RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of study in this article is modern penetration testing technologies, in which the test object is the implementation of a service based on a platform using Field Programmable Gate Array (FPGA) resources. The goal of this study is to improve modern methods of penetration testing of services provided by FPGA as a Service (FaaS) to find vulnerabilities for further fixing and increasing the level of services security and trust. Task: to analyze the technological capabilities for the development of FPGA as a Service; to analyze possible threats for FPGA as a Service platform; to analyze the structure of the FPGA as a Service platform and the peculiarities of attacks on it; to analyze options for using the penetration testing standard; to propose the classification of possible use of FPGA as a Service platform for solving of cybersecurity tasks; and to propose the sequence of critical components of ensuring of the cybersecurity of FPGA as a Service platform. The following results were obtained based on the tasks. The analysis of the capabilities of existing chips, FPGA accelerator cards, programming technologies, and the integrated environments of a leading company for creation of FPGA as a Service is performed. A study on the cybersecurity problems of FPGA as a Service platforms is conducted, and a set of components to ensure the cybersecurity of FPGA as a Service Platform is proposed. Modern cybersecurity threats of FPGA as a Service platforms are analyzed. A threat structure for FPGA as a Service is proposed. The possibility of applying a penetration testing standard to FPGA services is considered. Regular audits and penetration testing are crucial elements of a cybersecurity strategy and help maintain customer and user trust in FPGA services. Based on the analysis of the possible use of FPGA as a Service to solve cybersecurity tasks, a classification of five variants considering FPGA as an object and tool is proposed. The sequence of critical components of ensuring of the cybersecurity of FPGA as a Service platform is proposed to correspond to modern known threats. Complex activities, including the software updates, security monitoring, auditing, and penetration testing, based on security standards. Conclusions. The primary contribution and scientific novelty of the obtained results is the research into the possibilities of penetration testing for services, where the test object is a platform with access to FPGA. As in many other areas, ensuring the cybersecurity of FPGA as a Service platform is complex, and ignoring any component can lead to critical consequences. Applying only penetration testing is not enough; therefore, a comprehensive list of cybersecurity measures for FPGA as a Service platforms is provided, underlining the urgency and necessity of their implementation.

FPGA; FPGA as a Service; penetration testing; cybersecurity ensuring; protection measures

Tetskyi, A. Testuvannia na pronyknennia komponentiv FPGA yak servisu dlia zabezpechennia kiberbezpeky [Penetration testing of FPGA as a Service components for ensuring cybersecurity]. Aviacijno-kosmicna tehnika i tehnologia – Aerospace technic and technology, 2023, no. 6, pp. 95-101. DOI: 10.32620/aktt.2023.6.11. (In Ukrainian).

Perepelitsyn, A. Method of creation of FPGA based implementation of Artificial Intelligence as a Service. Radioelectronic and Computer Systems, 2023, no. 3, pp. 27-26. DOI: 10.32620/reks.2023.3.03.

Illiashenko, O., Kharchenko, V., & Kovalenko, A. Cyber security lifecycle and assessment technique for FPGA-based I&C systems. Proceedings of IEEE East-West Design & Test Symposium (EWDTS 2012), Kharkiv, Ukraine, 2012, pp. 432-436. DOI: 10.1109/EWDTS.2013.6673155.

Tsai, W. C. Field-Programmable Gate Array-Based Implementation of Zero-Trust Stream Data Encryption for Enabling 6G-Narrowband Internet of Things Massive Device Access. Sensors, 2024, vol. 24, no. 3, article no. 853, pp. 1-22. DOI: 10.3390/s24030853.

Illiashenko, O., Kharchenko, V., & Odarushchenko, O. Towards Evidence-Based Cybersecurity Assessment of Programmable Systems to Ensure the Protection of Critical IT Infrastructure. Proceedings of the 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023, pp. 1178-1183, DOI: 10.1109/IDAACS58523.2023.10348834.

Kharchenko, V., Illiashenko, O., Brezhnev, E., Boyarchuk, A., & Golovanevskiy, V. Security informed safety assessment of industrial FPGA-based systems. Proceedings of the Probabilistic Safety Assessment and Management Conference (PSAM 12), Honolulu, Hawaii, 2014, pp. 1-11.

Kharchenko, V., Illiashenko, O. Sklyar, V. Invariant-Based Safety Assessment of FPGA Projects: Conception and Technique. Computers, 2021, 10, no. 10: 125, pp. 1-10. DOI: 10.3390/computers10100125.

Tsantikidou, K., & Sklavos, N. Threats, Attacks, and Cryptography Frameworks of Cybersecurity in Critical Infrastructures. Cryptography, 2024, vol. 8, no. 1, article no. 7, pp. 1-24. DOI: 10.3390/cryptography8010007.

The Penetration Testing Execution Standard. Available at: http://www.pentest-standard.org/ (accessed August 22, 2023).

