Papers
Topics
Authors
Recent
Search
2000 character limit reached

MaliGNNoma: GNN-Based Malicious Circuit Classifier for Secure Cloud FPGAs

Published 4 Mar 2024 in cs.CR | (2403.01860v1)

Abstract: The security of cloud field-programmable gate arrays (FPGAs) faces challenges from untrusted users attempting fault and side-channel attacks through malicious circuit configurations. Fault injection attacks can result in denial of service, disrupting functionality or leaking secret information. This threat is further amplified in multi-tenancy scenarios. Detecting such threats before loading onto the FPGA is crucial, but existing methods face difficulty identifying sophisticated attacks. We present MaliGNNoma, a machine learning-based solution that accurately identifies malicious FPGA configurations. Serving as a netlist scanning mechanism, it can be employed by cloud service providers as an initial security layer within a necessary multi-tiered security system. By leveraging the inherent graph representation of FPGA netlists, MaliGNNoma employs a graph neural network (GNN) to learn distinctive malicious features, surpassing current approaches. To enhance transparency, MaliGNNoma utilizes a parameterized explainer for the GNN, labeling the FPGA configuration and pinpointing the sub-circuit responsible for the malicious classification. Through extensive experimentation on the ZCU102 board with a Xilinx UltraScale+ FPGA, we validate the effectiveness of MaliGNNoma in detecting malicious configurations, including sophisticated attacks, such as those based on benign modules, like cryptography accelerators. MaliGNNoma achieves a classification accuracy and precision of 98.24% and 97.88%, respectively, surpassing state-of-the-art. We compare MaliGNNoma with five state-of-the-art scanning methods, revealing that not all attack vectors detected by MaliGNNoma are recognized by existing solutions, further emphasizing its effectiveness. Additionally, we make MaliGNNoma and its associated dataset publicly available.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (57)
  1. C. Jin, V. Gohil, R. Karri, and J. Rajendran, “Security of cloud FPGAs: A survey,” arXiv preprint arXiv:2005.04867, 2020.
  2. Amazon Web Services (AWS). (2021) EC2 F1 instances. [Online]. Available: https://aws.amazon.com/ec2/instance-types/f1/
  3. D. Rankin, J. Krupa, P. Harris, M. A. Flechas, B. Holzman, T. Klijnsma, K. Pedro, N. Tran, S. Hauck, S.-C. Hsu et al., “FPGAs-as-a-service toolkit (FaaST),” in IEEE/ACM International Workshop on Heterogeneous High-performance Reconfigurable Computing (H2RC).   IEEE, 2020, pp. 38–47.
  4. K. Eguro and R. Venkatesan, “Fpgas for trusted cloud computing,” in 22nd International Conference on Field Programmable Logic and Applications (FPL), 2012, pp. 63–70.
  5. D. R. E. Gnad, F. Oboril, and M. B. Tahoori, “Voltage drop-based fault attacks on FPGAs using valid bitstreams,” in Int. Conf. on FPL and Appl., 2017, pp. 1–7.
  6. T. La, K. Pham, J. Powell, and D. Koch, “Denial-of-service on fpga-based cloud infrastructures — attack and defense,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 3, p. 441–464, Jul. 2021. [Online]. Available: https://tches.iacr.org/index.php/TCHES/article/view/8982
  7. A. Vaishnav, K. D. Pham, and D. Koch, “A survey on fpga virtualization,” in International Conference on Field Programmable Logic and Applications (FPL).   IEEE, 2018, pp. 131–1317.
  8. J. Krautter, D. R. E. Gnad, and M. B. Tahoori, “Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud,” ACM Transactions on Reconfigurable Technology and Systems, vol. 12, no. 3, pp. 1–26, 2019.
  9. F. Schellenberg, D. R. Gnad, A. Moradi, and M. B. Tahoori, “An inside job: Remote power analysis attacks on fpgas,” in Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2018, pp. 1111–1116.
  10. C. Ramesh, S. B. Patil, S. N. Dhanuskodi, G. Provelengios, S. Pillement, D. Holcomb, and R. Tessier, “Fpga side channel attacks without physical access,” in 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).   IEEE, 2018, pp. 45–52.
  11. S. Moini, S. Tian, D. Holcomb, J. Szefer, and R. Tessier, “Remote power side-channel attacks on bnn accelerators in fpgas,” in 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021, pp. 1639–1644.
  12. J. Krautter, D. R. E. Gnad, and M. B. Tahoori, “Remote fault attacks in multitenant cloud fpgas,” IEEE Design & Test, vol. 39, no. 4, pp. 33–40, 2022.
  13. ——, “FPGAhammer: remote voltage fault attacks on shared FPGAs, suitable for DFA on AES,” IACR Trans. on Cryptographic HW and Embedded Sys. (TCHES), vol. 2018, no. 3, pp. 44–68, 2018.
