X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs
Cloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in th...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10388319/ |
| _version_ | 1797348683060084736 |
|---|---|
| author | Dina G. Mahmoud Beatrice Shokry Vincent Lenders Wei Hu Mirjana Stojilovic |
| author_facet | Dina G. Mahmoud Beatrice Shokry Vincent Lenders Wei Hu Mirjana Stojilovic |
| author_sort | Dina G. Mahmoud |
| collection | DOAJ |
| description | Cloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in the literature. However, the spatial multitenancy of FPGAs opens up new attack surfaces. Investigating potential security threats to multitenant FPGAs is thus essential for better understanding and eventually mitigating the security risks. This work makes a notable step forward by systematically analyzing the combined threat of FPGA power wasters and satisfiability don’t-care hardware Trojans in shared cloud FPGAs. We demonstrate a successful remote undervolting attack that activates a hardware Trojan concealed within a victim FPGA design and exploits the payload. The attack is carried out entirely remotely, assuming two spatially colocated FPGA users isolated from one another. The victim user’s circuit is infected with a Trojan, triggered by a pair of don’t-care signals that never reach the combined trigger condition during regular operation. The adversary, targeting the exploitation of the Trojan, deploys power waster circuits to lower the supply voltage of the FPGA. The assumption is that, under the effect of the lowered voltage, don’t-care signals may reach the particular state that triggers the Trojan. We name this exploit <monospace>X</monospace>-Attack and demonstrate its feasibility on an embedded FPGA and real-world cloud FPGA instances. Additionally, we study the effects of various attack tuning parameters on the exploit’s success. Finally, we discuss potential countermeasures against this security threat and present a lightweight self-calibrating countermeasure. To the best of our knowledge, this is the first work on undervolting-based fault-injection attacks in multitenant FPGAs to demonstrate the attack on commercially available cloud FPGA instances. |
| first_indexed | 2024-03-08T12:09:31Z |
| format | Article |
| id | doaj.art-3db9a03b82804b69a29655ecc566e0f7 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-03-08T12:09:31Z |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-3db9a03b82804b69a29655ecc566e0f72024-01-23T00:03:45ZengIEEEIEEE Access2169-35362024-01-01128983901110.1109/ACCESS.2024.335313410388319X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAsDina G. Mahmoud0https://orcid.org/0000-0003-0720-1342Beatrice Shokry1https://orcid.org/0009-0003-6372-6765Vincent Lenders2https://orcid.org/0000-0002-2289-3722Wei Hu3https://orcid.org/0000-0001-6738-4297Mirjana Stojilovic4https://orcid.org/0000-0001-5649-5020School of Computer and Communication Sciences, EPFL, Lausanne, SwitzerlandSchool of Computer and Communication Sciences, EPFL, Lausanne, SwitzerlandCyber-Defence Campus, armasuisse, Thun, SwitzerlandSchool of Cybersecurity, Northwestern Polytechnical University, Xi’an, ChinaSchool of Computer and Communication Sciences, EPFL, Lausanne, SwitzerlandCloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in the literature. However, the spatial multitenancy of FPGAs opens up new attack surfaces. Investigating potential security threats to multitenant FPGAs is thus essential for better understanding and eventually mitigating the security risks. This work makes a notable step forward by systematically analyzing the combined threat of FPGA power wasters and satisfiability don’t-care hardware Trojans in shared cloud FPGAs. We demonstrate a successful remote undervolting attack that activates a hardware Trojan concealed within a victim FPGA design and exploits the payload. The attack is carried out entirely remotely, assuming two spatially colocated FPGA users isolated from one another. The victim user’s circuit is infected with a Trojan, triggered by a pair of don’t-care signals that never reach the combined trigger condition during regular operation. The adversary, targeting the exploitation of the Trojan, deploys power waster circuits to lower the supply voltage of the FPGA. The assumption is that, under the effect of the lowered voltage, don’t-care signals may reach the particular state that triggers the Trojan. We name this exploit <monospace>X</monospace>-Attack and demonstrate its feasibility on an embedded FPGA and real-world cloud FPGA instances. Additionally, we study the effects of various attack tuning parameters on the exploit’s success. Finally, we discuss potential countermeasures against this security threat and present a lightweight self-calibrating countermeasure. To the best of our knowledge, this is the first work on undervolting-based fault-injection attacks in multitenant FPGAs to demonstrate the attack on commercially available cloud FPGA instances.https://ieeexplore.ieee.org/document/10388319/FPGA securityhardware trojansmultitenancytiming faultsremote attack |
| spellingShingle | Dina G. Mahmoud Beatrice Shokry Vincent Lenders Wei Hu Mirjana Stojilovic X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs IEEE Access FPGA security hardware trojans multitenancy timing faults remote attack |
| title | X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs |
| title_full | X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs |
| title_fullStr | X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs |
| title_full_unstemmed | X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs |
| title_short | X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs |
| title_sort | x attack 2 0 the risk of power wasters and satisfiability don x2019 t care hardware trojans to shared cloud fpgas |
| topic | FPGA security hardware trojans multitenancy timing faults remote attack |
| url | https://ieeexplore.ieee.org/document/10388319/ |
| work_keys_str_mv | AT dinagmahmoud xattack20theriskofpowerwastersandsatisfiabilitydonx2019tcarehardwaretrojanstosharedcloudfpgas AT beatriceshokry xattack20theriskofpowerwastersandsatisfiabilitydonx2019tcarehardwaretrojanstosharedcloudfpgas AT vincentlenders xattack20theriskofpowerwastersandsatisfiabilitydonx2019tcarehardwaretrojanstosharedcloudfpgas AT weihu xattack20theriskofpowerwastersandsatisfiabilitydonx2019tcarehardwaretrojanstosharedcloudfpgas AT mirjanastojilovic xattack20theriskofpowerwastersandsatisfiabilitydonx2019tcarehardwaretrojanstosharedcloudfpgas |