ohm s law in data centers
play

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power - PowerPoint PPT Presentation

Apr 24, 2023 •387 likes •1.15k views

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and Shaolei Ren UC Riverside Acknowledgement: This work was supported in part by the U.S. NSF under grants CNS-1551661 and ECCS-1610471. Cloud data

  1. Ohm’s Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and Shaolei Ren UC Riverside Acknowledgement: This work was supported in part by the U.S. NSF under grants CNS-1551661 and ECCS-1610471.

  2. Cloud data centers 2

  3. This talk is not about cloud data centers User/Tenant = Virtual machines 2

  4. Multi-tenant data centers (a.k.a. “ colo ”) Computer Servers Non-IT infrastructure Generator P Utility D (Primary) U UPS ATS P D U Managed by Operator 3

  5. Multi-tenant data centers (a.k.a. “ colo ”) Computer Servers Non-IT infrastructure Generator P Utility D (Primary) U UPS ATS P D U Managed by Managed by Tenants Operator A shared data center facility that houses multiple tenants, each managing its own servers… 3

  6. Multi- tenant data centers are everywhere… Apple houses 25% of its servers in multi- tenant data centers… 4

  7. Multi- tenant data centers are everywhere… Google, Amazon, MS, Fb… :7.8% Multi-tenant: Enterprise: 37% 53% Percentage of electricity usage by data center type (source: NRDC 2015) 4

  8. Data center security • Mission-critical infrastructure • Backbone of digital economy • 50% growth by 2020 • IoT and edge computing • …… Securing the cyberspace is well studied DDoS attack, network intrusion, privacy protection, etc. [Mirkovic Sigcomm’04][Zhang CCS’12][Moon CCS’15][Dong CCS’17]… 5

  9. Data center security Are the physical infrastructures secure? 5

  10. How to attack physical infrastructures? Multimillion-dollar investment PDU Servers Utility UPS ATS Generator 6

  11. How to attack physical infrastructures? Multimillion-dollar investment PDU Servers Utility UPS ATS Generator Power Overload using Human intrusion server power Hacking control systems 6

  12. How to attack physical infrastructures? Multimillion-dollar investment PDU Servers Utility Our focus UPS ATS Generator Power Overload using Human intrusion server power Hacking control systems 6

  13. Threat model P D U UPS ATS P D U Generator 7

  14. Threat model P D U UPS ATS P D U Generator 7

  15. Threat model Power attack: P Well-timed power injection to overload the shared data D center capacity, subject to all applicable constraints set U UPS by the operator ATS P Malicious D Tenant U Generator Malicious load 7

  16. Threat model Power attacks make outages more likely (~280x more likely for a Tier-IV data center ) 7

  17. Cost analysis of power attacks Estimated impact of overloads (5% of the time, size: 1MW-10,00sqft) Million $/MW/year Million dollar impact! 20 15.6 8.7 10 3.5 0 Tier-II Tier-III Tier-IV Increased redundancy 8

  18. How to precisely time power attacks? • Random attacks are unlikely to be successful, while constant full power is prohibited 9

  19. How to precisely time power attacks? • Random attacks are unlikely to be successful, while constant full power is prohibited • Coarse timing (e.g., based on “peak” hours) is ineffective 9

  20. How to precisely time power attacks? • Random attacks are unlikely to be successful, while constant full power is prohibited • Coarse timing (e.g., based on “peak” hours) is ineffective How to estimate the power load without power meters? 9

  21. “Wireless” side channels Thermal: Higher power produces more heat • Requires heat recirculation model Slow responses • Only applicable to raised-floor designs • References M. A. Islam, S. Ren , and A. Wierman, “Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers,” ACM Conference on • Computer and Communications Security ( CCS ), 2017. M. A. Islam, L. Yang, K. Ranganath, and S. Ren , “Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side • Channel,” ACM International Conference on Measurement and Modeling of Computer Systems ( SIGMETRICS ), 2018.

