detecting power attacks on reconfigurable hardware
play

Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle - PowerPoint PPT Presentation

Mar 08, 2024 •45 likes •285 views

Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle Wayne Luk Department of Computing Imperial College London, UK 22 nd International Conference on Field Programmable Logic and Applications A. Le Masle and W. Luk Detecting

  1. Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle Wayne Luk Department of Computing Imperial College London, UK 22 nd International Conference on Field Programmable Logic and Applications A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 1 / 24

  2. Main Contributions General framework to detect insertion of power measurement circuit in device’s power rail ring oscillator-based power monitor circuit monitors supply voltage variations attack detector circuit implements power attack detection strategy abnormal supply voltages and power rail resistance values detected Implementation of framework 3300 LUTs on Spartan-6 LX45 FPGA insertion of 1 Ω shunt resistor and high supply voltage detected on AES and RSA crypto-system @ 20 MHz no false-positive and false-negative for proper operating margins A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 2 / 24

  3. Outline Introduction 1 Background Problem Main Contributions Power Attack Detection Framework 2 Framework Power Monitor Attack Detector Results 3 Experimental Setting Detection Rate Conclusion 4 Future Work Summary A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 3 / 24

  4. Introduction Outline Introduction 1 Background Problem Main Contributions Power Attack Detection Framework 2 Framework Power Monitor Attack Detector Results 3 Experimental Setting Detection Rate Conclusion 4 Future Work Summary A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 4 / 24

  5. Introduction Background Security of encryption algorithm implementation Encryption algorithm brute-force attack or exhaustive key search computationally infeasible resists cryptanalysis Physical implementation of algorithm leaks information creates security flaws Side-channel attacks exploit these physical flaws A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 5 / 24

  6. Introduction Background Power attacks Transistor switching inside device leaks information about computation power easily measured inserting shunt resistor in main power rail Simple Power Analysis (SPA) direct information about encryption key through single power trace eg: multiplication/squaring in RSA modular exponentiation Differential Power Analysis (DPA) [1] information from multiple power traces with statistical methods eg: DPA against AES or DES Successfully demonstrated on private and public key encryptions [1] P . Kocher et al., Differential power analysis , CRYPTO ’99 A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 6 / 24

  7. Introduction Background FPGA power measurement V CCINT V EXT R EXT R NET V NET current drain due to circuit switching V INT I FPGA P = V INT I = ( V CCINT − ( V EXT + V NET )) I ≈ V CCINT I I = V EXT / R EXT Variations of R EXT create variations of supply voltage V INT A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 7 / 24

  8. Introduction Problem Problem Two types of countermeasures masking: randomize intermediate values processed by device [2] application-dependent 2-3 times area overhead hiding: remove data dependency of power consumption [3,4] eg: differential logic, symmetrical routing 3-10 times area overhead slow Challenge preventing power attacks area-consuming and slows down design many countermeasures often need to be combined can’t we simply detect power attacks? [2] F. Regazzoni et al., FPGA implementations of the AES masked against power analysis attacks , COSADE 2011 [3] K. Tiri et al., A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , DATE ’04 [4] P . Yu et al., Secure FPGA circuits using controlled placement and routing , CODES+ISSS ’07 A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 8 / 24

  9. Introduction Main Contributions Main Contributions General framework to detect insertion of power measurement circuit in device’s power rail ring oscillator-based power monitor circuit monitors supply voltage variations attack detector circuit implements power attack detection strategy abnormal supply voltages and power rail resistance values detected Implementation of framework 3300 LUTs on Spartan-6 LX45 FPGA insertion of 1 Ω shunt resistor and high supply voltage detected on AES and RSA crypto-system @ 20 MHz no false-positive and false-negative for proper operating margins A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 9 / 24

  10. Power Attack Detection Framework Outline Introduction 1 Background Problem Main Contributions Power Attack Detection Framework 2 Framework Power Monitor Attack Detector Results 3 Experimental Setting Detection Rate Conclusion 4 Future Work Summary A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 10 / 24

  11. Power Attack Detection Framework Framework Framework Attack detection logic Attack Power detector monitor Control bus Hardware Hardware Hardware . . . . core 1 core 2 core n System bus Hardware cores cryptographic functions (RSA, AES, RNG, ...) non-critical tasks (communication, clock generation, ...) Power monitor measures FPGA supply voltage variations on-chip Attack detector receives information about state of core’s power consumption checks whether power consumption stays in pre-defined range A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 11 / 24

  12. Power Attack Detection Framework Power Monitor Power Monitor (1/2) en clk rst RO Counter . . . . . Adder . measure . tree . . . . clk RO Counter Oscillation frequency of ring oscillator affected by supply voltage f R ≈ k 0 V INT + f 0 High resolution needs accumulation of many oscillations measurement period ր , response time ց solution: evenly distribute network of ROs across chip and accumulate oscillations count → placement and routing constraints better resolution, more consistent measurement A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 12 / 24

