Cryptology ePrint Archive: Report 2019/1394

Voltage-based Covert Channels using FPGAs

Dennis R. E. Gnad and Cong Dang Khoa Nguyen and Syed Hashim Gillani and Mehdi B. Tahoori

Abstract: FPGAs are increasingly used in cloud applications and being integrated into Systems-on-Chip (SoCs). For these systems, various side-channel attacks on cryptographic implementations have been reported, motivating to apply proper countermeasures. Beyond cryptographic implementations, maliciously introduced covert channel receivers and transmitters can allow to exfiltrate other secret information from the FPGA. In this paper, we present a fast covert channel on FPGAs, which exploits the on-chip power distribution network. This can be achieved without any logical connection between the transmitter and receiver blocks. Compared to a recently published covert channel with an estimated 4.8 Mbit/s transmission speed, we show 8 Mbit/s transmission and reduced errors from around 3% to less than 0.003%. Furthermore, we demonstrate proper transmissions of word-size messages and test the channel in the presence of noise generated from other residing tenants' modules in the FPGA. When we place and operate other co-tenant modules that require 85% of the total FPGA area, the error rate increases to 0.02%, depending on the platform and setup. This error rate is still reasonably low for a covert channel. Overall, the transmitter and receiver work with less than 3-5% FPGA LUT resources together. We also show the feasibility of other types of covert channel transmitters, in the form of synchronous circuits within the FPGA.

Category / Keywords: implementation / fpga, multi-tenant, accelerator, SoC, side-channel, covert-channel, power distribution network, on-chip, remote, software, hardware, trojan

Original Publication (in the same form): ACM Transactions on Design Automation of Electronic Systems

Date: received 2 Dec 2019, last revised 27 Aug 2021

Contact author: dennis gnad at kit edu

Available format(s): PDF | BibTeX Citation

Version: 20210827:144554 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]