  22. “Wireless” side channels Thermal: Higher power produces more heat • Requires heat recirculation model Slow responses • Only applicable to raised-floor designs • Acoustic: More heat requires more cold air • Inaccurate timing due to near-far effects Limited distance • Easy to degrade by injecting additional noise • References M. A. Islam, S. Ren , and A. Wierman, “Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers,” ACM Conference on • Computer and Communications Security ( CCS ), 2017. M. A. Islam, L. Yang, K. Ranganath, and S. Ren , “Why Some Like It Loud: Timing Power Attacks in Multi-tenant Data Centers Using an Acoustic Side • Channel,” ACM International Conference on Measurement and Modeling of Computer Systems ( SIGMETRICS ), 2018.

  23. A voltage side channel due to Ohm’s Law 11

  24. Ohm’s Law 𝐉 𝐖 = 𝐉 ⋅ 𝑺 𝐖 𝟐 𝐖 𝟑 𝐒 12

  25. Ohm’s Law 𝐉 𝐖 𝟐 − 𝐖 𝟑 = 𝐉 ⋅ 𝑺 𝐖 𝟐 𝐖 𝟑 𝐒 12

  26. Ohm’s Law 𝐉 𝐖 𝟑 = 𝐖 𝟐 − 𝐉 ⋅ 𝑺 𝐖 𝟐 𝐖 𝟑 𝐒 The voltage at the other end depends on the current 12

  27. Ohm’s Law in data centers Server PDU UPS 𝑺 𝑺 𝒃 Attacker 13

  28. Ohm’s Law in data centers Line resistance Server PDU UPS 𝑺 𝑺 𝒃 Attacker 13

  29. Ohm’s Law in data centers Server PDU 𝑱 𝟐 𝑱 𝟑 𝑱 = ∑𝑱 𝒐 UPS 𝑺 𝑺 𝒃 𝑱 𝒃 Attacker 13

  30. Ohm’s Law in data centers Server PDU 𝑱 𝟐 𝑱 𝟑 𝑱 = ∑𝑱 𝒐 UPS 𝑺 𝑺 𝒃 𝑱 𝒃 Attacker Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑸𝑬𝑽 − 𝑱 𝒃 𝑺 𝒃 13

  31. Ohm’s Law in data centers Server PDU 𝑱 𝟐 𝑱 𝟑 𝑱 = ∑𝑱 𝒐 UPS 𝑺 𝑺 𝒃 𝑱 𝒃 Attacker Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑸𝑬𝑽 − 𝑱 𝒃 𝑺 𝒃 = 𝑾 𝑽𝑸𝑻 − ∑𝑱 𝒐 𝑺 − 𝑱 𝒃 𝑺 𝒃 Power load is included in 𝑾 𝒃 Own impact 13

  32. A voltage side channel Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑽𝑸𝑻 − ∑𝑱 𝒐 𝑺 − 𝑱 𝒃 𝑺 𝒃 14

  33. A voltage side channel 𝚬𝐖 based attack: Low voltage  High current/load  Attack opportunity? Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑽𝑸𝑻 − ∑𝑱 𝒐 𝑺 − 𝑱 𝒃 𝑺 𝒃 14

  34. A voltage side channel 𝚬𝐖 based attack: Low voltage  High current/load  Attack opportunity? Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑽𝑸𝑻 − ∑𝑱 𝒐 𝑺 − 𝑱 𝒃 𝑺 𝒃 Large random variation from power grid 14

  35. A voltage side channel 𝚬𝐖 based attack: Low voltage  High current/load  Attack opportunity? Attacker’s voltage 𝑾 𝒃 = 𝑾 𝑽𝑸𝑻 − ∑𝑱 𝒐 𝑺 − 𝑱 𝒃 𝑺 𝒃 Large random variation from power grid • Grid variation = ~3V • Voltage drop variation = ~10mV 14

