Paper 2019/1152

Active Fences against Voltage-based Side Channels in Multi-Tenant FPGAs

Jonas Krautter, Dennis R. E. Gnad, Falk Schellenberg, Amir Moradi, and Mehdi B. Tahoori


Dynamic and partial reconfiguration together with hardware parallelism make FPGAs attractive as virtualized accelerators. However, recently it has been shown that multi-tenant FPGAs are vulnerable to remote side-channel attacks (SCA) from malicious users, allowing them to extract secret keys without a logical connection to the victim core. Typical mitigations against such attacks are hiding and masking schemes, to increase attackers’ efforts in terms of side-channel measurements. However, they require significant efforts and tailoring for a specific algorithm, hardware implementation and mapping. In this paper, we show a hiding countermeasure against voltage-based SCA that can be integrated into any implementation, without requiring modifications or tailoring to the protected module. We place a properly mapped Active Fence of ring oscillators between victim and attacker circuit, enabled as a feedback of an FPGA-based sensor, leading to reduced side-channel leakage. Our experimental results based on a Lattice ECP5 FPGA and an AES-128 module show that two orders of magnitude more traces are needed for a successful key recovery, while no modifications to the underlying cryptographic module are necessary.

Available format(s)
Publication info
Published elsewhere. ICCAD 2019
Contact author(s)
jonas krautter @ kit edu
2020-01-07: revised
2019-10-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jonas Krautter and Dennis R. E.  Gnad and Falk Schellenberg and Amir Moradi and Mehdi B.  Tahoori},
      title = {Active Fences against Voltage-based Side Channels in Multi-Tenant FPGAs},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1152},
      year = {2019},
      doi = {10.1109/ICCAD45719.2019.8942094},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.