A Protection and Pay-per-use Licensing Scheme for On-cloud FPGA Circuit IPs
13 Aug 2019-ACM Transactions on Reconfigurable Technology and Systems (ACMPUB27New York, NY, USA)-Vol. 12, Iss: 3, pp 1-19
TL;DR: Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed.
Abstract: Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed. The proposed scheme enforces a pay-per-use model, allows HWIP's installation only on specific on-cloud FPGAs, and efficiently protects the HWIPs from being cloned, reverse engineered, or used without the owner's authorization by any party, including a cloud insider. It also provides protection for the users’ designs integrated with the HWIP on the same FPGA. This enables cloud tenants to license HWIPs in the cloud from the HWIP vendors at a relatively low price based on usage instead of paying the expensive unlimited HWIP license fee. The scheme includes a protocol for FPGA authentication, HWIP secure decryption, and usage by the clients without the need for the HWIP vendor to be involved or divulge their secret keys. A complete prototype test-bed implementation showed that the proposed scheme is very feasible with relatively low resource utilization. Experiments also showed that a HWIP could be licensed and set up in the on-cloud FPGA in 0.9s. This is 15 times faster than setting up the same HWIP from outside the cloud, which takes about 14s based on the average global Internet speed.
Citations
More filters
23 Feb 2020
TL;DR: This work explores how unique features of FPGAs can be exploited to instantiate Physical Unclonable Functions (PUFs) that can distinguish between otherwise-identical FPGA boards, and presents a set of defense mechanisms that can be added to existing countermeasures to mitigate users' attempts to fingerprint cloud FGPA infrastructures.
Abstract: In recent years, multiple public cloud FPGA providers have emerged, increasing interest in FPGA acceleration of cryptographic, bioinformatic, financial, and machine learning algorithms. To help understand the security of the cloud FPGA infrastructures, this paper focuses on a fundamental question of understanding what an adversary can learn about the cloud FPGA infrastructure itself, without attacking it or damaging it. In particular, this work explores how unique features of FPGAs can be exploited to instantiate Physical Unclonable Functions (PUFs) that can distinguish between otherwise-identical FPGA boards. This paper specifically introduces the first method for identifying cloud FPGA instances by extracting a unique and stable FPGA fingerprint based on PUFs measured from the FPGA boards' DRAM modules. Experiments conducted on the Amazon Web Services (AWS) cloud reveal the probability of renting the same physical board more than once. Moreover, the experimental results show that hardware is not shared among f1.2xlarge, f1.4xlarge, and f1.16xlarge instance types. As the approach used does not violate any restrictions currently placed by Amazon, this paper also presents a set of defense mechanisms that can be added to existing countermeasures to mitigate users' attempts to fingerprint cloud FPGA infrastructures.
26 citations
TL;DR: An extensive survey on the current state-of-the-art of FPGA based Physically Unclonable Functions, and a detailed performance evaluation result for several FGPA based PUF designs and their comparisons are provided.
19 citations
References
More filters
31 May 1998
TL;DR: A definition of protocol divertibility is given that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta's definition in the case of interactive zero-knowledge proofs and generalizes to cover several protocols not normally associated with divertibility.
Abstract: First, we introduce the notion of divertibility as a protocol property as opposed to the existing notion as a language property (see Okamoto, Ohta [OO90]) We give a definition of protocol divertibility that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta's definition in the case of interactive zero-knowledge proofs Other important examples falling under the new definition are blind signature protocols We propose a sufficiency criterion for divertibility that is satisfied by many existing protocols and which, surprisingly, generalizes to cover several protocols not normally associated with divertibility (eg, Diffie-Hellman key exchange) Next, we introduce atomic proxy cryptography, in which an atomic proxy function, in conjunction with a public proxy key, converts ciphertexts (messages or signatures) for one key into ciphertexts for another Proxy keys, once generated, may be made public and proxy functions applied in untrusted environments We present atomic proxy functions for discrete-log-based encryption, identification, and signature schemes It is not clear whether atomic proxy functions exist in general for all public-key cryptosystems Finally, we discuss the relationship between divertibility and proxy cryptography
1,533 citations
10 Sep 2007
TL;DR: New protocols for the IP protection problem on FPGAs are proposed and the first construction of a PUF intrinsic to current FPGA based on SRAM memory randomness present on current FFPAs is provided.
Abstract: In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor.
1,235 citations
TL;DR: This paper shows that it is possible to select a key over open communications channels in such a fashion that communications security can be maintained, and describes a method which forces any enemy to expend an amount of work which increases as the square of the work required of the two communicants to select the key.
Abstract: According to traditional conceptions of cryptographic security, it is necessary to transmit a key, by secret means, before encrypted massages can be sent securely. This paper shows that it is possible to select a key over open communications channels in such a fashion that communications security can be maintained. A method is described which forces any enemy to expend an amount of work which increases as the square of the work required of the two communicants to select the key. The method provides a logically new kind of protection against the passive eavesdropper. It suggests that further research on this topic will be highly rewarding, both in a theoretical and a practical sense.
725 citations
09 Jun 2008
TL;DR: A new PUF structure called the butterfly PUF that can be used on all types of FPGAs is proposed and experimental results showing their identification and key generation capabilities are presented.
Abstract: IP protection of hardware designs is the most important requirement for many FPGA IP vendors. To this end, various solutions have been proposed by FPGA manufacturers based on the idea of bitstream encryption. An alternative solution was advocated in (E. Simpson and P. Schaumont, 2006). Simpson and Schaumont proposed a new approach based on physical unclonable functions (PUFs) for IP protection on FPGAs. PUFs are a unique class of physical systems that extract secrets from complex physical characteristics of the integrated circuits which along with the properties of unclonability provide a highly secure means of generating volatile secret keys for cryptographic operations. However, the first practical PUF on an FPGA was proposed only later in (J. Guajardo et al., 2007) based on the startup values of embedded SRAM memories which are intrinsic in some of the current FPGAs. The disadvantage of these intrinsic SRAM PUFs is that not all FPGAs support uninitialized SRAM memory. In this paper, we propose a new PUF structure called the butterfly PUF that can be used on all types of FPGAs. We also present experimental results showing their identification and key generation capabilities.
502 citations
15 Aug 2010
TL;DR: In this paper, the authors report on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discuss some implications for RSA.
Abstract: This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.
397 citations