Covert Channel Between the CPU and An FPGA By Modulating The Usage of the Power Distribution Network


A new technical paper titled “CPU to FPGA Power Covert Channel in FPGA-SoCs” was published by researchers at TU Munich and Fraunhofer Research Institution AISEC.

“FPGA-SoCs are a popular platform for accelerating a wide
range of applications due to their performance and flexibility. From a
security point of view, these systems have been shown to be vulnerable
to various attacks, especially side-channel attacks where an attacker can
obtain the secret key of a cryptographic algorithm via laboratory mea-
surement equipment or even remotely with sensors implemented inside
the FPGA logic itself. Fortunately, a variety of countermeasures on the
algorithmic level have been proposed to mitigate this threat. Beyond side-
channel attacks, covert channels constitute another threat which enables
communication through a hidden channel. In this work, we demonstrate
the possibility of implementing a covert channel between the CPU and
an FPGA by modulating the usage of the Power Distribution Network.
We show that this resource is especially vulnerable since it can be easily
controlled and observed, resulting in a stealthy communication and a
high transmission data rate. The power usage is modulated using simple
and inconspicuous instructions executed on the CPU. Additionally, we
use Time-to-Digital Converter sensors to observe these power variations.
The sensor circuits are programmed into the FPGA fabric using only
standard logic components. Our covert channel achieves a transmission
rate of up to 16.7 kbit/s combined with an error rate of 2.3%. Besides
a good transmission quality, our covert channel is also stealthy and can
be used as an activation function for a hardware trojan.”

Find the technical paper here. Preprint March 2023.

Gross, Mathieu, Robert Kunzelmann, and Georg Sigl. “CPU to FPGA Power Covert Channel in FPGA-SoCs.” Cryptology ePrint Archive (2023).

Leave a Reply

(Note: This name will be displayed publicly)