FPGAs have inherent security flaws, say researchers

FPGAs have inherent security flaws, say researchers

Technology News |
By Christoph Hammerschmidt

Depending on their configuration, FPGAs can assume on almost any function of any other chip, which is why they are often used in the development of new devices or systems. “For example, FPGAs are used in the first product batch of new devices because they can be modified later – in contrast to an ASIC, whose expensive development is only worthwhile for very large quantities,” says Dennis Gnad from the Institute of Computer Engineering (ITEC) at KIT.

These versatile components are used in a wide variety of applications such as smartphones, data networks, automotive electronics and aerospace. FPGAs consume comparatively little power, which is ideal for use in the server farms of cloud services. In addition, these programmable chips have another advantage: they can be divided up as required. “For example, one customer in a cloud context can use one segment of the FPGA, another the other,” says Jonas Krautter, also from ITEC. This is an attractive usage scenario for cloud services. This includes, for example, tasks in the fields of databases, AI applications such as machine learning or financial applications.

The problem: “The use of an FPGA by several users at the same time is a gateway for malicious attacks,” says Gnad. Tricky hackers can use the versatility of FPGAs to perform side-channel attacks. In such a scenario, attackers use the chip’s energy consumption to extract information with which they can crack its encryption. Such chip-internal measurements allow one customer of the cloud service to spy on another. In addition, hackers could not only spy out treacherous fluctuations in power consumption, they could also generate them themselves. “This could falsify the calculations of other customers or even cause the entire chip to crash, which could result in data loss,” explains Krautter. Similar dangers exist with other IC architectures, Gnad continues. For example, SoCs, which are frequently used in Internet of Things applications.

Gnad and Krautter intend to solve the problem by restricting users’ direct access to FPGAs. But this is not an easy task: the difficulty is to filter out malicious users without restricting benevolent users too much.

Original publication:

Related articles:

FPGA secures systems against a variety of threats

Quantum-safe security ‘breakthrough’ for existing computers, IoT devices

Researchers discover new security vulnerabilities in Intel processors


If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles