Cryptology ePrint Archive: Report 2019/1394

Voltage-based Covert Channels in Multi-Tenant FPGAs

Dennis R. E. Gnad and Cong Dang Khoa Nguyen and Syed Hashim Gillani and Mehdi B. Tahoori

Abstract: FPGAs are increasingly used in cloud applications and being integrated into Systems-on-Chip (SoCs). For these systems, various side-channel attacks on cryptographic implementations have been reported, motivating to apply proper countermeasures. Beyond cryptographic implementations, maliciously introduced covert channel receivers and transmitters can allow to exfiltrate any kind of secret information from the FPGA. In this paper, we present a fast covert channel on FPGAs, which exploits the on-chip power distribution network. This can be achieved without any logical connection between the transmitter and receiver blocks. Compared to FPGA thermal covert channels that reach about 1 bit/s, we can show a transmission rate of 8 MBit/s which is almost error free. We reach a small raw bit error ratio (BER) below 10 $\times$ 10$^{-6}$ BER, even in the presence of noise generated from another functional module in the FPGA, and without using error correction codes. When we place and operate other co-tenant modules that require 85% total FPGA area, the BER increases to $\approx$100-1000$\times$ 10$^{-6}$, depending on the platform. This error rate is still reasonably low for a covert channel. Overall, the transmitter and receiver work with less than 3% FPGA resources together.

Category / Keywords: implementation / fpga, multi-tenant, accelerator, SoC, side-channel, covert-channel, power distribution network, on-chip, remote, software, hardware, trojan

Date: received 2 Dec 2019

Contact author: dennis gnad at kit edu

Available format(s): PDF | BibTeX Citation

Version: 20191204:081942 (All versions of this report)

Short URL: ia.cr/2019/1394


[ Cryptology ePrint archive ]