Field Programmable Gate Arrays ( FPGAs ) are increasingly used in cloud applications and being integrated into Systems-on-Chip. For these systems, various side-channel attacks on cryptographic implementations have been reported, motivating one to apply proper countermeasures. Beyond cryptographic implementations, maliciously introduced covert channel receivers and transmitters can allow one to exfiltrate other secret information from the FPGA. In this article, we present a fast covert channel on FPGAs, which exploits the on-chip power distribution network. This can be achieved without any logical connection between the transmitter and receiver blocks. Compared to a recently published covert channel with an estimated 4.8 Mbit/s transmission speed, we show 8 Mbit/s transmission and reduced errors from around 3% to less than 0.003%. Furthermore, we demonstrate proper transmissions of word-size messages and test the channel in the presence of noise generated from other residing tenants’ modules in the FPGA. When we place and operate other co-tenant modules that require 85% of the total FPGA area, the error rate increases to 0.02%, depending on the platform and setup. This error rate is still reasonably low for a covert channel. Overall, the transmitter and receiver work with less than 3–5% FPGA LUT resources together. We also show the feasibility of other types of covert channel transmitters, in the form of synchronous circuits within the FPGA.

中文翻译：

---

使用 FPGA 的基于电压的隐蔽通道

现场可编程门阵列(FPGA) 越来越多地用于云应用程序并集成到片上系统中。对于这些系统，已经报告了对加密实现的各种侧信道攻击，促使人们采取适当的对策。除了加密实现之外，恶意引入的隐蔽通道接收器和发射器还可以让人们从 FPGA 中窃取其他秘密信息。在本文中，我们介绍了 FPGA 上的一个快速隐蔽通道，它利用了片上配电网络。这可以在发送器和接收器块之间没有任何逻辑连接的情况下实现。与最近发布的估计传输速度为 4.8 Mbit/s 的隐蔽信道相比，我们展示了 8 Mbit/s 传输并将错误从大约 3% 减少到不到 0.003%。此外，我们演示了字长消息的正确传输，并在存在 FPGA 中其他驻留租户模块产生的噪声的情况下测试信道。当我们放置和操作需要 85% 的 FPGA 总面积的其他共同租户模块时，错误率会增加到 0.02%，具体取决于平台和设置。对于隐蔽通道，这个错误率仍然相当低。总体而言，发送器和接收器一起使用不到 3–5% 的 FPGA LUT 资源。我们还以 FPGA 内同步电路的形式展示了其他类型的隐蔽通道发射器的可行性。取决于平台和设置。对于隐蔽通道，这个错误率仍然相当低。总体而言，发送器和接收器一起使用不到 3–5% 的 FPGA LUT 资源。我们还以 FPGA 内同步电路的形式展示了其他类型的隐蔽通道发射器的可行性。取决于平台和设置。对于隐蔽通道，这个错误率仍然相当低。总体而言，发送器和接收器一起使用不到 3–5% 的 FPGA LUT 资源。我们还以 FPGA 内同步电路的形式展示了其他类型的隐蔽通道发射器的可行性。