Fault Attacks on FPGAs - IAIK
Transcript of Fault Attacks on FPGAs - IAIK
SC IENCEPASS ION
TECHNOLOGY
Fault Attacks on FPGAs
Clemens Binder, Helmut Hammer
11.11.2020
> www.iaik.tugraz.at
1 About Fault Attacks
2 Examples
FPGAhammer
Hardware Trojan Insertion
Voltage-based Fault Attack
3 Countermeasures
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
2
About Fault Attacks
1 About Fault Attacks
2 Examples
3 Countermeasures
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
3
About Fault Attacks
Basics
Passive attacks → Differential Power Analysis (DPA)
Active attacks → Differential Fault Attacks (DFA)
Attack cryptographic implementations
Learn intermediate values
Recover key
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
4
About Fault Attacks
Basics
How can faults be inducted?
lasers
glitches (Voltage, Clock, IO,...)
temperature variations
...
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
5
About Fault Attacks
Basics
Effects of faults?
Bit-flips
Stuck-at-zero
Skip instructions
Change data
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
6
About Fault Attacks
Types of fault attacks:
Statistical fault attacks (SFA),
observe distribution of output values
Ineffective fault attacks (IFA), learn
intermediate values of correct
computations
Statistical ineffective fault attacks
(SIFA), ”basically” a combination of
SFA and IFA SIFA [Pri18]
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
7
About Fault Attacks
Statistical fault attacks
Produce plaintext-ciphertext pairs
Check statistical distribution (intermediate or output values)
Is distribution biased or not?
Guess correct key using e.g. Squared Euclidean Imbalance (SEI)
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
8
About Fault Attacks
Types of gates
Linear gates:
XOR
Probability 0 → 50%
Probability 1 → 50%
Non-linear gates:
AND, (OR)
Probability 0 → 75% (25%)
Probability 1 → 25% (75%)Clemens Binder, Helmut Hammer, IAIK
11.11.2020
9
About Fault Attacks
Ineffective fault attacks
Inject a fault
Collect only correct PT-CT pairs
Injected fault has no effect
Learn intermediate value based on this assumption
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
10
About Fault Attacks
Fault Attacks on FPGAs
Two major categories:
Logical fault attacks
Target the logic of the implementation itself
Depends mostly on implementation, rather than the platform
Physical fault attacks
Exploit (physical) characteristics of the platform itself
Depends mostly on the platform, not the implementation
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
11
About Fault Attacks
FPGAs - Attack Vectors
Increased use of FPGAs to accelerate certain computing tasks
FPGAs shared in data centers, even cloud environments
Run both trusted and untrusted logic on the same FPGA
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
12
About Fault Attacks
FPGAs - Attack methods
Voltage fault attacks
Bitstream injection
Bitstream fault attacks
Side-channel measurements (external or internal)
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
13
Examples
1 About Fault Attacks
2 Examples
3 Countermeasures
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
14
Examples
FPGAhammer
Concept is similar to Rowhammer
Physical Voltage Fault Attack
Presented in 2018[KGT18]
Denial-of-Service, Differential Fault Analysis
Intended on shared/remote FPGAs
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
15
Examples
FPGAhammer
Utilizes characteristics of the FPGAs Power Distribution Networks (PDNs)
Affect supply voltage through a repetitive pattern
Precise enough to allow injection of timing faults
Example: Target a specific round during AES encrytion
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
16
Examples
Hardware Trojan Insertion
Presented in 2013[CSPN13]
Trojan is inserted by directly manipulating the bitstream while it is loaded by
the FPGA
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
19
Examples
Hardware Trojan Insertion - Challenges
Bitstream structure is proprietary
Bitstream frames are protected by 16bit CRCs
Bitstream might be encrypted
Trojan has to be placed in unused section of the FPGA
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
20
Examples
Hardware Trojan Insertion - Example orientations
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
21
Examples
Voltage-based Fault Attack: Overview
Proposed in 2017 [GOT17]
Physical attack
Denial-of-Service
Requires at least partial access to FPGA (remote or direct)
Potentially even destroys older generation FPGAs (overheating)
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
23
Examples
Voltage-based Fault Attack: Concept
Synthesize a number of Ring Oscillators (ROs)
ROs are toggled as fast as possible
Triggers fluctuations in supply voltage
... which in turn triggers timing faults, loss in SRAM retention, temperature
fluchtuation, crashes
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
24
Countermeasures
1 About Fault Attacks
2 Examples
3 Countermeasures
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
26
Countermeasures
General Countermeasures:
Self-destruction, radical approach
Correction, mitigate fault propagation
Redundancy
Limit data complexity
Masking...
