An Inside Job: Remote Power Analysis Attacks on FPGAs

Falk Schellenberg, Dennis R.E. Gnad, Amir Moradi, Mehdi B. Tahoori

De­sign, Au­to­ma­ti­on & Test in Eu­ro­pe Con­fe­rence & Ex­hi­bi­ti­on, DATE 2018, Dresden, Germany, March 18 - 23 , 2018.


Hardware Trojans have gained increasing interest during the past few years. Undeniably, the detection of such malicious designs needs a deep understanding of how they can practically be built and developed. In this work we present a design methodology dedicated to FPGAs which allows measuring a fraction of the dynamic power consumption. More precisely, we develop internal sensors which are based on FPGA primitives, and transfer the internally-measured side-channel leakages outside. These are distributed and calibrated delay sensors which can indirectly measure voltage fluctuations due to power consumption. By means of a cryptographic core as a case study, we present different settings and parameters for our employed sensors. Using their side-channel measurements, we further exhibit practical key-recovery attacks confirming the applicability of the underlying measurement methodology. This opens a new door to integrate hardware Trojans in a) applications where the FPGA is remotely accessible and b) FPGA-based multi-user platforms where the reconfigurable resources are shared among different users. This type of Trojan is highly difficult to detect since there is no signal connection between targeted (cryptographic) core and the internally-deployed sensors.


Tags: FPGA, Implementation attacks, Power side-channel attacks