| Info |
|---|
Title of the paper: PowerScout: A Security-Oriented Power Delivery Network Modeling Framework for Cross-Domain Side-Channel Analysis The paper is available at: https://ieeexplore.ieee.org/document/9358263 |
...
Modern electronic systems are becoming increasingly complex, also growing is the sophistication of the PDNs in these systems, in order to supply multiple voltage domains and satisfy their distinctive requirements.
Nonetheless, as a shared resource, PDNs create many pathways for unintended interactions and expose a system to various side-channel attacks.
Remote side-channel and fault injection attacks
Recent works have shown that many such vulnerabilities can be exploited remotely, making them especially potent security threats to modern electronic devices with ubiquitous connectivity.
For example, in information leakage attacks, hackers can implement malicious voltmeters on FPGAs to steal sensitive information without physical access to the target systems.
PDN-based side channel can also be utilized to induce supply glitches (e.g., by implementing a power virus) in victim modules for DoS attacks or differential fault analysis (DFA) on cloud FPGAs.
Previous work and the goal of this work
PDN modeling and simulation tools have been widely investigated mainly to estimate PDN characteristics. Existing tools tend to focus on the trade-off among performance, efficiency, and supply noise. They lack essential capabilities to perform specific side-channel vulnerability analysis.
...
Information leakage exploits the deterministic relationship between the switching activities of digital circuits and their dynamic currents. The induced supply voltage fluctuations can further propagate to other modules connected to the same PDN.
Recent works suggest implementing malicious on-chip voltmeters, such as ring oscillators (ROs) [5] or time-to-digital converters (TDCs) [6], [7], to perform remote side-channel analysis in multi-tenant FPGAs. Similarly, the PDNs can also be used as a medium for covert channel communications. The attackers may implement dedicated oscillating cells (e.g., LFSR [14]) as transmitters to generate information-modulated currents. The receivers can be modules that are sensitive to supply voltages.
...
In previous works and industrial models, VRMs are typically modeled as a fixed voltage source or a fixed voltage regulator in series connected to the equivalent inductor, capacitor, and resistor. But this kind of model is not suitable for security-oriented PDN modeling since it ignores the interactions between different voltage domains. In PowerScout, we model the bi-directional interactions of different VRM topologies, including low-dropout regulators (LDOs), buck converters, and switched-capacitor converters.
...
By considering the effects of both distributed on-board capacitors and the on-chip power grid, PowerScout
achieves high accuracy and fidelity in its simulation of the PDN subsystem.
...