ECE Departmental Seminar
Pentimento: Analog Data Remanence in Cloud FPGAs
Dustin Richmond
UC Santa Cruz
Friday, 9/15/23, 1:00pm
Light Engineering 250
Abstract: Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. This very same flexibility that exposes new security vulnerabilities. We find that a remote attacker can recover an “FPGA pentimento”—long-removed secret data belonging to a prior user or proprietary design image on a cloud FPGA. Just as pentimenti in paintings can be exposed by infrared imaging, FPGA pentimenti can be exposed by signal timing sensors instantiated on a remote cloud FPGA. We demonstrate how slight timing degradations can be measured using a time-to-digital converter by adversary on a target cloud FPGA. This technique allows an attacker to ascertain previously safe information, after it is no longer explicitly present, on cloud FPGAs. In this (informal) talk I will discuss our experiments, and preliminary results experimentally validating pentimenti on cloud FPGA platforms.
Bio: Dustin Richmond is an Assistant Professor of Computer Science and Engineering in the Baskin School of Engineering at UC Santa Cruz. His prior work includes simplifying abstractions for FPGA accelerators (RIFFA, PYNQ), massively manycore architectures (HammerBlade), thin film solar cells, and uniquely, cultural heritage documentation in Guatemala. His current work studies the security implications of how transistors degrade. Professor Richmond is recruiting students for the PhD Program at UC Santa Cruz (engineering.ucsc.edu), the Hardware Systems Collective (hsc.ucsc.edu/), and Security Research Lab (srl-ucsc.github.io). Any students interested in applying to graduate school can reach out via email (dustinrichmond.com) or schedule a 1:1 meeting during his visit.