In recent decades, due to the emerging requirements of computation acceleration, cloud FPGAs have become popular in public clouds. Major cloud service providers, e.g. AWS and Microsoft Azure have provided FPGA computing resources in their infrastructure and have enabled users to design and deploy their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple users can share the same FPGA fabric with certain types of isolation to improve resource efficiency, have already been proved feasible. However, this also raises security concerns. Various types of side-channel attacks targeting multi-tenancy FPGAs have been proposed and validated. The awareness of security vulnerabilities in the cloud has motivated cloud providers to take action to enhance the security of their cloud environments. In FPGA security research papers, researchers always perform attacks under the assumption that attackers successfully co-locate with victims and are aware of the existence of victims on the same FPGA board. However, the way to reach this point, i.e., how attackers secretly obtain information regarding accelerators on the same fabric, is constantly ignored despite the fact that it is non-trivial and important for attackers. In this paper, we present a novel fingerprinting attack to gain the types of co-located FPGA accelerators. We utilize a seemingly non-malicious benchmark accelerator to sniff the communication link and collect performance traces of the FPGA-host communication link. By analyzing these traces, we are able to achieve high classification accuracy for fingerprinting co-located accelerators, which proves that attackers can use our method to perform cloud FPGA accelerator fingerprinting with a high success rate. As far as we know, this is the first paper targeting multi-tenant FPGA accelerator fingerprinting with the communication side-channel.

翻译：近年来，由于计算加速需求的兴起，云FPGA在公共云中变得流行。主流云服务提供商（如AWS和Microsoft Azure）已在基础设施中提供FPGA计算资源，并允许用户在这些FPGA上设计和部署自己的加速器。多租户FPGA（即多个用户可通过特定隔离方式共享同一FPGA芯片，以提高资源效率）已被证明是可行的。然而，这同时也引发了安全隐患。针对多租户FPGA的各种侧信道攻击已被提出并验证。云环境中的安全漏洞意识促使云服务提供商采取措施加强其云环境的安全性。在FPGA安全研究论文中，研究人员通常假设攻击者成功与受害者共位，并知晓同一FPGA板卡上受害者的存在。然而，实现这一前提的方法（即攻击者如何秘密获取同一芯片上加速器的信息）却常被忽视，尽管这对攻击者而言既重要又非平凡。本文提出一种新型指纹识别攻击，以获取共位FPGA加速器的类型。我们利用一个看似无害的基准加速器嗅探通信链路，并收集FPGA与主机间通信链路的性能轨迹。通过分析这些轨迹，我们能够以较高分类准确率实现共位加速器的指纹识别，证明攻击者可使用我们的方法以高成功率执行云FPGA加速器指纹识别。据我们所知，这是首篇针对基于通信侧信道的多租户FPGA加速器指纹识别的论文。