Under the initiative of the armasuisse – Cyber-Defence Campus, a team of EPFL scientists, including CYD Doctoral Fellow Dina Mahmoud of PARSA, recently presented the first proof-of-concept for undervolting-based fault injection from the programmable logic of a field programmable gate array (FPGA) to the software executing on a processing system in the same system-on-chip (SoC). The team also proposes a number of future research directions, which, if addressed, should help to ensure the security of today’s heterogeneous computing systems.
Most Cyberattacks such as ransomware exploit vulnerabilities in software. While often neglected, hardware-based attacks can be just as powerful, on top of being more difficult to patch, as the underlying vulnerability remains in the deployed hardware. Hardware attacks in which adversaries have physical access to their target devices have long been investigated. However, with the world wide web and the possibility to access computing resources remotely in the cloud, remotely-controlled hardware attacks have become a reality. Examples of remote attacks include fault-injection attacks causing computation or data manipulation errors and side-channel attacks extracting secrets from power or electromagnetic side channels.
With Moore’s law losing pace in recent years, customizable hardware combining various types of processing units together in one heterogeneous system has become a global trend to increase performance. Since heterogeneous computing is a relatively recent phenomenon, not all security vulnerabilities have been fully understood or investigated. To better understand the landscape of cybersecurity in relation to heterogeneous systems, we surveyed state-of-the-art research on electrical-level attacks and defenses. We focused on exploits which leverage vulnerabilities caused by the electrical signals or their coupling. For example, demanding more power than the power supply can provide, results in lowered voltage for the entire system; the undervolting can affect the functioning of the circuits (e.g., in a computer) and cause faults. Or, an adversary can monitor minute variations in the voltage waveform and use them to classify or even fully uncover the operations executed by the victim. Our survey, which will appear in ACM Computing Surveys, addresses the electrical-level attacks on central processing units (CPUs), field-programmable gate arrays (FPGAs), and graphics processing units (GPUs), the three processing units frequently combined in heterogeneous platforms. We discuss whether electrical-level attacks targeting only one processing unit can extend to the heterogeneous system as a whole and highlight open research directions necessary for ensuring the security of these systems in the future.
In the survey, we discuss a number of system-level vulnerabilities which have not been investigated yet. One of the open research questions we highlight is the possibility of inter-component fault-injection attacks in our subsequent work, which will be presented in March at the Design, Automation and Test in Europe conference (DATE 2022), we demonstrate the feasibility of such an attack. We show the first undervolting attack in which circuits, implemented using the FPGA programmable logic, act as an aggressor while the CPU, residing on the same system-on-chip, is the victim. We program the FPGA to deploy malicious hardware circuits in order to force the FPGA to draw considerable current and cause a drop in the power supply voltage. Since the power supply is shared, the obtained voltage drop propagates across the entire chip. As a result, the computation performed by the CPU faults. If exploit2ed in a remote setting, this attack can lead to denial-of-service or data breach. With these findings, we further confirm the need for continuing research on the security of heterogeneous systems in order to prevent such attacks.
Mahmoud, Dina G.; Lenders, Vincent; Stojilović, Mirjana: Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous Era. ACM Computing Surveys, Volume 55, Issue 3, April 2022, Article No.: 58. DOI: 10.1145/3498337