Characterizing Power Distribution Attacks in Multi-User FPGA Environments George Provelengios, Daniel Holcomb, and Russell Tessier Department of Electrical and Computer Engineering University of Massachusetts Amherst (Funded by a grand from Intel’s Corporate Research Council) Department of Electrical and Computer Engineering University of Massachusetts Amherst
Overview ➢ Two tenants are using Shell simultaneously the device User Space ➢ Tenant A (attacker) consumes QSFP ... PCIe Attacker power aggressively in an ... USB attempt to induce timing faults DMA Spatial Isolation in tenant B (victim) Eth MMIO Threat model: I2C ✓ Tenants are spatially isolated but Victim FPGA share the FPGA power distribution fabric network (PDN) Shared i ✓ Tenants do not have physical On-board PDN V in access to the board Regulator ✓ The tools used for interacting with the FPGA are secure Department of Electrical and Computer Engineering 2 University of Massachusetts Amherst
Contribution We investigate on-chip voltage attacks and specifically how ▪ their impact depends on: ➢ Duration of voltage disruption ➢ Consumed power by attacker ➢ Distance between attacker & victim We evaluate the ability of power wasting circuits to induce ▪ timing faults to victim We examine the use of small on-chip voltage sensors to ▪ quickly identify the location of the attacker Department of Electrical and Computer Engineering 3 University of Massachusetts Amherst
Characterization platform and experimentation setup E36312A benchtop A power supply Two DE1-SoC boards ▪ (Cyclone V FPGA) ➢ A: for calibrating the sensors ➢ B: for characterizing on-chip voltage attacks MOSX4154A A benchtop power supply for oscilloscope ▪ B controlling the input voltage LTC3608 switching An oscilloscope for measuring regulator (617KHz) ▪ the on-board voltage (testpad VCC1P1) 1 μ H inductor Terasic DE1-SoC board - Cyclone V FPGA (28nm) Department of Electrical and Computer Engineering 4 University of Massachusetts Amherst
Voltage sensor architecture Array of on-die Cyclone V A regular rectangular ▪ voltage sensors grid of 46 sensors 19 inverting stages: ▪ Sensor ✓ Meet timing constraints 19-stage RO Cyclone V LAB ✓ Minimize local effects 1 En ... ✓ Fit in a single CV LAB ALM#0 ALM#9 Resolution: 1 part in Frequency Counter ▪ En (20-bit) Rst Specifications 1000 Rst Avg. f RO = 105MHz Sam. period = 10 μ s RO counts Resolution = 0.1% Controller reads and resets all the sensors simultaneously in every sampling period 1 M. Barbareschi, G. Di Natale, and L. Torres , “Implementation and analysis of ring oscillator circuits on Xilinx FPGAs,” in Hardware Security and Trust. N. Sklavos, R. Chaves, G. Di Natale, and F. Regazzoni, Eds. Springer, 2017, ch. 12, pp. 237-251 Department of Electrical and Computer Engineering 5 University of Massachusetts Amherst
Sensor calibration To use ROs as on-chip voltage ▪ sensors: Sweep the input voltage ➢ Consistent (780mV – 1.1V) and record: trend Voltage at FPGA power pin ✓ RO counts from on-chip ✓ sensors Minimize the power drawn by ▪ the FPGA during measurements Department of Electrical and Computer Engineering 6 University of Massachusetts Amherst
Attacker circuitry 2 × 𝑔 ▪ 𝑄 𝑒𝑧𝑜 = 𝐷 × 𝑊 𝑇𝑋 𝐸𝐸 Cyclone V ALM I0 1-stage ROs as power wasters ▪ Enable I1 Toggle LUT I2 Output Toggle ... In an area of 1,408 LABs ▪ Output I7 (44x32) fit up to 12K PWs LUT Placed uniformly at random ▪ locations in the attack area Number of Power / Instances Inst. [mW] 160 1.13 Power/instance is diminished as ▪ 1600 1.02 3200 0.91 the number of PWs increases 4800 0.84 6400 0.75 Hit the 5A current limit of the E36312A benchtop supply Department of Electrical and Computer Engineering 7 University of Massachusetts Amherst
Physical characterization of voltage drop On-chip Characterize disturbance as a ▪ function of: disruption time • distance to center of PW • (7 locations examined) drops by 26% 0 Department of Electrical and Computer Engineering 8 University of Massachusetts Amherst
