The explosive growth of AI-driven services has led to cloud-based Field Programmable Gate Array (FPGA) accelerators as key enablers of high-performance training and inference in modern data centers. Since 2024, the demand for deploying large AI workloads, especially Large Language Model (LLM), in the cloud has increased dramatically, intensifying competition among cloud providers and increasing pressure on shared FPGA infrastructures. This increasing reliance highlights the need for robust hardware security measures for cloud FPGAs. A particularly serious threat is fault injection attacks, which exploit dynamic voltage fluctuations to induce timing faults, potentially compromising functional integrity and bypassing cryptographic protections. However, existing verification procedures and structural Design Rule Check (DRC) remain blind to attacks embedded in benign-looking circuits. In this paper, we present Power-Wasting Neural Network (PWNN), a novel adversarial technique that leverages the inherent switching behavior of neural network operations to act as a power-waster circuit under adversarial input patterns. We systematically explore network architectures, and input patterns to craft configurations that induce voltage fluctuations capable of triggering timing faults for successful Differential Fault Analysis (DFA). Our PWNN implementation uses a standard open-source tool chain and passes all pre-implementation verification checks, while covertly inducing faults at runtime. We demonstrate on both the AMD ZCU104 and PYNQ-Z2 that PWNN can reliably cause timing faults on the critical path of a co-located AES-128 block cipher, enabling the rapid collection of correct/faulty ciphertext pairs needed for DFA-based key recovery. These results show that functionally correct, DRC compliant accelerators can serve as powerful, adaptive fault injectors that invalidate assumptions about bitstream security and hardware isolation.
Xu et al. (Thu,) studied this question.