A report published by a team of scientists at Karlsruhe Institute of Technology (KIT) highlights the vulnerability of Field-programmable gate arrays (FPGAs). These arrays are electronic components which can be used in place of traditional computer chips. Termed as computer manufacturer’s “Lego bricks”, these are used by a majority of data centers using cloud services.
“FPGAs are for example built into the first production batch of a new device because, unlike special chips whose development only pays off when produced in high volumes, FPGAs can still be modified later,” reported Dennis Gnad, member of Institute of Computer Engineering (ITEC) at KIT. FPGAs in comparison to the regular computer chips are capable of performing many high-end functions than regular computer chips, which perform only specific unchangeable tasks.
It is mainly because of this function of FPGAs, that their application is possible in diverse fields such as the internet, networks, smartphones, medical engineering, aerospace or vehicle electronics. Moreover, “The upper half of the FPGA can be allocated to one customer, the lower half to a second one,” says Jonas Krautter, another member of the research study, and member of ITEC. This highlights the fact that FPGAs can be divided as per convenience, a desirable feature for database services, financial applications, machine learning, in addition to cloud services.
However, the team of scientists at KIT has exposed the vulnerability of FPGAs to cybercrime in their latest study. It is mainly due to the multiple usage in diverse fields that makes FPGAs more prone to unsafe measures. According to the team, it is the versatility of FPGAs that exposes them to hackers and cybercriminals in order to carry out side-channel attacks. Allegedly, the energy consumption of the chip is used to encode the encryption and retrieve information. This underlines the chip-internal measurements that allow cloud customers to spy on one another. Moreover, hackers can not only use telltale consumption fluctuations and they can even fake them, but the team also suggests.
“The concurrent use of an FPGA chip by multiple users opens a gateway for malicious attacks. This way, it is possible to tamper with the calculations of other customers or even to crash the chip altogether, possibly resulting in data losses,” as reported by the team of experts.
The team in adopting a new approach that will restrict immediate access to FPGAs. This will filter out malicious users, according to experts. A report wherein the team explains the potential gateways for cybercriminals is published in a report in the IACR journal.