Invited Tutorial: FPGA Hardware Security for Datacenters and Beyond

Since FPGAs are now available in datacenters to accelerate applications, providing FPGA hardware security is a high priority. FPGA security is becoming more serious with the transition to FPGA-as-a-Service where users can upload their own bitstreams. Full control over FPGA hardware through the bitstream enables attacks to weaken an FPGA-based system. These include physically damaging the FPGA equipment and leaking of sensitive information such as the secret keys of crypto algorithms. While there is no known attacks in the commercial settings so far, it is not so much a question of if but more of when? The tutorial will show concrete attacks applicable on datacenter FPGAs.
The goal of this tutorial is to prepare the FPGA community to impending security issues in order to pave way for a proactive security. First, we will give a tour through the FPGA hardware security jungle surveying practical attacks and potential threats. We will reinforce this with live demos of denial of service attacks. Less than 10% of the logic resources on an FPGA can draw enough dynamic power to crash a datacenter FPGA card. In the second part of the tutorial, we will show different mitigations that are either vendor supported or proposed by the academic community. In summary, the tutorial will communicate that while FPGA hardware
security is complicated to bring about, there are acceptable solutions for known FPGA security problems.