The explosion of Internet of Things and cloud computing applications has generated a huge demand for multi-tenant colocation data centers everywhere, extending the Internet edge beyond the traditional hub locations. As one would expect, securing data centers against cyber attacks is extremely important, and so is providing a reliable power supply to servers. While the threat of cyber attacks has been well recognized and extensively researched, data center power security has long been taken for granted and heavily relied on infrastructure robustness and redundancies.
In this talk, we present our recent research on an emerging threat faced by multi-tenant data centers --- well-timed malicious power loads, or power attacks. We first show that, despite safeguards in place, the current way that power infrastructure is managed in multi-tenant data centers is highly vulnerable to power attacks launched by malicious tenants (i.e., attackers). Next, we discover two types of physical networks in a multi-tenant data center --- thermal network and acoustic network --- which result from the co-location of multiple tenants in a shared data center facility and hence physically interconnect these tenants. More importantly, a malicious tenant can extract information about tenants' runtime power usage out of the thermal/acoustic network and launch well-timed power attacks, compromising the data center availability and leading to power outages. Finally, we highlight a set of defense strategies that data center operators can leverage to secure the power infrastructure against power attacks.