  13. Power Attack Detection Framework Power Monitor Power Monitor (2/2) Advantages of ring oscillators built with primitives available to all commercial FPGAs relatively small and easily uniformly distributed across the chip ring oscillator’s frequency scales with advances in fabrication technology Higher sampling rate than current FPGAs ADCs Virtex-6 ADC: 200 kHz ring oscillator-based power monitor: < 8 MHz A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 13 / 24

  14. Power Attack Detection Framework Attack Detector Calibration power idle reference power monitor monitor value p ref value reference power monitor amplitude Δ p ref,i minimum reference power monitor value p min,i time All possible input values cannot be tested for each core i , p ref , p min , i and ∆ p ref , i are approximations Margins m ref and m ref , i on p ref and ∆ p ref , i p ∗ ref = p ref ( 1 + m ref ) ∆ p ∗ ref , i = ( p ∗ ref − p min , i )( 1 + m ref , i ) A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 14 / 24

  15. Power Attack Detection Framework Attack Detector Monitoring (1/2) p ( t ) instantaneous power monitor reading ∆ p ( t ) = p ∗ ref − p ( t ) � p min ( t ) = p ∗ ∆ p ∗ ref − ref , i i ∈ S ( t ) At time t , subset S ( t ) of n hardware cores are running Attack flag raised if p ( t ) > p ∗ ref or (1) � ∆ p ∗ ∆ p ( t ) > (2) ref , i i ∈ S ( t ) A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 15 / 24

  16. Power Attack Detection Framework Attack Detector Monitoring (2/2) Normal operating conditions power Supply voltage too high monitor Supply voltage too low value Power rail resistance too high p(t) p* ref ∑Δ p* ref,i i ∈ S(t) p min (t) t Normal operating conditions power trace p ( t ) between p ∗ ref and p min ( t ) Supply voltage too high p raises over p ∗ ref → detected by equation 1 Supply voltage too low or power rail resistance too high p falls below p min at time t d → detected by equation 2 A. Le Masle and W. Luk Detecting Power Attacks on Reconfigurable Hardware ( Department of Computing Imperial College London, UK ) FPL 2012 16 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical &amp; Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require: Hardware

360 views • 24 slides
Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Master Defense Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS) Presented by: Niclas Bewermeier Electrical and Computer December 14, 2018 Engineering Detecting Sybil Attacks using Proofs of

510 views • 49 slides
Reconfigurable Computing Reconfigurable Computing Reconfigurable Architectures Reconfigurable

Reconfigurable Computing Reconfigurable Computing Reconfigurable Architectures Reconfigurable

Reconfigurable Computing Reconfigurable Computing Reconfigurable Architectures Reconfigurable Architectures Chapter 3.2 Chapter 3.2 Prof. Dr.- -Ing. Jrgen Teich Ing. Jrgen Teich Prof. Dr. Lehrstuhl fr Hardware- -Software Software-

655 views • 29 slides
Reconfigurable Computing Computing Reconfigurable Reconfigurable Architectures Architectures

Reconfigurable Computing Computing Reconfigurable Reconfigurable Architectures Architectures

Reconfigurable Computing Computing Reconfigurable Reconfigurable Architectures Architectures Reconfigurable Chapter 3.1 3.1 Chapter Prof. Dr.- -Ing. Jrgen Teich Ing. Jrgen Teich Prof. Dr. Lehrstuhl fr Hardware- -Software

487 views • 45 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, &quot;Detecting Hardware

293 views • 6 slides
Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND STAMATIS VASSILIADIS

Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND STAMATIS VASSILIADIS

Journal of Signal Processing Systems 51, 99121, 2008 * 2007 Springer Science + Business Media, LLC Manufactured in The United States. DOI: 10.1007/s11265-007-0131-0 Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND

545 views • 23 slides
Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David

Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David

Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David Koeplinger Raghu Prabhakar Yaqi Zhang Christina Delimitrou Christos Kozyrakis Kunle Olukotun Stanford University ISCA 2016 FPGAs in Data Centers

299 views • 26 slides
Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing

Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing

Overcoming an Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing Malicious Hardware Automatically Rest of the system Matthew Hicks Murph Finnicum Samuel T. King University of Illinois

428 views • 9 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
DEC PERLE Board as Board as DEC PERLE an EXAMPLE of an EXAMPLE of RECONFIGURABLE

DEC PERLE Board as Board as DEC PERLE an EXAMPLE of an EXAMPLE of RECONFIGURABLE

DEC PERLE Board as Board as DEC PERLE an EXAMPLE of an EXAMPLE of RECONFIGURABLE RECONFIGURABLE HARDWARE HARDWARE Xilinx Revolutionary Design Revolutionary Design Xilinx The first commercial FPGA was introduced in 1986 by Xilinx

858 views • 59 slides
Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian Graves, Adam Procter, Bill Harrison &amp; Gerard Allwein FPT 2015 Introduction Provably Correct Development, Bird-Wadler Style Reference

397 views • 24 slides
The Future Directions of Dataflow-Based Reconfigurable Hardware Accelerators Francesca Palumbo 1 ,

The Future Directions of Dataflow-Based Reconfigurable Hardware Accelerators Francesca Palumbo 1 ,

