With increasing interest in Cloud FPGAs, such as Amazon's EC2 F1 instances or Microsoft's Azure with Catapult servers, FPGAs cloud computing infrastructures can become targets for information leakages via convert channel communication. leverage temporal sharing of the FPGA resources between users. This paper shows that heat generated by one user be observed another who later uses same FPGA. The covert data transfer achieved through simple on-off keying (OOK) and use multiple boards parallel...

Multi-tenant FPGAs have recently been proposed, where multiple independent users simultaneously share a remote FPGA. Despite its benefits for cost and utilization, multi-tenancy opens up the possibility of malicious extracting sensitive information from co-located victim users. To demonstrate dangers, this paper presents remote, power-based side-channel attack on binarized neural network (BNN) accelerator. This work shows how to remotely obtain voltage estimates as BNN circuit executes, can...

Architectural details of machine learning models are crucial pieces intellectual property in many applications. Revealing the structure or types layers a model can result leak confidential proprietary information. This issue becomes especially concerning when executed on accelerators multi-tenant FPGAs where attackers easily co-locate sensing circuitry next to victim's accelerator. To evaluate such threats, we present first remote power attack that extract an off-the-shelf domain-specific...

To lower cost and increase the utilization of Cloud Field-Programmable Gate Arrays (FPGAs), researchers have recently been exploring concept multi-tenant FPGAs, where multiple independent users simultaneously share same remote FPGA. Despite its benefits, multi-tenancy opens up possibility malicious co-locating on FPGA as a victim user, extracting sensitive information. This issue becomes especially serious when user is running machine learning algorithm that processing or private demonstrate...

In recent years, multiple public cloud FPGA providers have emerged, increasing interest in acceleration of cryptographic, bioinformatic, financial, and machine learning algorithms. To help understand the security infrastructures, this paper focuses on a fundamental question understanding what an adversary can learn about infrastructure itself, without attacking it or damaging it. particular, work explores how unique features FPGAs be exploited to instantiate Physical Unclonable Functions...

Public cloud infrastructures allow for easy, on-demand access to FPGA resources. However, the low-level, direct hardware exposes infrastructure providers new types of attacks. Prior work has shown that it is possible uniquely identify underlying by creating fingerprints different instances users rent from a provider, but such was not able actually map itself. Meanwhile, this paper demonstrates reverse-engineer co-location boards inside server using PCIe contention. Specifically, deduces...

This paper presents a set of efficient and parameterized hardware accelerators that target post-quantum lattice-based cryptographic schemes, including versatile cSHAKE core, binary-search CDT-based Gaussian sampler, pipelined NTT-based polynomial multiplier, among others. Unlike much prior work, the are fully open-sourced, designed to be constant-time, can at compile-time support different parameters without need for re-writing implementation. These flexible, publicly-available leveraged...

The availability of FPGAs in cloud data centers offers rapid, on-demand access to reconfigurable hardware compute resources that users can adapt their own needs. However, the low-level FPGA and associated such as PCIe bus, SSD drives, or DRAM modules also opens up threats malicious attackers uploading designs are able infer information about other infrastructure itself. In particular, this work presents a new, fast PCIe-contention-based channel is transmit between FPGA-accelerated virtual...

The availability of FPGAs in cloud data centers offers rapid, on-demand access to hardware compute resources that users can configure their own needs. However, the low-level FPGA and associated such as PCIe, SSD, or DRAM also opens up threats malicious attackers uploading designs are able infer information about other infrastructure itself. In particular, this work presents a new, fast PCIe-contention-based channel is transmit between different FPGA-accelerated virtual machines with...

Physical Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are common primitives that can increase the security of user logic on FPGAs. They typically constructed using Ring Oscillators (ROs). However, PUF TRNG not currently available Cloud FPGAs as some commercial FPGA providers prohibit deploying ROs implemented Lookup Tables (LUTs). To aid in bringing RO-based PUFs TRNGs to FPGAs, this work implements evaluates built incorporate latches flip-flops. The tested Amazon's...

The security and performance of FPGA-based accelerators play vital roles in today's cloud services. In addition to supporting convenient access high-end FPGAs, vendors third-party developers now provide numerous FPGA for machine learning models. However, the developed state-of-the-art Cloud environments has not been fully explored, since most remote accelerator attacks have prototyped on local boards lab settings, rather than environments. To address existing research gaps, this work...

Discrete Gaussian samplers are used to sample integers from a discrete distribution. Since this functionality is in operations such as key generation, signing, or encapsulation of lattice-based schemes, it fundamental building block these cryptographic algorithms. One required feature modern when algorithms be constant-time, ensure security against timing side-channel attacks. Further, often desired minimize potential for power EM attacks by limiting how much information an attacker can gain...

To lower cost and increase the utilization of Cloud Field-Programmable Gate Arrays (FPGAs), researchers have recently been exploring concept multi-tenant FPGAs, where multiple independent users simultaneously share same remote FPGA. Despite its benefits, multi-tenancy opens up possibility malicious co-locating on FPGA as a victim user, extracting sensitive information. This issue becomes especially serious when user is running machine learning algorithm that processing or private demonstrate...

Ring Oscillators (ROs) are fundamental primitives that used as building blocks in many other types of circuits. This paper presents an in-depth characterization ring oscillators which leverage the IOBUF primitive found modern Xilinx FPGAs. work first analyzes impact drive strength and slew rate attributes IOBUFs on ROs, also characterizes impacts external temperature, internal voltage, voltage fluctuations frequency proposed ROs. further demonstrates IOBUF-based ROs can detect whether...