skip to main content
10.1145/2435264.2435283acmconferencesArticle/Chapter ViewAbstractPublication PagesfpgaConference Proceedingsconference-collections
research-article

Sensing nanosecond-scale voltage attacks and natural transients in FPGAs

Published: 11 February 2013 Publication History

Abstract

Voltage noise not only detracts from reliability and performance, but has been used to attack system security. Most systems are completely unaware of fluctuations occurring on nanosecond time scales. This paper quantifies the threat to FPGA-based systems and presents a solution approach. Novel measurements of transients on 28nm FPGAs show that extreme activity in the fabric can cause enormous undershoot and overshoot, more than 10× larger than what is allowed by the specification. An existing voltage sensor is evaluated and shown to be insufficient. Lastly, a sensor design using reconfigurable logic is presented; its time-to-digital converter enables sample rates 500× faster than the 28nm Xilinx ADC. This enables quick characterization of transients that would normally go undetected, thereby providing potentially useful data for system optimization and helping to defend against supply voltage attacks.

References

[1]
R. Petersen, P. Pant, P. Lopez, A. Barton, J. Ignowski and D. Josephson, "Voltage transient detection and induction for debug and test," Proc. Int'l Test Conf., pp. 1--10, 2009.
[2]
C. Lefurgy et al., "Active management of timing guardband to save energy in POWER7," Proc. Int'l Symp. Microarchitecture (MICRO), pp. 1--11, 2011.
[3]
A. Bsoul and S. Wilton, "A configurable architecture to limit wakeup current in dynamically-controlled power-gated FPGAs," Proc. Int'l Symp. Field Programmable Gate Arrays, pp. 245--254, 2012.
[4]
J.-M. Schmidt and C. Herbst, "A practical fault attack on square and multiply," Proc. Fault Diagnosis and Tolerance in Cryptography, pp. 53--58, 2008.
[5]
A. Pellegrini, V. Bertacco and T. Austin, "Fault-based attack of RSA authentication," Design, Aut. & Test in Europe, pp. 855--860, 2010.
[6]
FIPS PUB 140--2, "Security Requirements for Cryptographic Modules," National Inst. Standards and Technology, May 25, 2001.
[7]
Xilinx, Inc., "Developing tamper resistant designs with Xilinx Virtex-6 and 7 Series FPGAs," XAPP1084 (v1.2), August 10, 2012.
[8]
T. Fischer, J. Desai, B. Doyle, S. Naffziger and B. Patella, "A 90-nm variable frequency clock system for a power-managed Itanium Architecture processor," IEEE Journal of Solid-State Circuits, vol. 41, no. 1, pp. 229--237, Jan. 2006.
[9]
A.G. Yanci, S. Pickles and T. Arslan, "Characterization of a voltage glitch attack detector for secure devices," Symp. Bio-inspired Learning and Intelligent Systems for Security, 2009.
[10]
K.A. Bowman, et al., "All-digital circuit-level dynamic variation monitor for silicon debug and adaptive clock control," IEEE Trans. Circuits and Systems I, vol. 58, no. 9, pp. 2017--2025, 2011.
[11]
Xilinx, Inc., "Virtex-6 FPGA System Monitor User Guide," UG370 (v1.1), June 2010.
[12]
Xilinx, Inc., "7 Series FPGAs and Zynq-7000 All Prog. SoC XADC dual 12-bit 1MSPS ADC User Guide," UG480(v1.2), Oct. 2012.
[13]
E. Boemo and S. López-Buedo, "Thermal monitoring on FPGAs using ring-oscillators," Int'l Workshop on Field-Programmable Logic and Applications, pp. 69--78, 1997.
[14]
K.M. Zick and J.P. Hayes, "Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems," ACM Trans. Reconfigurable Technology and Systems, vol. 5, no. 1, pp. 1--26, 2012.
[15]
A. Le Masle and W. Luk, "Detecting power attacks on reconfigurable hardware," Field Programmable Logic and Applications, pp. 14--19, 2012.
[16]
H. Menninga, "Implementation, characterization, and optimization of an FPGA-based time-to-digital converter," M.Sc. thesis, Delft Univ. of Technology, May 2011.
[17]
D. Ziener, F. Baueregger and J. Teich, "Using the power side channel of FPGAs for communication," IEEE Field-Prog. Custom Computing Machines, pp. 237--244, 2010.
[18]
N. Steiner, A. Wood, H. Shojaei, J. Couch. P. Athanas and M. French, "Torc: towards an open-source tool flow," Proc. Int'l Symp. Field Programmable Gate Arrays, pp. 41--44, 2011. http://torc.isi.edu.
[19]
A. Tavaragiri, J. Couch and P. Athanas, "Exploration of FPGA interconnect for the design of unconventional antennas," Proc. Int'l Symp. Field Programmable Gate Arrays, pp. 219--226, 2011.
[20]
D. Brooks, R.P. Dick and L. Shang, "Power, thermal, and reliability modeling in nanometer-scale microprocessors," IEEE Micro, vol. 27, no. 3, pp. 49--62, 2007.
[21]
A. Moradi, M. Kasper and C. Paar, "Black-box side-channel attacks highlight the importance of countermeasures," Proc. Conf. Topics in Cryptology, pp. 1--18, 2012.
[22]
Z. Liu, B. McGaughy and J. Ma, "Design tools for reliability analysis," Design Automation Conference, pp. 182--187, 2006.