The Future Directions of Dataflow-Based Reconfigurable Hardware Accelerators Francesca Palumbo 1 , Claudio Rubattu 1,2 , Carlo Sau 3 , Tiziana Fanni 3 , Luigi Raffo 3 1 University of Sassari, PolComIng Information Engineering Group 2 University

981 views • 95 slides
Memory Programming on Reconfigurable Hardware spcl.inf.ethz.ch @spcl_eth Modern high performance

Memory Programming on Reconfigurable Hardware spcl.inf.ethz.ch @spcl_eth Modern high performance

spcl.inf.ethz.ch @spcl_eth T IZIANO D E M ATTEIS , J OHANNES DE F INE L ICHT , J AKUB B ERNEK , T ORSTEN H OEFLER Streaming Message Interface: High-Performance Distributed Memory Programming on Reconfigurable Hardware spcl.inf.ethz.ch

578 views • 18 slides
ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances Nils Clausen, M.Sc. University Lecturer n.clausen@ium.edu.na Detecting Distributed DNS Attacks Utilizing Levenshtein String

328 views • 14 slides
Imperial Oil Resources NWT Limited Norman Wells Operations Sahtu Land and Water Board June 2014

Imperial Oil Resources NWT Limited Norman Wells Operations Sahtu Land and Water Board June 2014

Imperial Oil Resources NWT Limited Norman Wells Operations Sahtu Land and Water Board June 2014 CIDM # Presentation Overview Recommendations Background Water Licence Scope Definitions Aquatic Effects Monitoring Program

592 views • 16 slides
Imperial Ethics Briefing: Contents Section 1. Introduction (Faculty Dean / JN) 5 mins 2. Ethics

Imperial Ethics Briefing: Contents Section 1. Introduction (Faculty Dean / JN) 5 mins 2. Ethics

Imperial Ethics Briefing: Contents Section 1. Introduction (Faculty Dean / JN) 5 mins 2. Ethics Code (JN) 5 mins 3. Relationship Review Policy (CJ / AN) 5 mins 4. Research Integrity (LC) 5 mins 5 Operational aspects of new policies

456 views • 26 slides
IMPERIAL CAPITAL GLOBAL OPPORTUNITIES CONFERENCE New York September 20 th , 2012 W&amp;T

IMPERIAL CAPITAL GLOBAL OPPORTUNITIES CONFERENCE New York September 20 th , 2012 W&amp;T

IMPERIAL CAPITAL GLOBAL OPPORTUNITIES CONFERENCE New York September 20 th , 2012 W&amp;T Offshore, Inc. (NYSE: WTI) Revenues for 2011/1 st half 2012 $971 MM / $451 MM Adj EBITDA for 2011/1 st half 2012 $646 MM / $281 MM Proved Reserves (1)

356 views • 34 slides
2020 &amp; 2024 Final LCR Study Results for LA Basin and San Diego-Imperial Valley Areas David Le

2020 &amp; 2024 Final LCR Study Results for LA Basin and San Diego-Imperial Valley Areas David Le

2020 &amp; 2024 Final LCR Study Results for LA Basin and San Diego-Imperial Valley Areas David Le Senior Advisor, Regional Transmission Engineer Stakeholder Call April 10, 2019 ISO Public ISO Public LA Basin and San Diego-Imperial Valley

472 views • 25 slides
IVTA M EMBERSHIP (28 A GENCIES ) Brawley Elementary School District Imperial County Office of

IVTA M EMBERSHIP (28 A GENCIES ) Brawley Elementary School District Imperial County Office of

IVTA O VERVIEW M ISSION To support the telecommunications needs of Imperial Valley public agencies in order to contribute to the growth and development of our contribute to the growth and development of our community. O RGANIZATION C HART

465 views • 12 slides
Community Liaison Group 17.03.15 Summary Update following award of design and build contract

Community Liaison Group 17.03.15 Summary Update following award of design and build contract

Northern Line Extension Battersea Community Liaison Group 17.03.15 Summary Update following award of design and build contract and submission of Code of Construction Part Bs to Local Authorities, we have started enabling works at all four

586 views • 26 slides
Experimental Characterization of a Large Aperture Array Localization Technique using an SDR

Experimental Characterization of a Large Aperture Array Localization Technique using an SDR

Experimental Characterization of a Large Aperture Array Localization Technique using an SDR Testbench M. Willerton, D. Yates, V. Goverdovsky and C. Papavassiliou Imperial College London, UK. 30 th November 2011 David Yates (ICL) 11 / 30 1 / 21

896 views • 21 slides
CIBC Fixed Income Investor Presentation Q2 2020 Disclaimer The material that follows is a

CIBC Fixed Income Investor Presentation Q2 2020 Disclaimer The material that follows is a

CIBC Fixed Income Investor Presentation Q2 2020 Disclaimer The material that follows is a presentation (the &quot;Presentation&quot;) of general background information about Canadian Imperial Bank of Commerce (&quot;CIBC&quot;) and its covered

684 views • 54 slides

More recommend