漏水的电线

Ilias Giechaskiel, Ken Eguro, Kasper Bonne Rasmussen
{"title":"漏水的电线","authors":"Ilias Giechaskiel, Ken Eguro, Kasper Bonne Rasmussen","doi":"10.1145/3322483","DOIUrl":null,"url":null,"abstract":"In complex FPGA designs, implementations of algorithms and protocols from third-party sources are common. However, the monolithic nature of FPGAs means that all sub-circuits share common on-chip infrastructure, such as routing resources. This presents an attack vector for all FPGAs that contain designs from multiple vendors, especially for FPGAs used in multi-tenant cloud environments, or integrated into multi-core processors. In this article, we show that “long” routing wires present a new source of information leakage on FPGAs, by influencing the delay of adjacent long wires. We show that the effect is measurable for both static and dynamic signals and that it can be detected using small on-board circuits. We characterize the channel in detail and show that it is measurable even when multiple competing circuits (including multiple long-wire transmitters) are present and can be replicated on different generations and families of Xilinx devices (Virtex 5, Virtex 6, Artix 7, and Spartan 7). We exploit the leakage to create a covert channel with 6kbps of bandwidth and 99.9% accuracy, and a side channel, which can recover signals kept constant for only 1.3sμs, with an accuracy of more than 98.4%. Finally, we propose countermeasures to reduce the impact of this leakage.1","PeriodicalId":162787,"journal":{"name":"ACM Transactions on Reconfigurable Technology and Systems (TRETS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Leakier Wires\",\"authors\":\"Ilias Giechaskiel, Ken Eguro, Kasper Bonne Rasmussen\",\"doi\":\"10.1145/3322483\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In complex FPGA designs, implementations of algorithms and protocols from third-party sources are common. However, the monolithic nature of FPGAs means that all sub-circuits share common on-chip infrastructure, such as routing resources. This presents an attack vector for all FPGAs that contain designs from multiple vendors, especially for FPGAs used in multi-tenant cloud environments, or integrated into multi-core processors. In this article, we show that “long” routing wires present a new source of information leakage on FPGAs, by influencing the delay of adjacent long wires. We show that the effect is measurable for both static and dynamic signals and that it can be detected using small on-board circuits. We characterize the channel in detail and show that it is measurable even when multiple competing circuits (including multiple long-wire transmitters) are present and can be replicated on different generations and families of Xilinx devices (Virtex 5, Virtex 6, Artix 7, and Spartan 7). We exploit the leakage to create a covert channel with 6kbps of bandwidth and 99.9% accuracy, and a side channel, which can recover signals kept constant for only 1.3sμs, with an accuracy of more than 98.4%. Finally, we propose countermeasures to reduce the impact of this leakage.1\",\"PeriodicalId\":162787,\"journal\":{\"name\":\"ACM Transactions on Reconfigurable Technology and Systems (TRETS)\",\"volume\":\"57 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Reconfigurable Technology and Systems (TRETS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3322483\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Reconfigurable Technology and Systems (TRETS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3322483","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11

摘要

在复杂的FPGA设计中,来自第三方的算法和协议的实现是常见的。然而,fpga的单片特性意味着所有子电路共享通用的片上基础设施,例如路由资源。这为包含来自多个供应商设计的所有fpga提供了攻击向量,特别是用于多租户云环境或集成到多核处理器中的fpga。在本文中,我们展示了“长”布线线通过影响相邻长导线的延迟,在fpga上呈现出新的信息泄漏源。我们表明,这种效应对于静态和动态信号都是可测量的,并且可以使用小型板载电路检测到。我们详细描述了该信道,并表明即使存在多个竞争电路(包括多个长线发射器),它也是可测量的,并且可以在不同代和Xilinx设备(Virtex 5, Virtex 6, Artix 7和Spartan 7)上复制。我们利用泄漏创建了一个带宽为6kbps,精度为99.9%的隐蔽信道,以及一个侧信道,可以恢复仅保持1.3 μs不变的信号,精度超过98.4%。最后,我们提出了减少这种泄漏影响的对策
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Leakier Wires
In complex FPGA designs, implementations of algorithms and protocols from third-party sources are common. However, the monolithic nature of FPGAs means that all sub-circuits share common on-chip infrastructure, such as routing resources. This presents an attack vector for all FPGAs that contain designs from multiple vendors, especially for FPGAs used in multi-tenant cloud environments, or integrated into multi-core processors. In this article, we show that “long” routing wires present a new source of information leakage on FPGAs, by influencing the delay of adjacent long wires. We show that the effect is measurable for both static and dynamic signals and that it can be detected using small on-board circuits. We characterize the channel in detail and show that it is measurable even when multiple competing circuits (including multiple long-wire transmitters) are present and can be replicated on different generations and families of Xilinx devices (Virtex 5, Virtex 6, Artix 7, and Spartan 7). We exploit the leakage to create a covert channel with 6kbps of bandwidth and 99.9% accuracy, and a side channel, which can recover signals kept constant for only 1.3sμs, with an accuracy of more than 98.4%. Finally, we propose countermeasures to reduce the impact of this leakage.1
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信