Paper 2019/1394
Voltage-based Covert Channels in Multi-Tenant FPGAs
Dennis R. E. Gnad and Cong Dang Khoa Nguyen and Syed Hashim Gillani and Mehdi B. Tahoori
Abstract
FPGAs are increasingly used in cloud applications and being integrated into Systems-on-Chip (SoCs). For these systems, various side-channel attacks on cryptographic implementations have been reported, motivating to apply proper countermeasures. Beyond cryptographic implementations, maliciously introduced covert channel receivers and transmitters can allow to exfiltrate any kind of secret information from the FPGA. In this paper, we present a fast covert channel on FPGAs, which exploits the on-chip power distribution network. This can be achieved without any logical connection between the transmitter and receiver blocks. Compared to FPGA thermal covert channels that reach about 1 bit/s, we can show a transmission rate of 8 MBit/s which is almost error free. We reach a small raw bit error ratio (BER) below 10 $\times$ 10$^{-6}$ BER, even in the presence of noise generated from another functional module in the FPGA, and without using error correction codes. When we place and operate other co-tenant modules that require 85% total FPGA area, the BER increases to $\approx$100-1000$\times$ 10$^{-6}$, depending on the platform. This error rate is still reasonably low for a covert channel. Overall, the transmitter and receiver work with less than 3% FPGA resources together.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- fpgamulti-tenantacceleratorSoCside-channelcovert-channelpower distribution networkon-chipremotesoftwarehardwaretrojan
- Contact author(s)
- dennis gnad @ kit edu
- History
- 2021-08-27: revised
- 2019-12-04: received
- See all versions
- Short URL
- https://ia.cr/2019/1394
- License
-
CC BY