Physical Side-Channel Attacks and Covert Communication on FPGAs: A Survey Seyedeh Sharareh Mirzargar and Mirjana Stojilovi´ c School of Computer and Communication Sciences ´ Ecole Polytechnique F´ ed´ erale de Lausanne (EPFL) Lausanne, Switzerland seyedeh.mirzargar, mirjana.stojilovic@epfl.ch Abstract—Field-programmable gate arrays (FPGAs) are, like CPUs, susceptible to side-channel information leakage and covert communication. The malleability of FPGAs enables users to create and control physical effects, and sense and measure the consequences. With FPGAs becoming integrated into the cloud, a range of hardware- and software-based attacks may be waiting to be discovered. In this survey, we focus on physical channels used for side-channel attacks or covert communication. Physical channels are those that exist due to the physical properties of FPGAs, for example: power consumption, temperature, or electromagnetic emission. We include the most recent demon- strations of malicious or unintended use of physical channels in remote and/or shared FPGAs, propose taxonomies, compare the efficiency and feasibility of the attacks, and discuss challenges in preventing them. Index Terms—covert communication, crosstalk, electromag- netism, FPGA, power, side-channel attacks, temperature I. I NTRODUCTION FPGAs, with their flexible computing fabric, offer lower design costs, reduced system complexity, and decreased time to market, while achieving performance gains due to abundant hardware parallelism. Given the large number of bit- and byte- level operations required in modern block ciphers, FPGAs are a natural platform for implementing cryptographic algorithms. The growth in application space of FPGAs puts a lot of pressure on FPGA- and system developers to ensure security and protect both the development investment and the end users. Design-tool subversion, (un)trusted foundries, tampering, and bitstream reverse engineering are only some of the known security threats associated with reconfigurable hardware [1]– [5]. In this paper, we focus on those security threats that do not require injecting a fault or tampering with the design (e.g., by inserting a Trojan) to retrieve a secret information: side- channel analysis (SCA). In SCA, while an FPGA is performing cryptographic computation, an adversary exploits external, measurable, and benign manifestations of internal processes of the FPGA with the goal of inferring secrets. Side channel attacks first appear in Kocher et al. [6] as timing attacks, in which an adversary measures the time a device takes to perform the computations and deduces additional information about the crypto-system. Another example of SCA is the differential power analysis attack [7], where an adversary measures and analyzes the device power consumption to deduce the secret key. Yet another side channel is the one that measures and exploits the electromagnetic (EM) emanations from a device: EM analysis attack. Besides attacking, these and other side channels can be used to communicate, i.e., to intentionally leak secret information to someone who is eaves- dropping the channel properties. This covert communication demands for a team: a source and a destination. Normally, the source is prevented from writing to destination directly; instead, it uses indirect means to leak classified data. For example, a covert communication channel could be a shared memory, such as DRAM or cache memory. Since big datacenter and cloud providers decided to add FP- GAs to their portfolio, researchers have been actively looking into the security threats that entails and how to best implement FPGA-accelerated clouds. In the past couple of years, several side-channel threats have been discovered. Given that all of them are physical, i.e., they rely on sensing a physical phe- nomena (power, current, electromagnetic emanations, crosstalk coupling, heat), it is timely to revisit the related work on physical side-channels. There are several ways to categorize physical side-channel attacks. First, they can be classed based on the transmission medium or physical phenomenon being observed as power, electromagnetic, thermal, sound, crosstalk coupling, and photonic emission. Additionally, they can be classed as active (invasive) or passive (non invasive). Active attacks include tampering with the device to increase side-channel leakage or to monitor its internal signals, while passive attacks only observe internal information of the device with a measuring instrument or a sensor. An entirely new way of categorizing SCAs in the datacenter could be into those requiring physical proximity to the device and those that can be performed remotely. The contributions of this survey, besides revisiting physical side-channel attacks and covert-communication successfully demonstrated on FPGAs, are as follows: • a survey of the recently shown physical side- and covert- communication channels in shared and/or remote FPGAs, • a comprehensive list of FPGA devices and platforms that have been successfully attacked or used to perform covert communication, and • a discussion, based on qualitative and quantitative data, about the threat that the FPGA physical channels pose.