FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable - - PowerPoint PPT Presentation

INSTITUTE OF COMPUTER ENGINEERING – CHAIR OF DEPENDABLE NANO COMPUTING

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES

Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori | 10.09.2018

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

www.kit.edu

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Motivation

More resources per FPGA ⇒ Multi-user environments:

Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration

⇒ Multi-tenant FPGAs

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Motivation

More resources per FPGA ⇒ Multi-user environments:

Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration

⇒ Multi-tenant FPGAs New attack scenarios:

Passive on-chip side-channels1 Denial-of-Service2 This work: Fault attacks ...

1Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Motivation

More resources per FPGA ⇒ Multi-user environments:

Amazon, Microsoft and introduce FPGA usage in cloud computing System-on-Chip (SoC) variants, tightly coupled FPGA based systems (Xilinx PYNQ, Intel Xeon FPGA, Intel/Altera-SoCs...) Accelerators deployed to partitions through partial reconfiguration

⇒ Multi-tenant FPGAs New attack scenarios:

Passive on-chip side-channels1 Denial-of-Service2 This work: Fault attacks ...

Proof-of-Concept work: Successful DFA on AES

1Schellenberg et al., ”An Inside Job: Remote Power Analysis Attacks on FPGAs”, DATE 2018 2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Threat model

Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN)

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Threat model

Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Threat model

Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Threat model

Shared FPGA fabric ⇒ Shared Power Distribution Network (PDN) Attacker and victim design logically isolated Victim software process has a public interface Chosen-Plaintext Attack scenario

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Power Distribution Network (PDN)

Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements)

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Power Distribution Network (PDN)

Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: Vdrop = I · R + L · dI

dt

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Power Distribution Network (PDN)

Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: Vdrop = I · R + L · dI

dt

High current variation ⇒ Power supply voltage variation

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Power Distribution Network (PDN)

Interconnections from the voltage regulator down to logic elements Model: RLC-mesh (Resistive, Inductive and Capacitive elements) Law of Inductance: Vdrop = I · R + L · dI

dt

High current variation ⇒ Power supply voltage variation Lower supply voltage ⇒ Timing faults

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Malicious Logic

Logic element to cause high current variation2: Ring Oscillators (ROs)

2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Malicious Logic

Logic element to cause high current variation2: Ring Oscillators (ROs) Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop

2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Malicious Logic

Logic element to cause high current variation2: Ring Oscillators (ROs) Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay)

2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Malicious Logic

Logic element to cause high current variation2: Ring Oscillators (ROs) Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay)

⇒ Calibration of fault injection parameters required

5 10 15 20

Time (s)

0.95 1.00 1.05 1.10 1.15 1.20

VCC (V)

VCC min recommended VCC max recommended FPGA supply voltage VCC during frequency scan

2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Malicious Logic

Logic element to cause high current variation2: Ring Oscillators (ROs) Oscillation ⇒ Gate switching ⇒ Current variation ⇒ Voltage drop RO-grid must be toggled in a very specific way (freq, duty-cycle, delay)

⇒ Calibration of fault injection parameters required

5 10 15 20

Time (s)

0.95 1.00 1.05 1.10 1.15 1.20

VCC (V)

VCC min recommended VCC max recommended Toggle frequency decrease FPGA supply voltage VCC during frequency scan

2Gnad et al., ”Voltage drop-based fault attacks on FPGAs using valid bitstreams”, FPL 2017

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Differential Fault Analysis on AES3

3Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Differential Fault Analysis on AES3 Original scheme: Single-byte faults before 8th round

⇒ All output bytes faulty

3Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Differential Fault Analysis on AES3 Original scheme: Single-byte faults before 8th round

⇒ All output bytes faulty

Injection requires high precision

⇒ Fault injection before 9th round

3Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Differential Fault Analysis on AES3 Original scheme: Single-byte faults before 8th round

⇒ All output bytes faulty

Injection requires high precision

⇒ Fault injection before 9th round

Successful injection can be verified

3Piret et al., ”A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad”, CHES 2003

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Attacker issues encryption request to get correct ciphertext

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid Fault injection is calibrated until desired faults appear

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection and Analysis

Attacker issues encryption request to get correct ciphertext Attacker issues encryption requests while activating RO grid Fault injection is calibrated until desired faults appear Calibration is done only once for a specific board

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Experimental Setup

RO grid AES ARM CPU

FPGA boards: 3× Terasic DE1-SoC, 1× Terasic DE0-Nano-SoC

3 boards of the same type 2 different boards

⇒ Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Experimental Setup

RO grid AES ARM CPU

FPGA boards: 3× Terasic DE1-SoC, 1× Terasic DE0-Nano-SoC

3 boards of the same type 2 different boards

⇒ Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9 Entire threat model in one SoC:

Attacker and victim software on ARM core Respective IP cores on FPGA fabric

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Experimental Setup

RO grid AES ARM CPU

FPGA boards: 3× Terasic DE1-SoC, 1× Terasic DE0-Nano-SoC

3 boards of the same type 2 different boards

⇒ Show generality of attack Cyclone V FPGA and ARM Cortex-A9 on one chip Linux environment on ARM Cortex-A9 Entire threat model in one SoC:

Attacker and victim software on ARM core Respective IP cores on FPGA fabric

Fault injection on SoC, Key recovery on PC

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

#faults per million requests

DE1-SoC-A

Measured total amount of faults Ftot Measured amount of usable faults FDFA

Experiments on DE1-SoC, design fully constrained

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

#faults per million requests

DE1-SoC-A

Measured total amount of faults Ftot Measured amount of usable faults FDFA

Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

#faults per million requests

DE1-SoC-A

Measured total amount of faults Ftot Measured amount of usable faults FDFA

Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults Injection rate increases with amount of ROs

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

#faults per million requests

DE1-SoC-A

Measured total amount of faults Ftot Measured amount of usable faults FDFA

Experiments on DE1-SoC, design fully constrained Evaluate usable (for DFA) faults and total amount of faults Injection rate increases with amount of ROs Injection accuracy decreases after a certain amount

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

100 101 102 103 104 105

DE1-SoC-A

100 101 102 103 104 105

#faults per million requests DE1-SoC-B

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

DE1-SoC-C

Extended experiments: 3 different boards

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

100 101 102 103 104 105

DE1-SoC-A

100 101 102 103 104 105

#faults per million requests DE1-SoC-B

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

DE1-SoC-C

Extended experiments: 3 different boards All boards vulnerable, Calibration finds params

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Fault Injection Rate vs #RO

100 101 102 103 104 105

DE1-SoC-A

100 101 102 103 104 105

#faults per million requests DE1-SoC-B

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

Logic utilization by attacker design (% of total LUTs)

100 101 102 103 104 105

DE1-SoC-C

Extended experiments: 3 different boards All boards vulnerable, Calibration finds params Process variation ⇒ Different optimal #RO

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Key Recovery on 5000 random keys

Recovered keys 2 4 232 233 264

Amount of key candidates remaining for each key

100 101 102 103 104 105

#keys

95.6% 2.6% 0.1% 1.9% 0.1% 0.0% 87.9% 2.9% 0.1% 8.7% 0.2% 0.5% 95.7% 2.2% 0.1% 2.0% 0.1% 0.0% DE1-SoC-A DE1-SoC-B DE1-SoC-C

Experiments on DE1-SoC with best fault injection configuration

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Key Recovery on 5000 random keys

Recovered keys 2 4 232 233 264

Amount of key candidates remaining for each key

100 101 102 103 104 105

#keys

95.6% 2.6% 0.1% 1.9% 0.1% 0.0% 87.9% 2.9% 0.1% 8.7% 0.2% 0.5% 95.7% 2.2% 0.1% 2.0% 0.1% 0.0% DE1-SoC-A DE1-SoC-B DE1-SoC-C

Experiments on DE1-SoC with best fault injection configuration Majority of 5000 keys can be recovered

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Key Recovery on 5000 random keys

Recovered keys 2 4 232 233 264

Amount of key candidates remaining for each key

100 101 102 103 104 105

#keys

95.6% 2.6% 0.1% 1.9% 0.1% 0.0% 87.9% 2.9% 0.1% 8.7% 0.2% 0.5% 95.7% 2.2% 0.1% 2.0% 0.1% 0.0% DE1-SoC-A DE1-SoC-B DE1-SoC-C

Experiments on DE1-SoC with best fault injection configuration Majority of 5000 keys can be recovered Unrecovered keys due to multi-byte faults

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Discussion and Future Work

Attack on fully constrained design on DE1-SoC with < 50% resources

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Discussion and Future Work

Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable

⇒ Not all devices are equally vulnerable

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Discussion and Future Work

Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable

⇒ Not all devices are equally vulnerable

Alternatives to using ROs may exist

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Discussion and Future Work

Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable

⇒ Not all devices are equally vulnerable

Alternatives to using ROs may exist Attack may be extended to hard cores (ARM SoC)

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Discussion and Future Work

Attack on fully constrained design on DE1-SoC with < 50% resources Smaller DE0-Nano-SoC: Fully constrained design not vulnerable

⇒ Not all devices are equally vulnerable

Alternatives to using ROs may exist Attack may be extended to hard cores (ARM SoC) Possible mitigation:

Internal sensors Bitstream checking Voltage islands

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Outline

1

Background

2

Fault Injection and Analysis

3

Experimental Setup

4

Results

5

Discussion and Future Work

6

Conclusion

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Conclusion

High precision fault injection on shared FPGAs is possible

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Conclusion

High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Conclusion

High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation Threat model must be considered for FPGA multi-user environments

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Conclusion

High precision fault injection on shared FPGAs is possible Logical isolation is not enough to prevent manipulation Threat model must be considered for FPGA multi-user environments Mitigation may require new/modified hardware

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Thank you for your attention!

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – Complete Scan Flow

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – Slack Dependent Analysis

3 2 1 1 2 3

slack (ns)

Reported worst-case setup slack Reported best-case setup slack 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

AES clock frequency fop (MHz)

101 102 103 104 105

#faults per million requests

Reference worst-case setup slack on DE1-SoC for fOP = 111 MHz

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – Slack Dependent Analysis

3 2 1 1 2 3

slack (ns)

Measured amount of usable faults FDFA Measured total amount of faults Ftot Reported worst-case setup slack Reported best-case setup slack 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

AES clock frequency fop (MHz)

101 102 103 104 105

#faults per million requests

Reference worst-case setup slack on DE1-SoC for fOP = 111 MHz

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – Injection Process

0.95 1.00 1.05 1.10 1.15 1.20 VCC (V) VCC min recommended VCC max recommended RO activation toggles VCC fluctuation 1 aes_rst_n AES encryption starts 0.0 0.5 1.0 1.5 2.0 Time (µs) 1 ro_ena

Externally measured FPGA supply voltage VCC during fault injection AES reset logic signal (active low) RO grid activation signal

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – RO Floorplan

ROs Virtual Pins

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs

• J. Krautter, D.R.E. Gnad

and M.B. Tahoori

Additional Slides – Adder Test Design