Robust Timing Attack Countermeasure on Virtual Hardware

Abstract

Field programmable gate arrays (FPGAs) are being increasingly used in Internet of Things (IoT) applications, as they usually provide lower power, lower latency and higher performance compared with their processor counterparts. However, security has emerged as a critical concern for FPGA-based systems as they are vulnerable to different form of physical attacks, such as side-channel attacks (SCAs). Existing protection methods, which primarily rely on bitstream encryption, are computationally expensive and more importantly, cannot protect against run-time attacks. Hardware virtualization, where instead of traditional direct mapping to FPGA, an application is mapped upon an application-specific virtual layer, called overlay, has been well-studied in past decades for productivity benefit, while its security implication has not been investigated at all. In this paper, for the first time to our knowledge, we present a novel usage of virtualization that limits damage from timing attacks and improves performance for RSA decryption by employing unique reconfigurable hardware architectures on FPGAs. Specific masking methods are implemented onto this architecture, and extensive security and performance analysis are done that demonstrates significant side-channel attack resistance under performance constraint.