Secure Computing Enclaves Using FPGAs

Elrabaa, Muhammad E. S.; Al-Asli, M.; Abu-Amara, Marwan

doi:10.1109/tdsc.2019.2933214

Cited by 11 publications

(7 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, the nature of our FHE algorithm also prevents the attack as well. Readback attack [49] is another conventional attack of FPGA implementation, the idea of the attack is read the configuration of the FPGA through the programming interface or JTAG to obtain private keys or FHE algorithms. The readback attack can be prevented by setting a security bit in FPGA which is used to disable different features, and it is better to embed our FPGA-based accelerator into a secure environment, where the configuration information can be deleted once detecting interference.…”

Section: Security Discussionmentioning

confidence: 99%

FPGA-Based Hardware Accelerator for Leveled Ring-LWE Fully Homomorphic Encryption

Yang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Fully homomorphic encryption (FHE) allows arbitrary computation on encrypted data and has great potential in privacy-preserving cloud computing and securely outsource computational tasks. However, the excessive computation complexity is the key limitation that restricting the practical application of FHE. In this paper we proposed a FPGA-based high parallelism architecture to accelerate the FHE schemes based on the ring learning with errors (RLWE) problem, specifically, we presented a fast implementation of leveled fully homomorphic encryption scheme BGV. In order to reduce the computation latency and improve the performance, we applied both circuit-level and block-level pipeline strategies to improve clock frequency, and as a result, enhance the processing speed of polynomial multipliers and homomorphic evaluation functions. At the same time, multiple polynomial multipliers and modular reduction units were deployed in parallel to further improve the hardware performance. Finally, we implemented and tested our architecture on a Virtex UltraScale FPGA platform. Runing at 150MHz, our implementation achieved 4.60x~9.49x speedup with respect to the optimized software implementation on Intel i7 processor running at 3.1GHz for homomorphic encryption and decryption, and the throughput was increased by 1.03x~4.64x compared to the hardware implementation of BGV. While compared to the hardware implementation of FV, the throughput of our accelerator also achieved 5.05x and 167.3x speedup for homomorphic addition and homomorphic multiplication operation respectively.

show abstract

Section: Security Discussionmentioning

confidence: 99%

FPGA-Based Hardware Accelerator for Leveled Ring-LWE Fully Homomorphic Encryption

Yang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…To enable FPGAs in cloud computing, several authors agreed on the necessity of a trusted authority different from the cloud provider [6], [7], [8], [9], [10]. For practical reasons, the FPGA manufacturer is usually considered as the trusted authority and has an important role in the security of the remote connection between the client and the FPGA.…”

Section: Related Work 21 Trusted Authority For Cloud-enabled Fpgamentioning

confidence: 99%

“…In [6] and [7], secure FPGA enclaves are proposed. A TA is present in the communication scheme alongside the CP and the client, but their approach and achievements differ.…”

Section: Security Of Cloud-enabled Fpgamentioning

confidence: 99%

“…In [6] device unique keys (e.g., PUF) are derived to constitute a key hierarchy and obtain key-pairs for bitstream encryption and enclave communication/identification. Unlike [7], the solution for FPGA authentication proposed here is an SGX-inspired attestation mechanism endorsed by the TA. The latter offers services like bitstream certification and boot code authentication.…”

Section: Security Of Cloud-enabled Fpgamentioning

confidence: 99%

“…The authors of [7] propose a framework where FPGA authentication is achieved and a secure channel is created for the client using a modular exponentiation and Diffie-Hellman Ephemeral algorithm. The client compares the FPGA PUF output with the response known by the TA.…”

Section: Security Of Cloud-enabled Fpgamentioning

confidence: 99%

See 2 more Smart Citations

OAuth 2.0-based authentication solution for FPGA-enabled cloud computing

Ince

Espes

Gogniat

et al. 2021

Proceedings of the 14th IEEE/ACM International Conference on Utility and Cloud Computing Companion

View full text Add to dashboard Cite

FPGA-enabled cloud computing is getting more and more common as cloud providers offer hardware accelerated solutions. In this context, clients need confidential remote computing. However Intellectual Properties and data are being used and communicated. So current security models require the client to trust the cloud provider blindly by disclosing sensitive information. In addition, the lack of strong authentication and access control mechanisms, for both the client and the provided FPGA in current solutions, is a major security drawback. To enhance security measures and privacy between the client, the cloud provider and the FPGA, an additional entity needs to be introduced: the trusted authority. Its role is to authenticate the client-FPGA pair and isolate them from the cloud provider. With our novel OAuth 2.0-based access delegation solution for FPGA-accelerated clouds, a remote confidential FPGA environment with a token-based access can be created for the client. Our solution allows to manage and securely allocate heterogeneous resource pools with enhanced privacy & confidentiality for the client. Our formal analysis shows that our protocol adds a very small latency which is suitable for real-time application.

show abstract