DFAulted: Analyzing and Exploiting CPU Software Faults Caused by FPGA-Driven Undervolting Attacks.

Field-programmable gate arrays (FPGAs) combine hardware reconfigurability with a high degree of parallelism. Consequently, FPGAs offer performance gains and power savings for many applications. A recent trend has been to leverage the hardware versatility of FPGAs with the software programmability of central processing units (CPUs) to improve the performance of processing-intensive workloads. A variety of heterogeneous FPGA-CPU embedded systems are thus available. However, the security of FPGA-CPU systems has not yet been thoroughly evaluated. In this work, we demonstrate the first attack on FPGA-CPU platforms which leverages undervolting caused by the FPGA to inject faults and exploit them against a software encryption algorithm. The aggressor FPGA affects a CPU sharing the same system-on-chip (SoC). We show that circuits in the FPGA fabric, controlled by an attacker, can create a significant supply voltage drop which, in turn, faults the software computation performed by the CPU or even causes a denial-of-service attack. Our results do not rely on any hardware modifications of the target platform. We present a characterization of the attack parameters and the effects observed. Then, we leverage the FPGA-induced undervolting to fault multiplications executing on the CPU. We also highlight how an attacker might benefit from the injected faults to compromise the system's security by demonstrating differential fault analysis (DFA) against an advanced encryption standard (AES) implementation. Our work exposes a new electrical-level threat in tightly integrated modern FPGA-CPU SoCs, bringing to light a need for more research on countermeasures.