Information leakage poses a major security threat in reconfigurable systems. Information is leaked via side-channels, which expose information through the implementation of a system rather than the algorithm itself. Reconfigurable systems are particularly vulnerable to side-channels because they allow users to fundamentally change the hardware in ways that is not allowed in other systems.
Consider the following scenarios that can occur in reconfigurable cloud hardware:
- A deceitful tenant can build a sensor on a reconfigurable device and measure minute changes in the power distribution network to learn secrets of other co-tenants.
- A malicious tenant in a multi-tenant environment can build a circuit that causes a power fault during a cryptographic operation to reveal secret data.
- An unscrupulous user could rent a reconfigurable device and learn information about previous tenants, such as their applications, intellectual property, or cryptographic keys.
- A conniving user could use a reconfigurable device to measure the datacenter environment and learn trade secrets about the datacenter architecture.
All of these scenarios are situations that violate the security and confidentiality promised by cloud service providers, but are not weaknesses of an algorithm or computation. Some of these scenarios put the security of datacenter infrastructure at risk.
In this work we aim to understand how we can make reconfigurable computing devices more secure and prevent future attacks.
Tune In, Turn Up
In this project we have developed a novel Tunable Dual-Edged Time-to-Digital Converter (TDC) โ a voltage fluctuation sensor with two unique elements: first, it has the ability to tune the sample duration, phase, and frequency to more effectively extract information about a co-located computation; second, it captures both rising and falling transitions which provides unique information about the target computation.
The attack scenario for the sensor is shown below. (1) An attacker is given access to a remote multi-tenant FPGA and programs it with a fluctuation sensor. (2) The attacker collects sensor readings and (3) tunes the sensor to optimize the data gathered about other co-tenants.
Our next step in this project is to develop methods for defending against these types of attacks.