Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers

Islam, Mohammad A.; Ren, Shaolei; Wierman, Adam

doi:10.1145/3133956.3133994

Cited by 49 publications

(12 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, thermal information can also be used as a proxy estimate for power consumption in data centers. This information can alert potential adversaries to opportune moments to attack the availability of servers, either by exceeding the power capacity [21], or by more generally degrading performance [7]. Although these attacks require privileged thermal sensors, FPGA ROs could also be used for similar purposes, complementing our work in this paper.…”

Section: B Power and Temperature Covert Channelsmentioning

confidence: 90%

See 1 more Smart Citation

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Giechaskiel

Rasmussen

Szefer

2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Field-Programmable Gate Arrays (FPGAs) are versatile, reconfigurable integrated circuits that can be used as hardware accelerators to process highly-sensitive data. Leaking this data and associated cryptographic keys, however, can undermine a system's security. To prevent potentially unintentional interactions that could break separation of privilege between different data center tenants, FPGAs in cloud environments are currently dedicated on a per-user basis. Nevertheless, while the FPGAs themselves are not shared among different users, other parts of the data center infrastructure are. This paper specifically shows for the first time that powering FPGAs, CPUs, and GPUs through the same power supply unit (PSU) can be exploited in FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covert channels between independent boards. These covert channels can operate remotely, without the need for physical access to, or modifications of, the boards. To demonstrate the attacks, this paper uses a novel combination of "sensing" and "stressing" ring oscillators as receivers on the sink FPGA. Further, ring oscillators are used as transmitters on the source FPGA. The transmitting and receiving circuits are used to determine the presence of the leakage on off-the-shelf Xilinx boards containing Artix 7 and Kintex 7 FPGA chips. Experiments are conducted with PSUs by two vendors, as well as CPUs and GPUs of different generations. Moreover, different sizes and types of ring oscillators are also tested. In addition, this work discusses potential countermeasures to mitigate the impact of the cross-board leakage. The results of this paper highlight the dangers of shared power supply units in local and cloud FPGAs, and therefore a fundamental need to rethink FPGA security for shared infrastructures.

show abstract

Section: B Power and Temperature Covert Channelsmentioning

confidence: 90%

“…These differences are summarized in Table VI. Moreover, we return to the default measurement period of 2 t = 2 21 cycles for the Kintex 7 boards, and increase the number of measurements for all boards to 1,500, reducing bandwidth by a factor of 3×. These parameters and the corresponding results are summarized in Table VII.…”

Section: B Gpu Transmissionsmentioning

confidence: 99%

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Giechaskiel

Rasmussen

Szefer

2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Thus, we consider denial-of-service (where the normal world refuses to switch to the secure world) out of scope. Lastly, we consider the following two classes of attacks out of scope as they require specialized solutions-(i) covert or side-channel attacks [6,7,28,30,67] and (ii) physical attacks such as "shoulder surfing" [5] where an attacker peeks at the screen of a user in order to compromise images displayed by the screen.…”

Section: Threat Modelmentioning

confidence: 99%

Rushmore

Park

Kim

Sidhwani

et al. 2021

Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

We present Rushmore, a system that securely displays static or animated images using TrustZone. The core functionality of Rushmore is to securely decrypt and display encrypted images (sent by a trusted party) on a mobile device. Although previous approaches have shown that it is possible to securely display encrypted images using TrustZone, they exhibit a critical limitation that significantly hampers the applicability of using TrustZone for display security. The limitation is that, when the trusted domain of TrustZone (the secure world) takes control of the display, the untrusted domain (the normal world) cannot display anything simultaneously. This limitation comes from the fact that previous approaches give the secure world exclusive access to the display hardware to preserve security. With Rushmore, we overcome this limitation by leveraging a well-known, yet overlooked hardware feature called an IPU (Image Processing Unit) that provides multiple display channels. By partitioning these channels across the normal world and the secure world, we enable the two worlds to simultaneously display pixels on the screen without sacrificing security. Furthermore, we show that with the right type of cryptographic method, we can decrypt and display encrypted animated images at 30 FPS or higher for mediumto-small images and at around 30 FPS for large images. One notable cryptographic method we adapt for Rushmore is visual cryptography, and we demonstrate that it is a light-weight alternative to other cryptographic methods for certain use cases. Our evaluation shows that in addition to providing usable frame rates, Rushmore incurs less than 5% overhead to the applications running in the normal world. CCS CONCEPTS• Security and privacy → Mobile platform security; Trusted computing.

show abstract

“…For example, there may be a decrease in activity at certain times in the day, allowing the data center to cool, and the DRAM PUF to result in fewer errors. An attacker might use these insights to reason about data center capacity, and launch attacks on server availability [15,19,20].…”

Section: Monitoring Temperature Changesmentioning

confidence: 99%

Fingerprinting Cloud FPGA Infrastructures

Tian

Xiong

Giechaskiel

et al. 2020

Proceedings of the 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays

View full text Add to dashboard Cite

In recent years, multiple public cloud FPGA providers have emerged, increasing interest in FPGA acceleration of cryptographic, bioinformatic, financial, and machine learning algorithms. To help understand the security of the cloud FPGA infrastructures, this paper focuses on a fundamental question of understanding what an adversary can learn about the cloud FPGA infrastructure itself, without attacking it or damaging it. In particular, this work explores how unique features of FPGAs can be exploited to instantiate Physical Unclonable Functions (PUFs) that can distinguish between otherwise-identical FPGA boards. This paper specifically introduces the first method for identifying cloud FPGA instances by extracting a unique and stable FPGA fingerprint based on PUFs measured from the FPGA boards' DRAM modules. Experiments conducted on the Amazon Web Services (AWS) cloud reveal the probability of renting the same physical board more than once. Moreover, the experimental results show that hardware is not shared among f1.2xlarge, f1.4xlarge, and f1.16xlarge instance types. As the approach used does not violate any restrictions currently placed by Amazon, this paper also presents a set of defense mechanisms that can be added to existing countermeasures to mitigate users' attempts to fingerprint cloud FPGA infrastructures. CCS CONCEPTS• Security and privacy → Hardware attacks and countermeasures; • Hardware → Reconfigurable logic and FPGAs;

show abstract

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers

Cited by 49 publications

References 34 publications

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Rushmore

Fingerprinting Cloud FPGA Infrastructures

Contact Info

Product

Resources

About

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers

Cited by 49 publications

References 34 publications

C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Rushmore

Fingerprinting Cloud FPGA Infrastructures

Contact Info

Product

Resources

About

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage