Cryptology ePrint Archive: Report 2019/1152

Active Fences against Voltage-based Side Channels in Multi-Tenant FPGAs

Jonas Krautter and Dennis R.E. Gnad and Falk Schellenberg and Amir Moradi and Mehdi B. Tahoori

Abstract: Dynamic and partial reconfiguration together with hardware parallelism make FPGAs attractive as virtualized accelerators. However, recently it has been shown that multi-tenant FPGAs are vulnerable to remote side-channel attacks (SCA) from malicious users, allowing them to extract secret keys without a logical connection to the victim core. Typical mitigations against such attacks are hiding and masking schemes, to increase attackers’ efforts in terms of side-channel measurements. However, they require significant efforts and tailoring for a specific algorithm, hardware implementation and mapping. In this paper, we show a hiding countermeasure against voltage-based SCA that can be integrated into any implementation, without requiring modifications or tailoring to the protected module. We place a properly mapped Active Fence of ring oscillators between victim and attacker circuit, enabled as a feedback of an FPGA-based sensor, leading to reduced side-channel leakage. Our experimental results based on a Lattice ECP5 FPGA and an AES-128 module show that two orders of magnitude more traces are needed for a successful key recovery, while no modifications to the underlying cryptographic module are necessary.

Category / Keywords: applications / implementation / side-channel analysis, countermeasure, hiding, multi-tenant, FPGA

Original Publication (in the same form): ICCAD 2019

Date: received 4 Oct 2019

Contact author: jonas krautter at kit edu

Available format(s): PDF | BibTeX Citation

Version: 20191007:082237 (All versions of this report)

Short URL: ia.cr/2019/1152


[ Cryptology ePrint archive ]