  14. A. Boutros, M. Hall, N. Papernot, and V. Betz, “Neighbors from hell: Voltage attacks against deep learning accelerators on multi-tenant fpgas,” in International Conference on Field-Programmable Technology (ICFPT), 2020, pp. 103–111.
  15. J. Krautter, D. R. Gnad, F. Schellenberg, A. Moradi, and M. B. Tahoori, “Active fences against voltage-based side channels in multi-tenant FPGAs,” in 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2019, pp. 1–8.
  16. M. M. Ahmadi, L. Alrahis, O. Sinanoglu, and M. Shafique, “FPGA-Patch: Mitigating remote side-channel attacks on fpgas using dynamic patch generation,” in ACM/IEEE International Symposium on Low Power Electronics and Design (ISLPED), 2023.
  17. S. Zeitouni, J. Vliegen, T. Frassetto, D. Koch, A.-R. Sadeghi, and N. Mentens, “Trusted configuration in cloud fpgas,” in 2021 IEEE 29th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2021, pp. 233–241.
  18. T. M. La, K. Matas, N. Grunchevski, K. D. Pham, and D. Koch, “FPGADefender: Malicious self-oscillator scanning for Xilinx UltraScale+ FPGAs,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 13, no. 3, pp. 1–31, 2020.
  19. J. Chaudhuri and K. Chakrabarty, “Diagnosis of malicious bitstreams in cloud computing fpgas,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2023.
  20. K. Dang Pham, E. Horta, and D. Koch, “Bitman: A tool and api for fpga bitstream manipulations,” in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, 2017, pp. 894–897.
  21. G. Provelengios, D. Holcomb, and R. Tessier, “Power wasting circuits for cloud FPGA attacks,” in Int. Conf. on Field-Prog. Logic and Appl. (FPL), 2020, pp. 231–235.
  22. J. Chaudhuri and K. Chakrabarty, “Detection of malicious fpga bitstreams using cnn-based learning,” in 2022 IEEE European Test Symposium (ETS), 2022, pp. 1–2.
  23. R. Elnaggar, J. Chaudhuri, R. Karri, and K. Chakrabarty, “Learning malicious circuits in fpga bitstreams,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 42, no. 3, pp. 726–739, 2023.
  24. R. Yasaei, S.-Y. Yu, E. K. Naeini, and M. A. A. Faruque, “GNN4IP: Graph neural network for hardware intellectual property piracy detection,” in 2021 58th ACM/IEEE Design Automation Conference (DAC), 2021, pp. 217–222.
  25. L. Alrahis, A. Sengupta, J. Knechtel, S. Patnaik, H. Saleh, B. Mohammad, M. Al-Qutayri, and O. Sinanoglu, “GNN-RE: Graph neural networks for reverse engineering of gate-level netlists,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 41, no. 8, pp. 2435–2448, 2022.
  26. T. Bücher, L. Alrahis, G. Paim, S. Bampi, O. Sinanoglu, and H. Amrouch, “AppGNN: Approximation-aware functional reverse engineering using graph neural networks,” in 2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD), 2022, pp. 1–9.
  27. L. Alrahis, J. Knechtel, and O. Sinanoglu, “Graph neural networks: A powerful and versatile tool for advancing design, reliability, and security of ICs,” in 2023 28th Asia and South Pacific Design Automation Conference (ASP-DAC), 2023, pp. 83–90.
  28. D. Luo, W. Cheng, D. Xu, W. Yu, B. Zong, H. Chen, and X. Zhang, “Parameterized explainer for graph neural network,” Advances in neural information processing systems, vol. 33, pp. 19 620–19 631, 2020.
  29. F. Brglez, D. Bryan, and K. Kozminski, “Combinational profiles of sequential benchmark circuits,” in ISCAS, 1989, pp. 1929–1934 vol.3.
  30. J. Pistorius, M. Hutton, A. Mishchenko, and R. Brayton, “Benchmarking method and designs targeting logic synthesis for fpgas,” in Proc. IWLS, vol. 7, 2007, pp. 230–237.
  31. P. Jamieson, T. Becker, P. Y. K. Cheung, W. Luk, T. Rissa, and T. Pitkänen, “Benchmarking and evaluating reconfigurable architectures targeting the mobile domain,” ACM Transactions on Design Automation of Electronic Systems (TODAES), vol. 15, no. 2, mar 2010.
  32. OpenCores. (1999) Opencores the reference community for free and open source gateware ip cores. [Online]. Available: https://opencores.org
  33. M. M. Alam, S. Tajik, F. Ganji, M. Tehranipoor, and D. Forte, “RAM-Jam: Remote temperature and voltage fault attack on FPGAs using memory collisions,” in Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2019, pp. 48–55.
  34. H. Salmani, M. Tehranipoor, S. Sutikno, and F. Wijitrisnanto, “Trust-Hub Trojan benchmark for hardware Trojan detection model creation using machine learning,” 2022. [Online]. Available: https://dx.doi.org/10.21227/px6s-sm21
  35. M. Zhao and G. E. Suh, “Fpga-based remote power side-channel attacks,” in 2018 IEEE Symposium on Security and Privacy (SP), 2018, pp. 229–244.
