Fingerprinting cloud FPGA infrastructures

Conference item

In recent years, multiple public cloud FPGA providers have emerged, increasing interest in FPGA acceleration of cryptographic, bioinformatic, financial, and machine learning algorithms. To help understand the security of the cloud FPGA infrastructures, this paper focuses on a fundamental question of understanding what an adversary can learn about the cloud FPGA infrastructure itself, without attacking it or damaging it. In particular, this work explores how unique features of FPGAs can be exploited to instantiate Physical Unclonable Functions (PUFs) that can distinguish between otherwise-identical FPGA boards. This paper specifically introduces the first method for identifying cloud FPGA instances by extracting a unique and stable FPGA fingerprint based on PUFs measured from the FPGA boards' DRAM modules. Experiments conducted on the AmazonWeb Services (AWS) cloud reveal the probability of renting the same physical board more than once. Moreover, the experimental results show that hardware is not shared among f1.2xlarge, f1.4xlarge, and f1.16xlarge instance types. As the approach used does not violate any restrictions currently placed by Amazon, this paper also presents a set of defense mechanisms that can be added to existing countermeasures to mitigate users' attempts to fingerprint cloud FPGA infrastructures.

Authors: Tian, S; Xiong, W; Giechaskiel, I; Rasmussen, KB; Szefer, J

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: ACM
• Host title: FPGA 2020 - 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays
• Journal: Proceedings of FPGA
• Issue: 2020
• Pages: 58-64
• Publication date: 2020-02-23
• Acceptance date: 2019-11-25
• Event title: FPGA '20: The 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays
• DOI: 10.1145/3373087.3375322
• ISBN: 9781450370998
• Language: English
• Keywords: FFR