In this paper, we present a novel technique for transmitting data over the power supply pins of an FPGA. Using this power side channel communication, a core inside the FPGA is able to send data to a receiver outside of the FPGA. Possible applications include monitoring, debugging, and watermarking. For the communication, we do not need any further resources, like IO pins or modifications of the board. We characterize the communication channel over the power pins and build a channel model. Furthermore, we present an encoding/decoding method which is independent of the board type and FPGA combination. With this approach, we achieve data rates up to 500 kbit/s. Finally, we provide a case study, which extends existing power watermarking techniques to the new encoding/decoding method and show experimental decoding results.
I. INTRODUCTIONCommunication over power supply facilities today features many applications. It is widely used as power line communication over conductors that are at the same time used as electric power supply. For example, applications like home surveillance (e.g., baby monitor) or home control (e.g., remote control of roller blinds, heating, etc.) often use power line communication. Furthermore, internet access over power line, so called Broadband over Power Lines (BPL), and small home networks using PowerLAN have emerged in the last years. As main advantage of such systems, the available infrastructure, like cables and wires, can be additionally used for communication without the need for new communication media.However, communication over power lines on printed circuit boards (PCBs) or inside integrated circuits is very uncommon. Information on cryptographic operations inside embedded systems can be gathered by power side-channel attacks. Usually, the goal is to get the secret key or information about the implementation of the cryptographic algorithm.Power analysis attacks are based on the observation that different instructions cause variations in the activities on the signal lines, which result in differences in a device's power consumption. With simple power analysis (SPA) [1], the measured power consumption is directly mapped to the different operations in a cryptographic algorithm. With this technique, program parts in a microprocessor, for example DES rounds or RSA operations, can be identified. Since the execution of these program parts depends on a key bit, the key bits can be restored. Differential power analysis (DPA) [1] is an enhanced method which uses statistical analysis, error correction and correlation techniques to extract exact information about the secret key.