Cloud services and the IoT often use FPGA chips that are considered as relatively secure; however, scientists recently detected a vulnerability that calls for protection
Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer's "Lego bricks": electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs.
To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential gateways for cyber criminals, as they explain in a report published in the IACR journal. (DOI: 10.13154)
While conventional computer chips mostly perform a very specific task that never changes, FPGAs are capable of assuming nearly every function of any other computer chip. This often makes them first choice for the development of new devices or systems.
"FPGAs are for example built into the first product batch of a new device because, unlike special chips whose development only pays off when produced in high volumes, FPGAs can still be modified later," says Dennis Gnad, a member of the Institute of Computer Engineering (ITEC) at KIT. The computer scientist compares this to a sculpture made from reusable Lego bricks instead of a modeling compound that can no longer be modified once it has hardened.
Therefore, the fields of application of these digital multi-talents span the most diverse sectors, such as smartphones, networks, the Internet, medical engineering, vehicle electronics, or aerospace. Having said that, FPGAs stand out by their comparatively low current consumption, which makes them ideally suited for the server farms run by cloud service providers. A further asset of these programmable chips is that they can be partitioned at will.
"The upper half of the FPGA can be allocated to one customer, the lower half to a second one," says Jonas Krautter, another ITEC member. Such a use scenario is highly desirable for cloud services, where tasks related e.g. to databases, AI applications, such as machine learning, or financial applications have to be performed.
Multiple-User Access Facilitates Attacks
Gnad describes the problem as follows: "The concurrent use of an FPGA chip by multiple users opens a gateway for malicious attacks." Ironically, just the versatility of FPGAs enables clever hackers to carry out so-called side-channel attacks. In a side-channel attack, cyber criminals use the energy consumption of the chip to retrieve information allowing them to break its encryption.
Gnad warns that such chip-internal measurements enable a malicious cloud service customer to spy on another. What is more, hackers are not only able to track down such telltale current consumption fluctuations--they can even fake them.
"This way, it is possible to tamper with the calculations of other customers or even to crash the chip altogether, possibly resulting in data losses," Krautter explains. Gnad adds that similar hazards exist for other computer chips as well. This includes those used frequently for IoT applications, such as smart heating control or lighting systems.
To solve the problem, Gnad and Krautter adopted an approach that consists in restricting the immediate access of users to the FPGAs. "The challenge is to reliably filter out malicious users without tying up the legitimate ones too much," says Gnad.
Gnad, D., Krautter, J., & Tahoori, M. (2019). Leaky Noise: New Side-Channel Attack Vectors in Mixed-Signal IoT Devices. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 305-339. https:/
Podcast on FPGA side channels: http://modellansatz.
More about the KIT Information · Systems · Technologies Center: http://www.
Phone: +49 721 608-21165
Being "the Research University in the Helmholtz Association," KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility and information. For this, about 9,300 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 25,100 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life.
This press release is available on the internet at http://www.
Monika Landgraf | EurekAlert!
New AI system manages road infrastructure via Google Street View
19.06.2019 | RMIT University
'Alexa, monitor my heart': Researchers develop first contactless cardiac arrest AI system for smart speakers
19.06.2019 | University of Washington
From June 25th to 27th 2019, the Fraunhofer Institute for Digital Media Technology IDMT in Ilmenau (Germany) will be presenting a new solution for acoustic quality inspection allowing contact-free, non-destructive testing of manufactured parts and components. The method which has reached Technology Readiness Level 6 already, is currently being successfully tested in practical use together with a number of industrial partners.
Reducing machine downtime, manufacturing defects, and excessive scrap
The quality of additively manufactured components depends not only on the manufacturing process, but also on the inline process control. The process control ensures a reliable coating process because it detects deviations from the target geometry immediately. At LASER World of PHOTONICS 2019, the Fraunhofer Institute for Laser Technology ILT will be demonstrating how well bi-directional sensor technology can already be used for Laser Material Deposition (LMD) in combination with commercial optics at booth A2.431.
Fraunhofer ILT has been developing optical sensor technology specifically for production measurement technology for around 10 years. In particular, its »bd-1«...
The well-known representation of chemical elements is just one example of how objects can be arranged and classified
The periodic table of elements that most chemistry books depict is only one special case. This tabular overview of the chemical elements, which goes back to...
Light can be used not only to measure materials’ properties, but also to change them. Especially interesting are those cases in which the function of a material can be modified, such as its ability to conduct electricity or to store information in its magnetic state. A team led by Andrea Cavalleri from the Max Planck Institute for the Structure and Dynamics of Matter in Hamburg used terahertz frequency light pulses to transform a non-ferroelectric material into a ferroelectric one.
Ferroelectricity is a state in which the constituent lattice “looks” in one specific direction, forming a macroscopic electrical polarisation. The ability to...
Researchers at TU Graz calculate the most accurate gravity field determination of the Earth using 1.16 billion satellite measurements. This yields valuable knowledge for climate research.
The Earth’s gravity fluctuates from place to place. Geodesists use this phenomenon to observe geodynamic and climatological processes. Using...
24.06.2019 | Event News
29.04.2019 | Event News
17.04.2019 | Event News
26.06.2019 | Materials Sciences
26.06.2019 | Physics and Astronomy
26.06.2019 | Health and Medicine