Affiliation:
1. University of Oxford, Oxford, United Kingdom
2. Microsoft, Redmond, Washington, United States of America
Abstract
In complex FPGA designs, implementations of algorithms and protocols from third-party sources are common. However, the monolithic nature of FPGAs means that all sub-circuits share common on-chip infrastructure, such as routing resources. This presents an attack vector for all FPGAs that contain designs from multiple vendors, especially for FPGAs used in multi-tenant cloud environments, or integrated into multi-core processors. In this article, we show that “long” routing wires present a new source of information leakage on FPGAs, by influencing the delay of adjacent long wires. We show that the effect is measurable for both static and dynamic signals and that it can be detected using small on-board circuits. We characterize the channel in detail and show that it is measurable even when multiple competing circuits (including multiple long-wire transmitters) are present and can be replicated on different generations and families of Xilinx devices (Virtex 5, Virtex 6, Artix 7, and Spartan 7). We exploit the leakage to create a covert channel with 6kbps of bandwidth and 99.9% accuracy, and a side channel, which can recover signals kept constant for only 1.3sμs, with an accuracy of more than 98.4%. Finally, we propose countermeasures to reduce the impact of this leakage.
1
Publisher
Association for Computing Machinery (ACM)
Cited by
22 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Power and Frequency Intrinsic Channels on gem5;IEEE Transactions on Circuits and Systems I: Regular Papers;2024
2. Emulating Covert Data Transmission on Heterogeneous SoCs;2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST);2023-12-13
3. A Visionary Look at the Security of Reconfigurable Cloud Computing;Proceedings of the IEEE;2023-12
4. On the Malicious Potential of Xilinx’ Internal Configuration Access Port (ICAP);ACM Transactions on Reconfigurable Technology and Systems;2023-11-17
5. LeakyOhm: Secret Bits Extraction using Impedance Analysis;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15