SHIELD: An Adaptive and Lightweight Defense against the Remote Power Side-Channel Attacks on Multi-tenant FPGAs

by   Mahya Morid Ahmadi, et al.

Dynamic partial reconfiguration enables multi-tenancy in cloud-based FPGAs, which presents security challenges for tenants, IPs, and data. Malicious users can exploit FPGAs for remote side-channel attacks (SCAs), and shared on-chip resources can be used for attacks. Logical separation can ensure design integrity, but on-chip resources can still be exploited. Conventional SCA mitigation can help, but it requires significant effort, and bitstream checking techniques are not highly accurate. An active on-chip defense mechanism is needed for tenant confidentiality. Toward this, we propose a lightweight shielding technique utilizing ring oscillators (ROs) to protect applications against remote power SCA. Unlike existing RO-based approaches, in our methodology, an offline pre-processing stage is proposed to carefully configure power monitors and an obfuscating circuit concerning the resource constraints of the board. Detection of power fluctuations due to application execution enables the obfuscating circuit to flatten the power consumption trace. To evaluate the effectiveness of the proposed SHIELD, we implemented it on a Xilinx Zynq-7000 FPGA board executing an RSA encryption algorithm. Due to the SHIELD, the number of traces required to extract the encryption key is increased by 166x, making an attack extremely hard at run-time. Note that the proposed SHIELD does not require any modification in the target application. Our methodology also shows up to 54 area overhead than the state-of-the-art random noise-addition-based defense.


page 1

page 3

page 4

page 5

page 7

page 8

page 9

page 10


Power-Based Side-Channel Attack for AES Key Extraction on the ATMega328 Microcontroller

We demonstrate the extraction of an AES secret key from flash memory on ...

Programmable RO (PRO): A Multipurpose Countermeasure against Side-channel and Fault Injection Attack

Side-channel and fault injection attacks reveal secret information by mo...

Securing Cloud FPGAs Against Power Side-Channel Attacks: A Case Study on Iterative AES

The various benefits of multi-tenanting, such as higher device utilizati...

FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation

We propose FPGA-Patch, the first-of-its-kind defense that leverages auto...

MacLeR: Machine Learning-based Run-Time Hardware Trojan Detection in Resource-Constrained IoT Edge Devices

Traditional learning-based approaches for run-time Hardware Trojan detec...

A Ring Router Microarchitecture for NoCs

Network-on-Chip (NoC) has become a popular choice for connecting a large...

Island-based Random Dynamic Voltage Scaling vs ML-Enhanced Power Side-Channel Attacks

In this paper, we describe and analyze an island-based random dynamic vo...

Please sign up or login with your details

Forgot password? Click here to reset