SHIELD: An Adaptive and Lightweight Defense against the Remote Power Side-Channel Attacks on Multi-tenant FPGAs. (arXiv:2303.06486v1 [cs.CR])

Dynamic partial reconfiguration enables multi-tenancy in cloud-based FPGAs,
which presents security challenges for tenants, IPs, and data. Malicious users
can exploit FPGAs for remote side-channel attacks (SCAs), and shared on-chip
resources can be used for attacks. Logical separation can ensure design
integrity, but on-chip resources can still be exploited. Conventional SCA
mitigation can help, but it requires significant effort, and bitstream checking
techniques are not highly accurate. An active on-chip defense mechanism is
needed for tenant confidentiality. Toward this, we propose a lightweight
shielding technique utilizing ring oscillators (ROs) to protect applications
against remote power SCA. Unlike existing RO-based approaches, in our
methodology, an offline pre-processing stage is proposed to carefully configure
power monitors and an obfuscating circuit concerning the resource constraints
of the board. Detection of power fluctuations due to application execution
enables the obfuscating circuit to flatten the power consumption trace. To
evaluate the effectiveness of the proposed SHIELD, we implemented it on a
Xilinx Zynq-7000 FPGA board executing an RSA encryption algorithm. Due to the
SHIELD, the number of traces required to extract the encryption key is
increased by 166x, making an attack extremely hard at run-time. Note that the
proposed SHIELD does not require any modification in the target application.
Our methodology also shows up to 54% less power consumption and up to 26% less
area overhead than the state-of-the-art random noise-addition-based defense.