Conference item
CAPSULe: Cross-FPGA covert-channel attacks through power supply unit leakage
- Abstract:
- Field-Programmable Gate Arrays (FPGAs) are versatile, reconfigurable integrated circuits that can be used as hardware accelerators to process highly-sensitive data. Leaking this data and associated cryptographic keys, however, can undermine a system’s security. To prevent potentially unintentional interactions that could break separation of privilege between different data center tenants, FPGAs in cloud environments are currently dedicated on a per-user basis. Nevertheless, while the FPGAs themselves are not shared among different users, other parts of the data center infrastructure are. This paper specifically shows for the first time that powering FPGAs, CPUs, and GPUs through the same power supply unit (PSU) can be exploited in FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covert channels between independent boards. These covert channels can operate remotely, without the need for physical access to, or modifications of, the boards. To demonstrate the attacks, this paper uses a novel combination of “sensing” and “stressing” ring oscillators as receivers on the sink FPGA. Further, ring oscillators are used as transmitters on the source FPGA. The transmitting and receiving circuits are used to determine the presence of the leakage on off-the-shelf Xilinx boards containing Artix 7 and Kintex 7 FPGA chips. Experiments are conducted with PSUs by two vendors, as well as CPUs and GPUs of different generations. Moreover, different sizes and types of ring oscillators are also tested. In addition, this work discusses potential countermeasures to mitigate the impact of the cross-board leakage. The results of this paper highlight the dangers of shared power supply units in local and cloud FPGAs, and therefore a fundamental need to re-think FPGA security for shared infrastructures
- Publication status:
- Published
- Peer review status:
- Reviewed (other)
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, 1.1MB, Terms of use)
-
- Publisher copy:
- 10.1109/SP40000.2020.00070
Authors
- Publisher:
- IEEE
- Journal:
- IEEE Symposium on Security and Privacy More from this journal
- Volume:
- 1
- Issue:
- 2020
- Pages:
- 909-922
- Publication date:
- 2020-04-01
- Acceptance date:
- 2019-11-09
- Event title:
- IEEE Symposium on Security and Privacy (SP)
- Event location:
- San Francisco, CA
- Event website:
- http://www.ieee-security.org/
- Event start date:
- 2020-05-17
- Event end date:
- 2020-05-21
- DOI:
- ISSN:
-
1081-6011
- ISBN:
- 978-1-7281-3497-0
- Language:
-
English
- Keywords:
- Pubs id:
-
1100102
- Local pid:
-
pubs:1100102
- Deposit date:
-
2020-04-14
Terms of use
- Copyright holder:
- IEEE
- Copyright date:
- 2020
- Rights statement:
- © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
- Notes:
- This paper will be presented at the 2020 IEEE Symposium on Security and Privacy (SP), 17-21 May 2020, San Francisco, CA. This is the accepted manuscript version of the article. The final version is available from IEEE at: https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00070
If you are the owner of this record, you can report an update to it here: Report update to this record