Fault Attacks on FPGAs - IAIK

SC IENCEPASS ION

TECHNOLOGY

Fault Attacks on FPGAs

Clemens Binder, Helmut Hammer

11.11.2020

> www.iaik.tugraz.at

1 About Fault Attacks

2 Examples

FPGAhammer

Hardware Trojan Insertion

Voltage-based Fault Attack

3 Countermeasures

Clemens Binder, Helmut Hammer, IAIK

11.11.2020

2

About Fault Attacks


2 Examples

3 Countermeasures


11.11.2020

3

About Fault Attacks

Basics

Passive attacks → Differential Power Analysis (DPA)

Active attacks → Differential Fault Attacks (DFA)

Attack cryptographic implementations

Learn intermediate values

Recover key


11.11.2020

4

About Fault Attacks

Basics

How can faults be inducted?

lasers

glitches (Voltage, Clock, IO,...)

temperature variations

...


11.11.2020

5

About Fault Attacks

Basics

Effects of faults?

Bit-flips

Stuck-at-zero

Skip instructions

Change data


11.11.2020

6

About Fault Attacks

Types of fault attacks:

Statistical fault attacks (SFA),

observe distribution of output values

Ineffective fault attacks (IFA), learn

intermediate values of correct

computations

Statistical ineffective fault attacks

(SIFA), ”basically” a combination of

SFA and IFA SIFA [Pri18]


11.11.2020

7

About Fault Attacks

Statistical fault attacks

Produce plaintext-ciphertext pairs

Check statistical distribution (intermediate or output values)

Is distribution biased or not?

Guess correct key using e.g. Squared Euclidean Imbalance (SEI)


11.11.2020

8

About Fault Attacks

Types of gates

Linear gates:

XOR

Probability 0 → 50%

Probability 1 → 50%

Non-linear gates:

AND, (OR)

Probability 0 → 75% (25%)

Probability 1 → 25% (75%)Clemens Binder, Helmut Hammer, IAIK

11.11.2020

9

About Fault Attacks

Ineffective fault attacks

Inject a fault

Collect only correct PT-CT pairs

Injected fault has no effect

Learn intermediate value based on this assumption


11.11.2020

10

About Fault Attacks

Fault Attacks on FPGAs

Two major categories:

Logical fault attacks

Target the logic of the implementation itself

Depends mostly on implementation, rather than the platform

Physical fault attacks

Exploit (physical) characteristics of the platform itself

Depends mostly on the platform, not the implementation


11.11.2020

11

About Fault Attacks

FPGAs - Attack Vectors

Increased use of FPGAs to accelerate certain computing tasks

FPGAs shared in data centers, even cloud environments

Run both trusted and untrusted logic on the same FPGA


11.11.2020

12

About Fault Attacks

FPGAs - Attack methods

Voltage fault attacks

Bitstream injection

Bitstream fault attacks

Side-channel measurements (external or internal)


11.11.2020

13

Examples


2 Examples

3 Countermeasures


11.11.2020

14

Examples

FPGAhammer

Concept is similar to Rowhammer

Physical Voltage Fault Attack

Presented in 2018[KGT18]

Denial-of-Service, Differential Fault Analysis

Intended on shared/remote FPGAs


11.11.2020

15

Examples

FPGAhammer

Utilizes characteristics of the FPGAs Power Distribution Networks (PDNs)

Affect supply voltage through a repetitive pattern

Precise enough to allow injection of timing faults

Example: Target a specific round during AES encrytion


11.11.2020

16

Examples

FPGAhammer - Threat Model


11.11.2020

17

Examples


11.11.2020

18

Examples

Hardware Trojan Insertion

Presented in 2013[CSPN13]

Trojan is inserted by directly manipulating the bitstream while it is loaded by

the FPGA


11.11.2020

19

Examples

Hardware Trojan Insertion - Challenges

Bitstream structure is proprietary

Bitstream frames are protected by 16bit CRCs

Bitstream might be encrypted

Trojan has to be placed in unused section of the FPGA


11.11.2020

20

Examples

Hardware Trojan Insertion - Example orientations


11.11.2020

21

Examples

Hardware Trojan Insertion - Attack


11.11.2020

22

Examples

Voltage-based Fault Attack: Overview

Proposed in 2017 [GOT17]

Physical attack

Denial-of-Service

Requires at least partial access to FPGA (remote or direct)

Potentially even destroys older generation FPGAs (overheating)


11.11.2020

23

Examples

Voltage-based Fault Attack: Concept

Synthesize a number of Ring Oscillators (ROs)

ROs are toggled as fast as possible

Triggers fluctuations in supply voltage

... which in turn triggers timing faults, loss in SRAM retention, temperature

fluchtuation, crashes


11.11.2020

24

Examples

Source: [GOT17]


11.11.2020

25

Countermeasures


2 Examples

3 Countermeasures


11.11.2020

26

Countermeasures

General Countermeasures:

Self-destruction, radical approach

Correction, mitigate fault propagation

Redundancy

Limit data complexity

Masking...

