Cloud services and the Internet of Things often use Field Programmable Gate Arrays – or FPGA chips – which until now have been considered relatively secure.
FPGAs are the Lego bricks of computer manufacturers: electronic components that can be used very flexibly unlike ordinary computer chips. FPGAs are also used in large data centers that are used for cloud services, such as those offered by large tech companies. So far, the use of such services has been considered relatively secure. However, researchers at the Karlsruhe Institute of Technology (KIT) have found potential entry points for cybercriminals.
While traditional chips usually only perform a very specific, consistent task, FPGAs can handle virtually any function of any other chips, which is why they are often used in the development of new devices or systems. “FPGAs, for example, are installed in the first product batch of new devices because, in contrast to a special chip, whose expensive development pays off only in very large quantities, it can be subsequently changed,” says Dennis Gnad from the Institute for Technical Informatics (ITEC) of the KIT. You could imagine it as if you were building a sculpture out of reusable Lego bricks, instead of hardening modeling clay, explains the computer scientist.
The digital jack-of-all-trades are used in a wide range of areas such as smartphones, networks, the internet, medical technology, vehicle electronics and aerospace. At the same time, FPGAs consume comparatively little power, which is ideal for use in the server farms of cloud services. In addition, the programmable chips have another advantage: they can be divided as required. “For example, one customer can use the upper half of the FPGA, a second one can use the lower one,” says Jonas Krautter, also from ITEC. For cloud services, this is an attractive usage scenario. For example, it deals with tasks in the fields of databases, AI applications such as machine learning or financial applications.
But the versatility of FPGAs makes them vulnerable to attack. “The use of a chip with FPGA by multiple users at the same time is a gateway for malicious attacks,” says Gnad. Hackers can perform so-called side channel attacks. Here, the attackers draw information from the chips’ energy consumption, which they can use to crack their encryption. With such in-chip measurements, one customer of the cloud service can spy on another, warns Gnad. In addition, hackers could not only spot treacherous fluctuations in power consumption, but also generate it themselves. “This can distort the calculations of other customers
or even the entire chip could crash, causing data to be lost, “explains Krautter. There are similar dangers with other chips, Gnad continues. For example, those often used in Internet of Things applications such as intelligent heating controls or lighting.
Gnad and Krautter want to solve the problem by limiting the users’ immediate access to the FPGAs. “The difficulty lies in filtering out malicious users without restricting legitimate users too much,” says Gnad.