Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense

Authors

  • Tuan La The University of Manchester, UK
  • Khoa Pham The University of Manchester, UK
  • Joseph Powell The University of Manchester, UK
  • Dirk Koch The University of Manchester, UK

DOI:

https://doi.org/10.46586/tches.v2021.i3.441-464

Keywords:

IACR Transactions on Cryptographic Hardware and Embedded Systems, TCHES, FPGAs, Power-Hammering, DoS attack

Abstract

This paper presents attacks targeting the FPGAs of AWS F1 instances at the electrical level through power-hammering, where excessive dynamic power is used to crash FPGA instances. We demonstrate different power-hammering attacks that pass all AWS security fences implemented on F1 instances, including the FPGA vendor design rule checks. In addition, we fingerprint the FPGA instances to observe the responsiveness of the instances, which indicates a successful denial-of-service attack. Most importantly, we provide an FPGA virus scanner framework, which was improved to support large datacenter FPGAs for preventing such attacks, including virtually all currently demonstrated side-channel attacks. Our experiments showed that an AWS F1 instance crashes immediately by starting an FPGA design demanding 369W. By using FPGA-fingerprinting, we found that crashed instances are unavailable for about one to over 200 hours.

Downloads

Published

2021-07-09

How to Cite

La, T., Pham, K., Powell, J., & Koch, D. (2021). Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 441–464. https://doi.org/10.46586/tches.v2021.i3.441-464

Issue

Volume 2021, Issue 3

Section

Articles

License

Copyright (c) 2021 Tuan La, Khoa Pham, Joseph Powell, Dirk Koch

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.