Redundancy [Pri18]


11.11.2020

27

Countermeasures

General Countermeasures: Masking

Designed for DPA, works also for DFA

Separate sensitive (native) data from processed data

Native data split into randomized shares (XOR with random value)

Process shares separately

Learning a single share is useless

Attention in non-linear operations → SIFA


11.11.2020

28

Countermeasures

Countermeasures on FPGAs: Logical attacks

Xilinx Isolation Design Flow allows logical separation of trusted and untrusted

designs on single FPGA

Utilize state of the art mitigation strategies


11.11.2020

29

Countermeasures

Countermeasures on FPGAs: Physical attacks

Fill FPGA fabric with dummy designs

Over/under-voltage detection as a safeguard

Temperature measurements

Disable unused external ports


11.11.2020

30

Literature

References I

Christophe Clavier, Secret external encodings do not prevent transient fault

analysis, Cryptographic Hardware and Embedded Systems - CHES 2007 (Berlin,

Heidelberg) (Pascal Paillier and Ingrid Verbauwhede, eds.), Springer Berlin

Heidelberg, 2007, pp. 181–194.

R. S. Chakraborty, I. Saha, A. Palchaudhuri, and G. K. Naik, Hardware trojan

insertion by direct modification of fpga configuration bitstream, IEEE Design &

Test 30 (2013), no. 2, 45–54.


11.11.2020

31

Literature

References II

Daemen et al., Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes

Gross, Florian Mendel, and Robert Primas, Protecting against statistical

ineffective fault attacks: 508-543 pages / iacr transactions on cryptographic

hardware and embedded systems, volume 2020, issue 3 / iacr transactions on

cryptographic hardware and embedded systems, volume 2020, issue 3.


11.11.2020

32

Literature

References III

Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian

Mendel, and Robert Primas, Sifa: Exploiting ineffective fault inductions on

symmetric cryptography, Cryptology ePrint Archive, Report 2018/071, 2018,

https://eprint.iacr.org/2018/071.

Dennis R. E. Gnad, Fabian Oboril, and Mehdi B. Tahoori, Voltage drop-based

fault attacks on fpgas using valid bitstreams, 2017 27th International

Conference on Field Programmable Logic and Applications (FPL), IEEE,

04.09.2017 - 08.09.2017, pp. 1–7.


11.11.2020

33

https://eprint.iacr.org/2018/071

Literature

References IV

Eliane Jaulmes, thomas fuhr, Victor Lomne, and Adrian Thillard, Fault attacks

on aes with faulty ciphertexts only, 08 2013.

Jonas Krautter, Dennis R. E. Gnad, and Mehdi B. Tahoori, Fpgahammer:

Remote voltage fault attacks on shared fpgas, suitable for dfa on aes: 44-68

pages / iacr transactions on cryptographic hardware and embedded systems,

volume 2018, issue 3 / iacr transactions on cryptographic hardware and

embedded systems, volume 2018, issue 3.


11.11.2020

34

Literature

References V

Chong Hee Kim and Jean-Jacques Quisquater, Faults, injection methods, and

fault attacks, IEEE Design & Test of Computers 24 (2007), no. 6, 544–545.

Amir Moradi, Alessandro Barenghi, Timo Kasper, and Christof Paar, On the

vulnerability of fpga bitstream encryption against power analysis attacks,

Proceedings of the 18th ACM conference on Computer and communications

security (New York, NY) (Yan Chen, ed.), ACM, 2011, p. 111.

Robert Primas, Asiacrypt 2018, Presentation, AsiaCrypt 2018, 2018.


11.11.2020

35

Literature

References VI

Pawel Swierczynski, Georg T. Becker, Amir Moradi, and Christof Paar,

Bitstream fault injections (bifi)–automated fault attacks against sram-based

fpgas, IEEE Transactions on Computers 67 (2018), no. 3, 348–360.

Laurent Sauvage, Sylvain Guilley, and Yves Mathieu, Electromagnetic radiations

of fpgas, ACM Transactions on Reconfigurable Technology and Systems 2

(2009), no. 1, 1–24.


11.11.2020

36

Literature

References VII

Colin D. Walter, Cetin K. Koc, and Christof Paar, Cryptographic hardware and

embedded system, ches 2003: 5th international workshop, cologne, germany,

september 8-10, 2003 proceedings, Lecture Notes in Computer Science, vol.

2779, Springer-Verlag, Berlin and New York, 2003.

Xilinx wp412 the xilinx isolation design flow for fault-tolerant systems, white

paper, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.

646.4636&rep=rep1&type=pdf, (Accessed on 7.11.2020).


11.11.2020

37

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.646.4636&rep=rep1&type=pdf

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.646.4636&rep=rep1&type=pdf

Fault Attacks on FPGAs - IAIK

Documents

Transcript of Fault Attacks on FPGAs - IAIK