Leakier Wires

Citations Over TimeTop 10% of 2019 papers

Abstract

In complex FPGA designs, implementations of algorithms and protocols from third-party sources are common. However, the monolithic nature of FPGAs means that all sub-circuits share common on-chip infrastructure, such as routing resources. This presents an attack vector for all FPGAs that contain designs from multiple vendors, especially for FPGAs used in multi-tenant cloud environments, or integrated into multi-core processors. In this article, we show that “long” routing wires present a new source of information leakage on FPGAs, by influencing the delay of adjacent long wires. We show that the effect is measurable for both static and dynamic signals and that it can be detected using small on-board circuits. We characterize the channel in detail and show that it is measurable even when multiple competing circuits (including multiple long-wire transmitters) are present and can be replicated on different generations and families of Xilinx devices (Virtex 5, Virtex 6, Artix 7, and Spartan 7). We exploit the leakage to create a covert channel with 6kbps of bandwidth and 99.9% accuracy, and a side channel, which can recover signals kept constant for only 1.3sμs, with an accuracy of more than 98.4%. Finally, we propose countermeasures to reduce the impact of this leakage. 1

Related Papers

• → Single Event Effects (SEE) response of embedded power PCs in a Xilinx Virtex-4 FPGA for a space application(2007)11 cited
• → Development of SEU Monitor System for SEU detection and correction in virtex-5 FPGA(2011)4 cited
• → High-precision time interval measuring module on Virtex 4 FPGA(2006)1 cited
• Testing and Diagnosis for Both Interconnect Resources and CLBs in Virtex Series FPGAs(2014)
• Automated Method to Generate Bitstream Intellectual Property Cores for Virtex FPGAs(2004)