Physical characterization of voltage drop On-chip Characterize disturbance as a ▪ function of: disruption time • distance to center of PW • (7 locations examined) drops by 26% Voltage drop across the on- ▪ 0 board inline inductor 83mV ∆ 𝑗 = 2.5𝐵 60 μ s On-board Department of Electrical and Computer Engineering 9 University of Massachusetts Amherst
Intensity and distance Power consumed by ▪ attacker (160PWs -> 12K PWs) The 83mV voltage drop ▪ across the inductor impacts every part of the chip 53 The victim will notice the ▪ drop regardless of its 53 columns away the location on the chip voltage drops to 967mV in the strongest attack Department of Electrical and Computer Engineering 10 University of Massachusetts Amherst
Characterizing timing faults Voltage drop causes delay of ▪ 20ns combinational logic to increase Increased delay Clock time due to attack Wrong values captured if paths ▪ Propagation Delay do not complete before Propagation Delay capturing clock edge arrives Error free paths in Pos. Slack Neg. Slack absence of attack Must overcome conservative ▪ timing models FA n-1 FA n-2 FA n-3 FA 0 0 0 1 0 1 0 1 1 ... Use ripple carry adder as a ▪ + + + + Propagating representative test circuit can carry sensitize any desired path ... 1 0 0 0 0 0 length Clock Department of Electrical and Computer Engineering 11 University of Massachusetts Amherst
Inducing timing faults 12K PWs randomly placed in ▪ an area of 1,408 LABs (44x32) Attacker Examine different distances ▪ in respect to attack center: Victim 22, 26, 30, 35, 38, 42, 47, • Undershoot Steady state 50, and 54 LAB columns away Sensitize different path • lengths: 49, 54, 59, 64, 69, 42 and 74 ▪ Faults occurred even in 42 columns away Department of Electrical and Computer Engineering 12 University of Massachusetts Amherst 12
Mapping the on-chip voltage drop Using 46 on-chip sensors for ▪ deriving the voltage contours of the chip Varying the magnitude of ▪ disturbance and location of attacker Center of attack: ▪ 12K PWs: 825mV • 3.2K PWs: 975mV • Farthest corner of the chip: ▪ (A) 12K power waster (B) 3.2K power waster 12K PWs: 975mV • attack attack 3.2K PWs: 1.050V • Department of Electrical and Computer Engineering 13 University of Massachusetts Amherst
Locating the attack area The disturbance of the shared ▪ PDN reveals the location of the attacker Evaluate how many sensors ▪ required to find its location 20 sensors are sufficient to ▪ (A) 12K power waster attack identify the attacker Resource utilization: Cyclone V 5CSEMA5F31C6 Num. RO ALMs Flip-flops Sensors (Avail.:32,070) (Avail.: 128,280) 10 390 (1.2%) 200 (<1%) 20 780 (2.4%) 400 (<1%) 30 1,170 (3.6%) 600 (<1%) 40 1,560 (4.9%) 800 (<1%) 46 1,794 (5.6%) 920 (<1%) Controller 430 (1.3%) 111 (<1%) (B) 3.2K power waster attack Department of Electrical and Computer Engineering 14 University of Massachusetts Amherst
Summary Using a small number of RO-based ▪ on-chip sensors we characterized on- chip FPGA voltage attacks Combining iR voltage drop with drop ▪ caused by inductance can be used to attack circuits far from the power wasting area Spatial isolation between tenants is ▪ insufficient for protecting against PDN attacks A malicious tenant cannot mask its ▪ identity and can be located with less than 5% of FPGA logic Department of Electrical and Computer Engineering 15 University of Massachusetts Amherst 15
Thank You Questions? Using a small number of RO-based on- ▪ chip sensors we characterized on-chip FPGA voltage attacks Combining iR voltage drop with drop ▪ caused by inductance can be used to attack circuits far from the power wasting area Spatial isolation between tenants is ▪ insufficient for protecting against PDN attacks A malicious tenant cannot mask its ▪ identity and can be located with less than 5% of FPGA logic Department of Electrical and Computer Engineering 16 University of Massachusetts Amherst 16
Recommend
More recommend
