Assessing the Effectiveness of Active Fences Against SCAs for Multi-Tenant FPGAs

Abstract

The rising use of FPGAs, in the context of cloud computing, has created security concerns. Previous works have shown that malicious users can implement voltage fluctuation sensors and mount successful power analysis attacks against cryptographic algorithms that share the same Power Distribution Network (PDN). So far, masking and hiding schemes are the two main mitigation strategies against such attacks and previous work has shown that the use of an active fence of Ring Oscillators (ROs) holds the potential for constituting an effective hiding countermeasure if placed between two adversary users. Nevertheless, developing an effective proposition against remote Side-Channel Attacks (SCAs) remains an open research topic. This work presents the mapping of an intra-FPGA adversary scenario on a Xilinx UltraScale+ MPSoC to assess the effectiveness of the Ring Oscillator active fence countermeasure. We compare different active fence configurations, with a varying number of Ring Oscillators, while using a new, resource efficient, activation method aiming at the achievement of noise injection hiding. The results show that by using our active fence scheme, which exhibits lower area overhead and lower power consumption than the algorithm under attack, the side-channel leakage is reduced to such a degree that the amount of traces that need to be collected for a successful attack is more than ten times higher compared to no fence present. Moreover, this work presents qualitative results that FPGA cloud providers can consider in order to assess the benefits gained through the deployment of active fence mechanisms within their platforms for multi-tenant services.