-
Pentimento: Data Remanence in Cloud FPGAs
Authors:
Colin Drewes,
Olivia Weng,
Andres Meza,
Alric Althoff,
David Kohlbrenner,
Ryan Kastner,
Dustin Richmond
Abstract:
Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive dat…
▽ More
Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA.
This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker who knows a non-secret "skeleton" (the physical structure, but not the contents) of the victim's design to (1) extract proprietary details from an encrypted FPGA design image available on the AWS marketplace and (2) recover data loaded at runtime by a previous user of a cloud FPGA using a known design. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.
△ Less
Submitted 31 March, 2023;
originally announced March 2023.
-
A Unified Model for Gate Level Propagation Analysis
Authors:
Jeremy Blackstone,
Wei Hu,
Alric Althoff,
Armaiti Ardeshiricham,
Lu Zhang,
Ryan Kastner
Abstract:
Classic hardware verification techniques (e.g., X-propagation and fault-propagation) and more recent hardware security verification techniques based on information flow tracking (IFT) aim to understand how information passes, affects, and otherwise modifies a circuit. These techniques all have separate usage scenarios, but when dissected into their core functionality, they relate in a fundamental…
▽ More
Classic hardware verification techniques (e.g., X-propagation and fault-propagation) and more recent hardware security verification techniques based on information flow tracking (IFT) aim to understand how information passes, affects, and otherwise modifies a circuit. These techniques all have separate usage scenarios, but when dissected into their core functionality, they relate in a fundamental manner. In this paper, we develop a common framework for gate level propagation analysis. We use our model to generate synthesizable propagation logic to use in standard EDA tools. To justify our model, we prove that Precise Hardware IFT is equivalent to gate level X-propagation and imprecise fault propagation. We also show that the difference between Precise Hardware IFT and fault propagation is not significant for 74X-series and '85 ISCAS benchmarks with more than 313 gates and the difference between imprecise hardware IFT and Precise Hardware IFT is almost always significant regardless of size.
△ Less
Submitted 7 December, 2020;
originally announced December 2020.
-
Benchmarking at the Frontier of Hardware Security: Lessons from Logic Locking
Authors:
Benjamin Tan,
Ramesh Karri,
Nimisha Limaye,
Abhrajit Sengupta,
Ozgur Sinanoglu,
Md Moshiur Rahman,
Swarup Bhunia,
Danielle Duvalsaint,
R. D.,
Blanton,
Amin Rezaei,
Yuanqi Shen,
Hai Zhou,
Leon Li,
Alex Orailoglu,
Zhaokun Han,
Austin Benedetti,
Luciano Brignone,
Muhammad Yasin,
Jeyavijayan Rajendran,
Michael Zuzak,
Ankur Srivastava,
Ujjwal Guin,
Chandan Karfa,
Kanad Basu
, et al. (11 additional authors not shown)
Abstract:
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted…
▽ More
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted entities across the design flow. Logic locking is one technique that promises protection from the gamut of threats in IC manufacturing. In this work, we perform a critical review of logic locking techniques in the literature, and expose several shortcomings. Taking inspiration from other cybersecurity competitions, we devise a community-led benchmarking exercise to address the evaluation deficiencies. In reflecting on this process, we shed new light on deficiencies in evaluation of logic locking and reveal important future directions. The lessons learned can guide future endeavors in other areas of hardware security.
△ Less
Submitted 11 June, 2020;
originally announced June 2020.