A new scheme for securing users' data and applications in public clouds and data centers using Field Programmable Gate Arrays (FPGAs) has been developed. This scheme incorporates all necessary protocols, hardware,...
详细信息
A new scheme for securing users' data and applications in public clouds and data centers using Field Programmable Gate Arrays (FPGAs) has been developed. This scheme incorporates all necessary protocols, hardware, and software components to provide protection against many known potential attacks including internal attacks. It achieves perfect forward secrecy, provides FPGA authentication and integrity checks, and securely establishes a symmetric session key between the user and the FPGA. A complete prototype has been implemented to show the feasibility of the proposed scheme with current FPGAs. Experimental results showed that an FPGA-based compute node can be set up in a cloud in 3.36s;12.6 times faster than booting a medium-size conventional Virtual Machine (VM) on the same cloud. Based on the average global Internet speed, the time it takes to set up the FPGA-based machine from anywhere in the world was estimated to be 15s. Also, running an experimental secure image processing application on the FPGA took 50 percent less time than running the same application on a conventional state-of-the art processor (without a secure container).
A new scheme using field programmable gate arrays (FPGAs) to secure Internet of Things (IoT) data processing in public clouds against various attacks (including attacks from insiders) is proposed. The proposed scheme ...
详细信息
A new scheme using field programmable gate arrays (FPGAs) to secure Internet of Things (IoT) data processing in public clouds against various attacks (including attacks from insiders) is proposed. The proposed scheme supports various business models involving multiple parties and allow the data owner to give temporary access to IoT data to specific clients at a public market place (the cloud). The scheme achieves perfect forward secrecy, provides FPGA authentication, a secure way to establish a symmetric session key between the on-cloud FPGA, the IoT device and the client, and allows user's configuration integrity check while running in the cloud FPGA. A symmetric proxy re-encryption (PRE) scheme is used to support the publish/subscribe mode of operation of IoT. A complete prototype has been implemented to show the feasibility of the proposed scheme. Formal verification of the proposed protocol verified that it does not have any vulnerabilities. Experimental results showed that an FPGA implementation of the proposed PRE was 6x faster than the SW implementation in transforming a ciphertext of size 1 GB.
Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed. The proposed scheme enforces a pay-peruse model,...
详细信息
Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed. The proposed scheme enforces a pay-peruse model, allows HWIP's installation only on specific on-cloud FPGAs, and efficiently protects the HWIPs from being cloned, reverse engineered, or used without the owner's authorization by any party, including a cloud insider. It also provides protection for the users' designs integrated with the HWIP on the same FPGA. This enables cloud tenants to license HWIPs in the cloud from the HWIP vendors at a relatively low price based on usage instead of paying the expensive unlimited HWIP license fee. The scheme includes a protocol for FPGA authentication, HWIP secure decryption, and usage by the clients without the need for the HWIP vendor to be involved or divulge their secret keys. A complete prototype test-bed implementation showed that the proposed scheme is very feasible with relatively low resource utilization. Experiments also showed that a HWIP could be licensed and set up in the on-cloud FPGA in 0.9s. This is 15 times faster than setting up the same HWIP from outside the cloud, which takes about 14s based on the average global Internet speed.
暂无评论