Paper 2023/429

CPU to FPGA Power Covert Channel in FPGA-SoCs

Mathieu Gross, Technical University of Munich
Robert Kunzelmann, Technical University of Munich
Georg Sigl, Technical University of Munich

FPGA-SoCs are a popular platform for accelerating a wide range of applications due to their performance and flexibility. From a security point of view, these systems have been shown to be vulnerable to various attacks, especially side-channel attacks where an attacker can obtain the secret key of a cryptographic algorithm via laboratory mea- surement equipment or even remotely with sensors implemented inside the FPGA logic itself. Fortunately, a variety of countermeasures on the algorithmic level have been proposed to mitigate this threat. Beyond side- channel attacks, covert channels constitute another threat which enables communication through a hidden channel. In this work, we demonstrate the possibility of implementing a covert channel between the CPU and an FPGA by modulating the usage of the Power Distribution Network. We show that this resource is especially vulnerable since it can be easily controlled and observed, resulting in a stealthy communication and a high transmission data rate. The power usage is modulated using simple and inconspicuous instructions executed on the CPU. Additionally, we use Time-to-Digital Converter sensors to observe these power variations. The sensor circuits are programmed into the FPGA fabric using only standard logic components. Our covert channel achieves a transmission rate of up to 16.7 kbit/s combined with an error rate of 2.3%. Besides a good transmission quality, our covert channel is also stealthy and can be used as an activation function for a hardware trojan.

Available format(s)
Attacks and cryptanalysis
Publication info
FPGA-SoCcovert channelpower distribution networkon-chip power sensorshardware trojan
Contact author(s)
mathieu gross @ tum de
robert kunzelmann @ tum de
sigl @ tum de
2023-03-24: approved
2023-03-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mathieu Gross and Robert Kunzelmann and Georg Sigl},
      title = {{CPU} to {FPGA} Power Covert Channel in {FPGA}-{SoCs}},
      howpublished = {Cryptology ePrint Archive, Paper 2023/429},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.