Cited By

View all
  • (2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
  • (2024)Fuzz Wars: The Voltage Awakens – Voltage-Guided Blackbox Fuzzing on FPGAs2024 IEEE 42nd VLSI Test Symposium (VTS)10.1109/VTS60656.2024.10538727(1-7)Online publication date: 22-Apr-2024
  • (2024)Optimal Placement of TDC Sensor for Enhanced Power Side-Channel Assessment on FPGAS2024 37th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems (VLSID)10.1109/VLSID60093.2024.00080(443-448)Online publication date: 6-Jan-2024
  • Show More Cited By

Index Terms

  1. Sensing nanosecond-scale voltage attacks and natural transients in FPGAs

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      FPGA '13: Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
      February 2013
      294 pages
      ISBN:9781450318877
      DOI:10.1145/2435264
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 11 February 2013

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. FPGA
      2. LDI/DT
      3. denial of service
      4. droop
      5. glitch attack
      6. time-to-digital converter
      7. voltage sensing
      8. voltage transient

      Qualifiers

      • Research-article

      Conference

      FPGA '13
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 125 of 627 submissions, 20%

      Upcoming Conference

      FPGA '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)98
      • Downloads (Last 6 weeks)14
      Reflects downloads up to 18 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
      • (2024)Fuzz Wars: The Voltage Awakens – Voltage-Guided Blackbox Fuzzing on FPGAs2024 IEEE 42nd VLSI Test Symposium (VTS)10.1109/VTS60656.2024.10538727(1-7)Online publication date: 22-Apr-2024
      • (2024)Optimal Placement of TDC Sensor for Enhanced Power Side-Channel Assessment on FPGAS2024 37th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems (VLSID)10.1109/VLSID60093.2024.00080(443-448)Online publication date: 6-Jan-2024
      • (2024)Protecting Parallel Data Encryption in Multi-Tenant FPGAs by Exploring Simple but Effective Clocking MethodologiesIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2024.341896132:10(1919-1929)Online publication date: Oct-2024
      • (2024)Analysis of Countermeasures Against Remote and Local Power Side Channel Attacks using Correlation Power AnalysisIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.337071121:6(5128-5142)Online publication date: Nov-2024
      • (2024)In-Situ FPGA Fault Injection with Short-Circuits2024 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE62042.2024.10792722(1-7)Online publication date: 12-Nov-2024
      • (2024)A Lightweight Non-Oscillatory Delay-Sensor for Remote Power Analysis2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545353(343-348)Online publication date: 6-May-2024
      • (2024)Reliability and Security of AI Hardware2024 IEEE European Test Symposium (ETS)10.1109/ETS61313.2024.10567471(1-10)Online publication date: 20-May-2024
      • (2024)Sensors for Remote Power Attacks: New Developments and Challenges2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC58780.2024.10473890(333-340)Online publication date: 22-Jan-2024
      • (2024)High-Confidence Remote Power Analysis on Heterogeneous SoCsJournal of Hardware and Systems Security10.1007/s41635-024-00155-5Online publication date: 30-Dec-2024
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media