Protecting Parallel Data Encryption in Multi-Tenant FPGAs by Exploring Simple but Effective Clocking Methodologies

Capitalizing on their versatility and high-performance attributes within heterogeneous designs, increasingly number of field-programmable gate arrays (FPGAs) are integrated into cloud data centers by cloud service providers (CSPs). While CSPs intend to reduce the cost by sharing one board among multiple users (called multi-tenant FPGA), hardware security problems such as side-channel attacks restrict it from spreading commercially. Existing research works have underscored the feasibility of remote side-channel attacks targeting a singular advanced encryption standard (AES) module on multi-tenant FPGAs, but they have not looked into the scenario of parallel data encryption on multiple AES modules for a single tenant, which is possible due to the small resource consumption of one AES module. In this work, we scrutinize correlation power analysis (CPA)-based side-channel attacks on parallel data encryption modules and develop two simple yet effective protective methods based on clocking methodologies-clocking phase shift and small frequency shift. The former technique adopts an identical clock frequency but with distinctive clocking phase to parallel encryption modules while the latter implements slightly different clock frequencies for parallel encryption modules. Experimental results show that both the methods can effectively increase the minimum required power traces for successful CPA, thus instituting a natural protective barrier for parallel data encryption.