  36. A voltage side channel How to extract power load information from voltage signals? 14

  37. A closer look at server’s power supply Power Factor Correction (PFC) 15

  38. A closer look at server’s power supply Power Factor Correction (PFC) Without PFC Current draw is bursty 15

  39. A closer look at server’s power supply Power Factor Correction (PFC) Without PFC With PFC Current draw is bursty Current follows a sinewave 15 with high-frequency ripples

  40. The ripples come from the PFC control Inductor Diode MOSFET Input voltage sample PWM Output Control voltage sample Rectifier Power Factor Correction (PFC) 16

  41. The ripples come from the PFC control Inductor Diode MOSFET Input voltage sample PWM Output Control voltage sample Rectifier Power Factor Correction (PFC) Reference Current 16

  42. The ripples come from the PFC control Inductor Diode MOSFET Input voltage sample PWM Output Control voltage sample Rectifier Power Factor Correction (PFC) Reference Actual Current Current 16

  43. The ripples come from the PFC control Inductor Diode MOSFET Input voltage sample PWM Output Control voltage sample Rectifier Power Factor Correction (PFC) Reference Actual Current Current 𝑼 𝒑𝒈𝒈 𝑼 𝒑𝒈𝒈 𝑼 𝒑𝒐 𝑼 𝒑𝒐 𝑼 𝑼 16

  44. The ripples come from the PFC control Inductor Diode MOSFET Input voltage sample PWM Output Control voltage sample Rectifier Power Factor Correction (PFC) Reference Actual Current Current 𝑼 𝒑𝒈𝒈 𝑼 𝒑𝒈𝒈 𝑼 𝒑𝒐 𝑼 𝒑𝒐 𝑼 𝑼 16

  45. Voltage measurement of a Dell server 17

  46. Voltage measurement of a Dell server High-frequency ripples caused by PFC 17

  47. Voltage measurement of a Dell server High-frequency ripples caused by PFC Frequency analysis of the voltage signal 17

  48. Voltage measurement of a Dell server High-frequency ripples caused by PFC Frequency spike Frequency (at PFC switching analysis of the frequency) voltage signal 17

  49. Can we estimate the power load based on frequency spikes? 18

  50. Can we estimate the power load based on frequency spikes? Our intuition says “yes” ! Given a higher current, the ripples need to rise up more during each cycle. 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Case for Fine Grained Traffic Engineering in Data Centers Engineering in Data Centers

A Case for Fine Grained Traffic Engineering in Data Centers Engineering in Data Centers

A Case for Fine Grained Traffic Engineering in Data Centers Engineering in Data Centers Theophilus Benson *, Ashok Anand*, Aditya Akella*, Ming Zhang + *University of Wisconsin, Madison + Microsoft Research Why are Data Centers Important?

531 views • 19 slides
Data Centers and Cloud Computing Data Centers Virtualization Cloud Computing

Data Centers and Cloud Computing Data Centers Virtualization Cloud Computing

Data Centers and Cloud Computing Data Centers Virtualization Cloud Computing Computer Science Computer Science Lecture 24, page 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data

700 views • 14 slides
Algorithms for Right-Sizing Data Centers Susanne Albers TU Munich Data centers Electricity

Algorithms for Right-Sizing Data Centers Susanne Albers TU Munich Data centers Electricity

Algorithms for Right-Sizing Data Centers Susanne Albers TU Munich Data centers Electricity costs Dominant, rapidly growing expense 1828% of budget invested into energy 1.8% of total electricity worldwide (90 million households) Server

276 views • 16 slides
Quincy Data Centers The Data Center Conversation When did this data center thing

Quincy Data Centers The Data Center Conversation When did this data center thing

Quincy Data Centers The Data Center Conversation When did this data center thing start? Data center activity in Quincy Current Data Centers: began with interest from Microsoft and Yahoo! in 2005. First contact with Grant EDC, site

611 views • 13 slides
Data Centers with with Data Centers wi with th V-Class Chillers The V-Class Chiller Data Centers

