In essence, a computer manufacturer's "Lego bricks" is field-programmable gate arrays. They are electronic components that can be employed in a more flexible way than other computer chips. Even larger centers that are dedicated to cloud services, including those provided by some big technology companies, most times resort to FPGAs.
Up till now, the use of such services has been considered as relatively secure. However, recently, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential gateways for cybercriminals, as they explained in a report published in the IACR journal.
Even when conventional computer chips mostly perform a quite specific task that never changes, FPGAs have the capability of assuming nearly every function of any other computer chip. This often makes them first choice for the development of new devices or systems.
A member of the Institute of Computer Engineering (ITEC), Dennis Gnad said that FPGAs are for instance built into the first production batch of a new device because, unlike individual chips whose development only pays off when produced in high volumes, FPGAs can still be modified later. The computer scientist compared this to a sculpture made from reusable Lego bricks instead of a modeling compound that can no longer be changed once it has hardened.
Consequently, the fields of application of these digital multi-talents span the most diverse sectors such as smartphones, networks, the Internet, medical engineering, vehicle electronics, or aerospace.
With that being noted, FPGAs stand out by their comparatively low current consumption, which makes them ideally suited for the server farms run by cloud service providers. A further asset of these programmable chips is that they can be partitioned at will.
Another ITEC member, Jonas Krautter, said that the upper half of the FPGA could be allocated to one customer, the lower half to a second one. Such a use scenario is highly desirable for cloud services, where tasks related such as databases, Ai applications like machine learning, or financial applications have to be performed.
Gnad described the problem as the concurrent use of an FPGA chip by multiple users opens a gateway for malicious attacks. Ironically, the versatility of FPGAs enables smart hackers to carry out the so-called side-channel attacks.
In a side-channel attack, cybercriminals use the energy consumption of the chip to retrieve information allowing them to break its encryption. Gnad warns that such chip-internal measurements enable a malicious cloud service customer to spy on another.
Also, hackers are not only able to track down such telltale current consumption fluctuations; but they can also even fake them. Krautter explained that doing this, it is possible to tamper with the calculations of other customers or even to crash the chip altogether.
For the solution to this problem, Gnad and Krautter adopted an approach that consists in restricting the immediate access of users to the FPGAs. He said that the challenge is to reliably filter out malicious users without tying up the legitimate ones too much.