  36. Y. Zhang, R. Yasaei, H. Chen, Z. Li, and M. A. Al Faruque, “Stealing neural network structure through remote fpga side-channel analysis,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4377–4388, 2021.
  37. T. Sugawara, K. Sakiyama, S. Nashimoto, D. Suzuki, and T. Nagatsuka, “Oscillator without a combinatorial loop and its threat to FPGA in data centre,” Electronics Letters, vol. 55, no. 11, pp. 640–642, 2019.
  38. K. Matas, T. M. La, K. D. Pham, and D. Koch, “Power-hammering through glitch amplification – attacks and mitigation,” in FCCM, 2020, pp. 65–69.
  39. J. Krautter, D. R. Gnad, and M. B. Tahoori, “Remote and stealthy fault attacks on virtualized fpgas,” in 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2021, pp. 1632–1637.
  40. H. Nassar, H. AlZughbi, D. Gnad, L. Bauer, M. Tahoori, and J. Henkel, “LoopBreaker: Disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs,” in International Conference on Computer-Aided Design (ICCAD), 2021.
  41. T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks,” in International Conference on Learning Representations (ICLR), 2017.
  42. L. Alrahis, S. Patnaik, M. Shafique, and O. Sinanoglu, “Embracing graph neural networks for hardware security,” in 2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD), 2022, pp. 1–9.
  43. ——, “OMLA: An oracle-less machine learning-based attack on logic locking,” IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 69, no. 3, pp. 1602–1606, 2022.
  44. R. Yasaei, S.-Y. Yu, and M. A. Al Faruque, “GNN4TJ: Graph neural networks for hardware trojan detection at register transfer level,” in 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021, pp. 1504–1509.
  45. L. Alrahis, S. Patnaik, M. Shafique, and O. Sinanoglu, “MuxLink: Circumventing learning-resilient mux-locking using graph neural network-based link prediction,” in 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2022, pp. 694–699.
  46. L. Alrahis, S. Patnaik, M. A. Hanif, M. Shafique, and O. Sinanoglu, “UNTANGLE: Unlocking routing and logic obfuscation using graph neural networks-based link prediction,” in 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD), 2021, pp. 1–9.
  47. L. Alrahis, L. Mankali, S. Patnaik, A. Sengupta, J. Knechtel, and O. Sinanoglu, “UN-SPLIT: Attacking split manufacturing using link prediction in graph neural networks,” in International Conference on Security, Privacy, and Applied Cryptography Engineering.   Springer, 2023, pp. 197–213.
  48. L. Mankali, L. Alrahis, S. Patnaik, J. Knechtel, and O. Sinanoglu, “Titan: Security analysis of large-scale hardware obfuscation using graph neural networks,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 304–318, 2022.
  49. L. Alrahis, J. Knechtel, F. Klemme, H. Amrouch, and O. Sinanoglu, “GNN4REL: Graph neural networks for predicting circuit reliability degradation,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 41, no. 11, pp. 3826–3837, 2022.
  50. D. S. Lopera, L. Servadei, G. N. Kiprit, S. Hazra, R. Wille, and W. Ecker, “A survey of graph neural networks for electronic design automation,” in 2021 ACM/IEEE 3rd Workshop on Machine Learning for CAD (MLCAD), 2021, pp. 1–6.
  51. S.-Y. Yu, R. Yasaei, Q. Zhou, T. Nguyen, and M. A. Al Faruque, “HW2VEC: a graph learning tool for automating hardware security,” in 2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2021, pp. 13–23.
  52. K. Xu, W. Hu, J. Leskovec, and S. Jegelka, “How powerful are graph neural networks?” in ICLR, 2019.
  53. Z. Ying, D. Bourgeois, J. You, M. Zitnik, and J. Leskovec, “Gnnexplainer: Generating explanations for graph neural networks,” Advances in neural information processing systems, vol. 32, 2019.
  54. K. Amara, R. Ying, Z. Zhang, Z. Han, Y. Shan, U. Brandes, S. Schemm, and C. Zhang, “Graphframex: Towards systematic evaluation of explainability methods for graph neural networks,” arXiv preprint arXiv:2206.09677, 2022.
  55. L. V. D. Maaten and G. Hinton, “Visualizing data using t-sne,” Journal of machine learning research, vol. 9, no. Nov, pp. 2579–2605, 2008.
  56. L. Alrahis, S. Patnaik, M. A. Hanif, M. Shafique, and O. Sinanoglu, “PoisonedGNN: Backdoor attack on graph neural networks-based hardware security systems,” IEEE Transactions on Computers, 2023.
  57. L. Alrahis and O. Sinanoglu, “Graph neural networks for hardware vulnerability analysis—can you trust your GNN?” in IEEE VLSI Test Symposium (VTS), 2023, pp. 1–4.
Citations (1)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up