Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker who knows a non-secret "skeleton" (the physical structure, but not the contents) of the victim's design to (1) extract proprietary details from an encrypted FPGA design image available on the AWS marketplace and (2) recover data loaded at runtime by a previous user of a cloud FPGA using a known design. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.
翻译:云FPGAs在计算效能、能源效率和成本之间取得了迷人的平衡。正是FPGA架构的灵活性使得这些好处成为可能,但这种灵活性也暴露了新的安全漏洞。我们展示了远程攻击者如何可以恢复“FPGA变形画”——长期移除的云FPGA的先前用户的保密数据。构成FPGA反复录制的敏感数据是来自基础晶体管的温度漂移偏差效应的模拟印记。当攻击者将TDC(时间-数字转换器)编程到目标云FPGA时,我们展示了如何使用这种轻微的退化来进行测量。该技术允许攻击者确定之前在云FPGAs上安全的信息,即使它已经不再明确存在。值得注意的是,它可以让一个知道受害者设计的非保密“骨架”(物理结构,但不包括内容)的攻击者从AWS市场上提供的加密FPGA设计映像中提取专有细节,并恢复先前云FPGA用户在运行时加载的数据。我们的实验表明,BTI退化(烧入)和恢复是可测量的并构成商业云FPGA的安全威胁。
相关内容
微信扫码咨询专知VIP会员