Vincy Davis. Intel’s 10th gen 10nm ‘Ice Lake’ processor offers AI apps, new graphics and best connectivity. Available at: https://hub.packtpub.com/intels-10th-gen-10nm-ice-lake-processor-offers-ai-apps-new-graphics-and-best-connectivity/ (accessed May 22, 2024).

Yoon, Y. H., Hwang, D. H., Yang, J. H., & Lee, S. E. Intellino: Processor for embedded artificial intelligence. Electronics, 2020, vol. 9, no. 7, article no. 1169, pp. 1-12. DOI: 10.3390/electronics9071169.

UltraFast Design Methodology Guide for Xilinx FPGAs and SoCs, Xilinx, UG949 (v2021.2). Available at: https://docs.xilinx.com/r/2021.2-English/ug949-vivado-design-methodology/SLR-Utilization-Considerations. (accessed February 28, 2023).

Yanovskaya, O., Yanovsky, M.., & Kharchenko, V. The concept of green Cloud infrastructure based on distributed computing and hardware accelerator within FPGA as a Service. Proceedings of IEEE East-West Design & Test Symposium (EWDTS 2014), Kiev, Ukraine, 2014, pp. 1-4, DOI: 10.1109/EWDTS.2014.7027089.

Perepelitsyn, A., Zarizenko, I., & Kulanov, V. FPGA as a Service Solutions Development Strategy. Proceedings 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies DESSERT 2020, 2020, pp. 376-380, DOI: 10.1109/DESSERT50317.2020.9125017.

Vitis Unified Software Platform Documentation: Application Acceleration Development, Xilinx, UG1393 (v2022.2). Available at: https://docs.xilinx.com /r/en-US/ug1393-vitis-application-acceleration/Getting-Started-with-Vitis. (accessed December 07, 2022).

AI Engine Kernel and Graph Programming Guide, Xilinx, UG1079 (v2022.2). Available at: https://docs.xilinx.com/r/en-US/ug1079-ai-engine-kernel-coding/Overview. (accessed October 19, 2022).

Perepelitsyn, A., Fesenko, H., Kasapien, Y., & Kharchenko, V. Technological Stack for Implementation of AI as a Service based on Hardware Accelerators. Proceedings 2022 IEEE 12th International Conference on Dependable Systems, Services and Technologies, DESSERT 2022, 2022. 5 p. DOI: 10.1109/DESSERT58054.2022.10018615.

Mahmoud, D. G., Lenders, V., & Stojilović, M. Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous Era. ACM Computing Surveys, 2022, vol. 55, no. 3, article no. 58, pp. 1-40. DOI: 10.1145/3498337.

Ender, M., Moradi, A., & Paar, C. The unpatchable silicon: a full break of the bitstream encryption of xilinx 7-series FPGAs. Proceedings of 29th USENIX Conference on Security Symposium (SEC'20), 2020, article no. 102, pp. 1803-1819. DOI: 10.5555/3489212.3489314.

Red Balloon Security. 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans. Available at: https://redballoonsecurity.com/files/CycIhULVL5FS6VNM/100_seconds_of_solitude.pdf (accessed August 22, 2023).

Chakraborty, R. S., Saha, I., Palchaudhuri, A., & Naik, G. K. Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream. IEEE Design & Test, 2013, vol. 30, no. 2, pp. 45-54. DOI: 10.1109/MDT.2013.2247460.

Lohrke, H., Tajik, S., Krachenfels, T., Boit, C., & Seifert, J.-P. Key Extraction Using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018, vol. 2018, no. 3, pp. 573-595. DOI: 10.13154/tches.v2018.i3.573-595.

Perepelitsyn, A. & Kulanov, V. Technologies of FPGA-based projects Development Under Ever-changing Conditions, Platform Constraints, and Time-to-Market Pressure. Proceedings 2022 IEEE 12th International Conference on Dependable Systems, Services and Technologies, DESSERT 2022, 2022, pp. 1-5, DOI: 10.1109/DESSERT58054.2022.10018828.

National Vulnerability Database. Search results for keyword FPGA. Available at: https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=FPGA&search_type=all&isCpeNameSearch=false (accessed March 22, 2024).

America's Cyber Defense Agency. Sielco Poly¬Eco FM Transmitter. Available at: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 (accessed March 22, 2024).

Common Attack Pattern Enumeration and Classification. CAPEC-674: Design for FPGA Maliciously Altered. Available at: https://capec.mitre.org/ data/definitions/674.html (accessed March 22, 2024).

Perepelitsyn, A., & Kulanov, V. Analysis of Ways of Digital Rights Management for FPGA-as-a-Service for AI-Based Solutions. Proceedings 2023 IEEE 13th International Conference on Dependable Systems, Services and Technologies, DESSERT 2023, 2023. 5 p. Accepted.

Penetration Testing Methodologies. Available at: https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies (accessed March 22, 2024).

Common Weakness Enumeration. Available at: https://cwe.mitre.org/ (accessed March 22, 2024).

