Open AccessDenial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense
Author(s) -
Tuan La,
Khoa Dang Pham,
Joseph Powell,
Dirk Koch
Publication year - 2021
Publication title -
iacr transactions on cryptographic hardware and embedded systems
Language(s) - English
Resource type - Journals
ISSN - 2569-2925
DOI - 10.46586/tches.v2021.i3.441-464
Subject(s) - field programmable gate array , denial of service attack , computer science , embedded system , computer security , vendor , cloud computing , power analysis , exploit , crash , side channel attack , cryptography , operating system , business , the internet , marketing
This paper presents attacks targeting the FPGAs of AWS F1 instances at the electrical level through power-hammering, where excessive dynamic power is used to crash FPGA instances. We demonstrate different power-hammering attacks that pass all AWS security fences implemented on F1 instances, including the FPGA vendor design rule checks. In addition, we fingerprint the FPGA instances to observe the responsiveness of the instances, which indicates a successful denial-of-service attack. Most importantly, we provide an FPGA virus scanner framework, which was improved to support large datacenter FPGAs for preventing such attacks, including virtually all currently demonstrated side-channel attacks. Our experiments showed that an AWS F1 instance crashes immediately by starting an FPGA design demanding 369W. By using FPGA-fingerprinting, we found that crashed instances are unavailable for about one to over 200 hours.