Institutional Repository [SANDBOX]
Technical University of Crete
EN  |  EL

Search

Browse

My Space

Mitigating Side-Channel attacks in the context of Multi-Tenant FPGA usage

Diktopoulos Christos

Full record


URI: http://purl.tuc.gr/dl/dias/ED12156F-C297-4D17-A2B3-C9A7559B1C98
Year 2022
Type of Item Diploma Work
License
Details
Bibliographic Citation Christos Diktopoulos, "Mitigating Side-Channel attacks in the context of Multi-Tenant FPGA usage", Diploma Work, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2022 https://doi.org/10.26233/heallink.tuc.91681
Appears in Collections
Relations with other Items

Summary

The rising use of multi-tenant FPGAs for cloud computing has created security concerns. Previous works have shown that malicious users can implement remotely, i.e., without physical access, voltage fluctuation sensors and mount successful power analysis attacks against cryptographic algorithms that share the same Power Distribution Network (PDN). So far, masking and hiding schemes are the two main mitigation strategies against such attacks. One such work has shown that the use of an Active Fence of Ring Oscillators, with has a similar impact on the PDN as the cryptographic algorithm, if placed between two adversary users, can be an effective hiding countermeasure. Although this countermeasure is presented as platform independent, more recent platforms show different results against remote Side-Channel Attacks (SCAs). This work presents the mapping of an intra-FPGA adversary scenario on two platforms, a ZedBoard and a Xilinx UltraScale+ MPSoC to assess the effectiveness of the Ring Oscillator Active Fence countermeasure. We compare different Active Fence configurations, with a varying number of Ring Oscillators, while using a new, resource efficient, activation method aiming to achieve noise injection hiding. The results show that by using our proposed Active Fence, which exhibits lower area overhead and, subsequently, lower power consumption than the algorithm under attack, the side-channel leakage is reduced to such a degree that the number of traces that need to be collected for a successful attack is more than ten times higher compared to no fence present. Moreover, this work presents quantitative results that FPGA cloud providers, may use to assess the benefits gained through the deployment of Active Fence mechanisms within their platforms prior to offering multi-tenant services.

Available Files

Services

Statistics