Tetskyi, A., Kharchenko, V., Uzun, D., & Nechausov, A. Architecture and Model of Neural Network Based Service for Choice of the Penetration Testing Tools. International Journal of Computing, 2021, vol. 20, no. 4, pp. 513-518. DOI: 10.47839/ijc.20.4.2438.

Tan, T. H., Ooi, C. Y., & Marsono, M. N. drDRM: A PUF-Based Dynamically Reconfigurable DRM Mechanism for FPGA-Based Platform. 2018 Sixth International Symposium on Computing and Networking, CANDAR 2018, 2018. pp. 194-200. DOI: 10.1109/CANDAR.2018.00034.

FPGA-Centric Software Acceleration Made Easy. Available at: https://www.accelize.com/blog-fpga-centric-software-acceleration-made-easy (accessed March 23, 2022)

Perepelitsyn, A. Zabezpechennya upravlinnya tsyfrovymy pravamy dlya stvorennya shtuchnoho intelektu yak servisu na osnovi FPGA realizatsiyi [Ensuring of Digital Rights Management of FPGA based implementation of Artificial Intelligence as a Service]. Aviacijno-kosmicna tehnika i tehnologia – Aerospace technic and technology, 2023, no. 6, pp. 102–110. DOI: 10.32620/aktt.2023.6.12. (In Ukrainian).

Ahmed, M. K., Saha, S. K. & Bobda, C. Trusted IP Solution in Multi-tenant Cloud FPGA Platform. Proceedings of 2022 IEEE 8th World Forum on Internet of Things (WF-IoT), 2022, pp. 1-6. DOI: 10.1109/WF-IoT54382.2022.10152167.

Dridi, F., El Assad, S., El Hadj Youssef, W., Machhout, M., & Lozi, R. The design and FPGA-based implementation of a stream cipher based on a secure chaotic generator. Applied Sciences, 2021, vol. 11, no. 2, article no. 625, pp. 1-19. DOI: 10.3390/app11020625.

XRT Controlled Kernel Execution Models. Available: https://xilinx.github.io/XRT/master/html/xrt_kernel_executions.html. (accessed October 7, 2022).

Alveo U280 Data Center Accelerator Card User Guide, Xilinx, UG1314 (v1.3). Available at: https://www.sandycast.com/support/documentation/boards_and_kits/accelerator-cards/ug1314-u280-reconfig-accel.pdf. (accessed February 27, 2020).

Aljuffri, A., Huang, R., Muntenaar, L., Gaydadjiev, G., Ma, K., Hamdioui, S., & Taouil, M. The Security Evaluation of an Efficient Lightweight AES Accelerator. Cryptography, 2024, vol. 8, no. 2, article no. 24, pp. 1-20. DOI: 10.3390/cryptography8020024.

Azar, K. Z., Hossain, M. M., Vafaei, A., Al Shaikh, H., Mondol, N. N., Rahman, F., Tehranipoor, M., & Farahmandi, F. Fuzz, penetration, and AI testing for SoC security verification: Challenges and solutions. Cryptology ePrint Archive, 2022, article no. 394, pp. 1-22. Available at: https://eprint.iacr.org/2022/394.pdf (accessed March 22, 2024).

Potestad-Ordóñez, F. E., Casado-Galán, A., & Tena-Sánchez, E. Protecting FPGA-Based Cryptohardware Implementations from Fault Attacks Using ADCs. Sensors, 2024, vol. 24, no. 5, article no. 1598, pp. 1-15. DOI: 10.3390/s24051598.

Proulx, A., Chouinard, J. Y., Fortier, P., & Miled, A. A survey on FPGA cybersecurity design strategies. ACM Transactions on Reconfigurable Technology and Systems, 2023, vol. 16, no. 2, article no. 20, pp. 1-33. DOI: 10.1145/3561515.

Al-Shaikh, H., Vafaei, A., Rahman, M. M. M., Azar, K. Z., Rahman, F., Farahmandi, F., & Tehranipoor, M. SHarPen: SoC Security Verification by Hardware Penetration Test. Proceedings of the 28th Asia and South Pacific Design Automation Conference, 2023, pp. 579-584. DOI: 10.1145/3566097.3567918.

Kharchenko, V., & Ivasiuk, O. Vykorystannia metodu veryfikatsii FMEDA/FIT dlia otsiniuvannia kiberbezpeky prohramovnoho lohichnoho kontrolera [Using the FMEDA/FIT verification method to assess the cybersecurity of a programmatic logic controller]. Systemy upravlinnia, navihatsii ta zviazku – Control, Navigation and Communication Systems, 2023, no. 4, pp. 114–119. DOI: 10.26906/SUNZ.2023.4.114. (In Ukrainian).

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Available at: https://www.iso.org/standard/27001 (accessed March 22, 2024).

NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations. Available at: https://csrc.nist.gov/pubs/sp/800/53/r5/ upd1/final (accessed March 22, 2024).

ISO/IEC 15408-1:2022 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security. Available at: https://www.iso.org/standard/72891.html (accessed March 22, 2024).