Data Centers with with Data Centers wi with th V-Class Chillers The V-Class Chiller Data Centers

Data Centers wi with th V-Class Chillers Data Centers with with Data Centers wi with th V-Class Chillers The V-Class Chiller Data Centers wi with th V-Class Chillers Product Range Water Cooled Chillers G Class Water 1 to 6 Centrifugal TG

451 views • 25 slides
RDMA in Data Centers: Looking Back and Looking Forward Chuanxiong Guo Microsoft Research ACM

RDMA in Data Centers: Looking Back and Looking Forward Chuanxiong Guo Microsoft Research ACM

RDMA in Data Centers: Looking Back and Looking Forward Chuanxiong Guo Microsoft Research ACM SIGCOMM APNet 2017 August 3 2017 The Rising of Cloud Computing 40 AZURE REGIONS Data Centers Data Centers Data center networks (DCN) Cloud

465 views • 44 slides
Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana &

Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana &

Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana & Myungjin Lee School of Informatics University of Edinburgh MSN14 - Cosener's House, Abingdon 1 Network Measurement in Data Centers Data

574 views • 25 slides
Data centers & energy: Did w id we ge get it t it backwards ds? Adam Wierman, Caltech The

Data centers & energy: Did w id we ge get it t it backwards ds? Adam Wierman, Caltech The

Data centers & energy: Did w id we ge get it t it backwards ds? Adam Wierman, Caltech The typical story about energy & data centers: The typical story about energy & data centers: Su Sust stainab able d dat ata a centers

689 views • 32 slides
Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data

Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data

Data Centers & Co-designed Distributed Systems A Data Center Inside a Data Center Data center 10k - 100k servers: 250k 10M cores 1-100PB of DRAM 100PB - 10EB storage 1- 10 Pbps bandwidth (>> Internet) 10-100MW power - 1-2% of

911 views • 54 slides
Tarek Abdelzaher University of Illinois at Urbana Champaign Energy in Data Centers Data

Tarek Abdelzaher University of Illinois at Urbana Champaign Energy in Data Centers Data

Energy Management and Adaptive Behavior Tarek Abdelzaher University of Illinois at Urbana Champaign Energy in Data Centers Data centers account for 1.5% of total energy consumption in the US (Equivalent to 5% of all US housing) According

457 views • 28 slides
Robotic Mapping and Monitoring of Data Centers Chris Mansley, Jonathan Connell, Canturk Isci,

Robotic Mapping and Monitoring of Data Centers Chris Mansley, Jonathan Connell, Canturk Isci,

Robotic Mapping and Monitoring of Data Centers Chris Mansley, Jonathan Connell, Canturk Isci, Jonathan Lenchner, Jeffrey Kephart, Suzanne McIntosh, Michael Schappert Data Center Motivation Data centers (DCs) worldwide emit the equivalent

279 views • 15 slides
Data Centre Offerings Nxtra Data Introduction Nxtra data centers State-of-the-Art Strategically

Data Centre Offerings Nxtra Data Introduction Nxtra data centers State-of-the-Art Strategically

Nx tras Data Centre Offerings Nxtra Data Introduction Nxtra data centers State-of-the-Art Strategically Managed 150+ Enterprise Integrated Level 3/3+ located across Services customers portfolio of Data seismic zones across industry

936 views • 42 slides
KEY DATA CENTERS IN BEIJING,SHANGHAI & GUANGDONG WHY CHINA TELECOM? China Telecom has

KEY DATA CENTERS IN BEIJING,SHANGHAI & GUANGDONG WHY CHINA TELECOM? China Telecom has

CHINA TELECOM KEY DATA CENTERS IN BEIJING,SHANGHAI & GUANGDONG WHY CHINA TELECOM? China Telecom has hundreds of Internet Data Centers (IDCs) Fully redundant power, cooling, security and network worldwide, with the highest concentration

