We propose FPGA-Patch, the first-of-its-kind defense that leverages automated program repair concepts to thwart power side-channel attacks on cloud FPGAs. FPGA-Patch generates isofunctional variants of the target hardware by injecting faults and finding transformations that eliminate failure. The obtained variants display different hardware characteristics, ensuring a maximal diversity in power traces once dynamically swapped at run-time. Yet, FPGA-Patch forces the variants to have enough similarity, enabling bitstream compression and minimizing dynamic exchange costs. Considering AES running on AMD/Xilinx FPGA, FPGA-Patch increases the attacker's effort by three orders of magnitude, while preserving the performance of AES and a minimal area overhead of 14.2%.
翻译:我们提出了FPGA-Patch,这是首个利用自动化程序修复概念来防范云FPGA上电力侧信道攻击的防御方法。FPGA-Patch通过注入故障并找到消除故障的转换来生成目标硬件的等效变体。获得的变体显示出不同的硬件特征,确保在运行时动态交换时出现最大可能的功耗轨迹多样性。然而,FPGA-Patch要求这些变体具有足够的相似性,以实现比特流压缩并尽量减少动态交换成本。考虑AES在AMD / Xilinx FPGA上运行,FPGA-Patch使攻击者的工作量增加了三个数量级,同时保持AES的性能和14.2%的最小面积开销。
相关内容
微信扫码咨询专知VIP会员