Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Vulnerability of cloud service hardware uncovered

03.06.2019

Cloud services and the IoT often use FPGA chips that are considered as relatively secure; however, scientists recently detected a vulnerability that calls for protection

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer's "Lego bricks": electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs.


Field-programmable gate arrays (FPGAs) are more flexible than common specialized computer chips -- and they used to be seen as particularly secure.

Credit: Gnad, KIT

To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential gateways for cyber criminals, as they explain in a report published in the IACR journal. (DOI: 10.13154)

While conventional computer chips mostly perform a very specific task that never changes, FPGAs are capable of assuming nearly every function of any other computer chip. This often makes them first choice for the development of new devices or systems.

"FPGAs are for example built into the first product batch of a new device because, unlike special chips whose development only pays off when produced in high volumes, FPGAs can still be modified later," says Dennis Gnad, a member of the Institute of Computer Engineering (ITEC) at KIT. The computer scientist compares this to a sculpture made from reusable Lego bricks instead of a modeling compound that can no longer be modified once it has hardened.

Therefore, the fields of application of these digital multi-talents span the most diverse sectors, such as smartphones, networks, the Internet, medical engineering, vehicle electronics, or aerospace. Having said that, FPGAs stand out by their comparatively low current consumption, which makes them ideally suited for the server farms run by cloud service providers. A further asset of these programmable chips is that they can be partitioned at will.

"The upper half of the FPGA can be allocated to one customer, the lower half to a second one," says Jonas Krautter, another ITEC member. Such a use scenario is highly desirable for cloud services, where tasks related e.g. to databases, AI applications, such as machine learning, or financial applications have to be performed.

Multiple-User Access Facilitates Attacks

Gnad describes the problem as follows: "The concurrent use of an FPGA chip by multiple users opens a gateway for malicious attacks." Ironically, just the versatility of FPGAs enables clever hackers to carry out so-called side-channel attacks. In a side-channel attack, cyber criminals use the energy consumption of the chip to retrieve information allowing them to break its encryption.

Gnad warns that such chip-internal measurements enable a malicious cloud service customer to spy on another. What is more, hackers are not only able to track down such telltale current consumption fluctuations--they can even fake them.

"This way, it is possible to tamper with the calculations of other customers or even to crash the chip altogether, possibly resulting in data losses," Krautter explains. Gnad adds that similar hazards exist for other computer chips as well. This includes those used frequently for IoT applications, such as smart heating control or lighting systems.

To solve the problem, Gnad and Krautter adopted an approach that consists in restricting the immediate access of users to the FPGAs. "The challenge is to reliably filter out malicious users without tying up the legitimate ones too much," says Gnad.

###

IACR publication:

Gnad, D., Krautter, J., & Tahoori, M. (2019). Leaky Noise: New Side-Channel Attack Vectors in Mixed-Signal IoT Devices. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 305-339. https://doi.org/10.13154/tches.v2019.i3.305-339

More information:

Podcast on FPGA side channels: http://modellansatz.de/fpga-seitenkanaele (in German)

More about the KIT Information · Systems · Technologies Center: http://www.kcist.kit.edu

Press contact:

Kosta Schinarakis
Editor/Press Officer
Phone: +49 721 608-21165
E-Mail: schinarakis@kit.edu

Being "the Research University in the Helmholtz Association," KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility and information. For this, about 9,300 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 25,100 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life.

This press release is available on the internet at http://www.sek.kit.edu/presse.php

Media Contact

Monika Landgraf
presse@kit.edu
49-721-608-21105

 @KITKarlsruhe

http://www.kit.edu/index.php 

Monika Landgraf | EurekAlert!
Further information:
https://www.kit.edu/kit/english/pi_2019_068_vulnerability-of-cloud-service-hardware-uncovered.php
http://dx.doi.org/10.13154/tches.v2019.i3.305-339

More articles from Information Technology:

nachricht Artificial neural network resolves puzzles from condensed matter physics: Which is the perfect quantum theory?
12.07.2019 | Technische Universität München

nachricht Playfully discover atom manipulation
09.07.2019 | University of Vienna

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Artificial neural network resolves puzzles from condensed matter physics: Which is the perfect quantum theory?

For some phenomena in quantum many-body physics several competing theories exist. But which of them describes a quantum phenomenon best? A team of researchers from the Technical University of Munich (TUM) and Harvard University in the United States has now successfully deployed artificial neural networks for image analysis of quantum systems.

Is that a dog or a cat? Such a classification is a prime example of machine learning: artificial neural networks can be trained to analyze images by looking...

Im Focus: Extremely hard yet metallically conductive: Bayreuth researchers develop novel material with high-tech prospects

An international research group led by scientists from the University of Bayreuth has produced a previously unknown material: Rhenium nitride pernitride. Thanks to combining properties that were previously considered incompatible, it looks set to become highly attractive for technological applications. Indeed, it is a super-hard metallic conductor that can withstand extremely high pressures like a diamond. A process now developed in Bayreuth opens up the possibility of producing rhenium nitride pernitride and other technologically interesting materials in sufficiently large quantity for their properties characterisation. The new findings are presented in "Nature Communications".

The possibility of finding a compound that was metallically conductive, super-hard, and ultra-incompressible was long considered unlikely in science. It was...

Im Focus: Modelling leads to the optimum size for platinum fuel cell catalysts: Activity of fuel cell catalysts doubled

An interdisciplinary research team at the Technical University of Munich (TUM) has built platinum nanoparticles for catalysis in fuel cells: The new size-optimized catalysts are twice as good as the best process commercially available today.

Fuel cells may well replace batteries as the power source for electric cars. They consume hydrogen, a gas which could be produced for example using surplus...

Im Focus: The secret of mushroom colors

Mushrooms: Darker fruiting bodies in cold climates

The fly agaric with its red hat is perhaps the most evocative of the diverse and variously colored mushroom species. Hitherto, the purpose of these colors was...

Im Focus: First results of the new Alphatrap experiment

Physicists at the Max Planck Institute for Nuclear Physics in Heidelberg report the first result of the new Alphatrap experiment. They measured the bound-electron g-factor of highly charged (boron-like) argon ions with unprecedented precision of 9 digits. In comparison with a new highly accurate quantum electrodynamic calculation they found an excellent agreement on a level of 7 digits. This paves the way for sensitive tests of QED in strong fields like precision measurements of the fine structure constant α as well as the detection of possible signatures of new physics. [Physical Review Letters, 27 June 2019]

Quantum electrodynamics (QED) describes the interaction of charged particles with electromagnetic fields and is the most precisely tested physical theory. It...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

2nd International Conference on UV LED Technologies & Applications – ICULTA 2020 | Call for Abstracts

24.06.2019 | Event News

SEMANTiCS 2019 brings together industry leaders and data scientists in Karlsruhe

29.04.2019 | Event News

Revered mathematicians and computer scientists converge with 200 young researchers in Heidelberg!

17.04.2019 | Event News

 
Latest News

A human liver cell atlas

15.07.2019 | Life Sciences

No more trial-and-error when choosing an electrolyte for metal-air batteries

15.07.2019 | Power and Electrical Engineering

Possibilities of the biosimilar principle of learning are shown for a memristor-based neural network

15.07.2019 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>