Redundancy [Pri18]
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
27
Countermeasures
General Countermeasures: Masking
Designed for DPA, works also for DFA
Separate sensitive (native) data from processed data
Native data split into randomized shares (XOR with random value)
Process shares separately
Learning a single share is useless
Attention in non-linear operations → SIFA
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
28
Countermeasures
Countermeasures on FPGAs: Logical attacks
Xilinx Isolation Design Flow allows logical separation of trusted and untrusted
designs on single FPGA
Utilize state of the art mitigation strategies
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
29
Countermeasures
Countermeasures on FPGAs: Physical attacks
Fill FPGA fabric with dummy designs
Over/under-voltage detection as a safeguard
Temperature measurements
Disable unused external ports
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
30
Literature
References I
Christophe Clavier, Secret external encodings do not prevent transient fault
analysis, Cryptographic Hardware and Embedded Systems - CHES 2007 (Berlin,
Heidelberg) (Pascal Paillier and Ingrid Verbauwhede, eds.), Springer Berlin
Heidelberg, 2007, pp. 181–194.
R. S. Chakraborty, I. Saha, A. Palchaudhuri, and G. K. Naik, Hardware trojan
insertion by direct modification of fpga configuration bitstream, IEEE Design &
Test 30 (2013), no. 2, 45–54.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
31
Literature
References II
Daemen et al., Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes
Gross, Florian Mendel, and Robert Primas, Protecting against statistical
ineffective fault attacks: 508-543 pages / iacr transactions on cryptographic
hardware and embedded systems, volume 2020, issue 3 / iacr transactions on
cryptographic hardware and embedded systems, volume 2020, issue 3.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
32
Literature
References III
Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian
Mendel, and Robert Primas, Sifa: Exploiting ineffective fault inductions on
symmetric cryptography, Cryptology ePrint Archive, Report 2018/071, 2018,
https://eprint.iacr.org/2018/071.
Dennis R. E. Gnad, Fabian Oboril, and Mehdi B. Tahoori, Voltage drop-based
fault attacks on fpgas using valid bitstreams, 2017 27th International
Conference on Field Programmable Logic and Applications (FPL), IEEE,
04.09.2017 - 08.09.2017, pp. 1–7.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
33
Literature
References IV
Eliane Jaulmes, thomas fuhr, Victor Lomne, and Adrian Thillard, Fault attacks
on aes with faulty ciphertexts only, 08 2013.
Jonas Krautter, Dennis R. E. Gnad, and Mehdi B. Tahoori, Fpgahammer:
Remote voltage fault attacks on shared fpgas, suitable for dfa on aes: 44-68
pages / iacr transactions on cryptographic hardware and embedded systems,
volume 2018, issue 3 / iacr transactions on cryptographic hardware and
embedded systems, volume 2018, issue 3.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
34
Literature
References V
Chong Hee Kim and Jean-Jacques Quisquater, Faults, injection methods, and
fault attacks, IEEE Design & Test of Computers 24 (2007), no. 6, 544–545.
Amir Moradi, Alessandro Barenghi, Timo Kasper, and Christof Paar, On the
vulnerability of fpga bitstream encryption against power analysis attacks,
Proceedings of the 18th ACM conference on Computer and communications
security (New York, NY) (Yan Chen, ed.), ACM, 2011, p. 111.
Robert Primas, Asiacrypt 2018, Presentation, AsiaCrypt 2018, 2018.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
35
Literature
References VI
Pawel Swierczynski, Georg T. Becker, Amir Moradi, and Christof Paar,
Bitstream fault injections (bifi)–automated fault attacks against sram-based
fpgas, IEEE Transactions on Computers 67 (2018), no. 3, 348–360.
Laurent Sauvage, Sylvain Guilley, and Yves Mathieu, Electromagnetic radiations
of fpgas, ACM Transactions on Reconfigurable Technology and Systems 2
(2009), no. 1, 1–24.
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
36
Literature
References VII
Colin D. Walter, Cetin K. Koc, and Christof Paar, Cryptographic hardware and
embedded system, ches 2003: 5th international workshop, cologne, germany,
september 8-10, 2003 proceedings, Lecture Notes in Computer Science, vol.
2779, Springer-Verlag, Berlin and New York, 2003.
Xilinx wp412 the xilinx isolation design flow for fault-tolerant systems, white
paper, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.
646.4636&rep=rep1&type=pdf, (Accessed on 7.11.2020).
Clemens Binder, Helmut Hammer, IAIK
11.11.2020
37