775 views • 18 slides
Monitoring Kit for Data Centers Rod Mahdavi, P.E. LEED AP Lawrence Berkeley National Laboratory

Monitoring Kit for Data Centers Rod Mahdavi, P.E. LEED AP Lawrence Berkeley National Laboratory

Monitoring Kit for Data Centers Rod Mahdavi, P.E. LEED AP Lawrence Berkeley National Laboratory September 2014 Learning Objectives Why is energy use in Data Centers targeted? How can energy use be optimized? What is the role of

488 views • 35 slides
Data Center Specifications Presentation Data centers must standardize their systems and have

Data Center Specifications Presentation Data centers must standardize their systems and have

Data Center Specifications Presentation Data centers must standardize their systems and have accurate Milliken said in his presentation at the recent Data Center World conference in Las Vegas. Is the design able to meet minimum rack inlet

398 views • 4 slides
Use of monitoring tools (cosmetovigilance, epidemiology data, etc.) and data centers / expert

Use of monitoring tools (cosmetovigilance, epidemiology data, etc.) and data centers / expert

CA surveillance networks Use of monitoring tools (cosmetovigilance, epidemiology data, etc.) and data centers / expert networks (ESSCA, IVDK, etc.) to characterize fragrance allergens Wolfgang Uter Department of Medical Informatics,

307 views • 26 slides
SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1 , Jelena Mirkovic 1 , Minlan Yu 2 and

SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1 , Jelena Mirkovic 1 , Minlan Yu 2 and

SENSS Against Volumetric DDoS Attacks Sivaram Ramanathan 1 , Jelena Mirkovic 1 , Minlan Yu 2 and Ying Zhang 3 1 University of Southern California/Information Sciences Institute 2 Harvard University 3 Facebook 1 DDoS attacks Volumetric DDoS

604 views • 56 slides
A First Joint Look at DoS Attacks and BGP Blackholing in the Wild Mattijs Jonker Aiko Pras

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild Mattijs Jonker Aiko Pras

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild Mattijs Jonker Aiko Pras (UTwente) Alberto Dainotti (CAIDA / UC San Diego) Anna Sperotto (UTwente) Denial-of-Service attacks A conceptually simple, yet effective class of

750 views • 33 slides
CSCI 4250/6250 Fall 2013 Computer and Networks Security Web Security Goodrich, Chapter 7

CSCI 4250/6250 Fall 2013 Computer and Networks Security Web Security Goodrich, Chapter 7

CSCI 4250/6250 Fall 2013 Computer and Networks Security Web Security Goodrich, Chapter 7 The Web Application Hackers Handbook, 2/e WWW Evolution Past vs. Future In the past web was made of static pages Today, highly

1.09k views • 63 slides
Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh

Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh

Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh Govindan, Madanlal Musuvathi Manipulation Attacks Adversaries induce victim into undesirable behavior by lying in their messages Exploit partial

216 views • 19 slides
Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical

Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical

Securing your database servers from external attacks Alkin Tezuysal (Sr. Technical Manager,Percona) David Busby (Information Security Architect, Percona) Who we are? David Busby (@icleus) Alkin Tezuysal ( @ask_dba ) Technical

429 views • 30 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
LINUX / C++ PROTECTION FEATURES CS4414 Lecture 26 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR

LINUX / C++ PROTECTION FEATURES CS4414 Lecture 26 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR

Professor Ken Birman LINUX / C++ PROTECTION FEATURES CS4414 Lecture 26 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR TODAY Firewalls Memory Protection Type Checking as a Protection Tool VMs and Containers Intel SGX Security CORNELL CS4414 -

595 views • 43 slides
It was requested by people from all over the world and shared its knowledge. Bu But t th the

It was requested by people from all over the world and shared its knowledge. Bu But t th the

HE DATA KRAKEN is an ancient oracle of wisdom and knowledge. It was requested by people from all over the world and shared its knowledge. Bu But t th the e or orac acle le became hungry for information

997 views • 42 slides

More recommend