Extending FPGA Information Leaks with Trojan Phantom Circuits


Field-Programmable Gate Arrays (FPGAs) are increasingly used in data centers and in cloud computing for acceleration of various applications. However, cloud-based FPGAs could be programmed with malicious circuits to leak information. For example, existing work has shown that long-wire crosstalk can be abused to leak information in cloud-based FPGAs. However, long-wire crosstalk is limited to very small spatial distances where the receiver needs to be located next to the transmitter or victim. This work shows how long-wire crosstalk can be extended to cross-FPGA information leakage with a novel Trojan phantom circuit. The phantom circuit is a self-contained circuit, isolated from other FPGA logic using a Ring Oscillator (RO) as a clock source. It uses crosstalk to spy on information and then amplifies the range of information leakage by triggering RO stressors for cross-FPGA information transmission with accuracy above 90%. In addition to demonstrating a new security threat, this work also presents the first set of active monitoring and defense mechanisms for protection from cross-FPGA information leakage.

May 16, 2024 10:40 AM
2024 International Symposium on Secure and Private Execution Environment Design (SEED 2024)
Orlando, FL