemented with standard FPGA tools
Summary
Field Programmable Gate Arrays (FPGAs) are increasingly used to accelerate computational hotspots of various applications, both in small Systems on Chip (SoCs), as well as in the data-center. Due to the characteristics of on-chip Power Distribution Networks (PDNs), switching activity on the chip leads to supply voltage fluctuations [ZSZF13] This peculiarity can affect the reliability of the system and pose a potential security threat. We cause faults through repetitive activation patterns, here to affect the supply voltage of an FPGA This attack is precise enough to inject timing faults in FPGA logic, suitable to target specific encryption rounds of the Advanced Encryption Standard (AES) and perform Differential Fault Analysis (DFA). We introduce a new category of software-initiated fault attacks in FPGA systems, possible with remote access to the target only, based on supply voltage drops generated by means of malicious yet legitimate switching activity.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
