TY - GEN
T1 - Aggregate Encryption Individual Decryption for FPGA Bitstream Protection on Cloud
AU - Debnath, Mukta
AU - Guha, Krishnendu
AU - Saha, Debasri
AU - Sur-Kolay, Susmita
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Cloud computing platforms are progressively adopting Field Programmable Gate Arrays (FPGAs) to deploy specialized hardware accelerators for specific computational tasks. However, the security of FPGA-based bitstream for Intellectual Property (IP) cores from unauthorized interception in cloud environments remains a prominent concern. Existing methodologies for protection of these bitstreams have several limitations, such as requiring a large number of keys, tying bitstreams to specific FPGAs, and relying on trusted third parties. This paper proposes AgEID (Aggregate Encryption and Individual Decryption), a cryptosystem based on key aggregation to enhance the security of FPGA-based bitstreams for IP cores and to address the pitfalls of previous related works. By this scheme, IP providers can encrypt their bitstreams using a single key for a given set of FPGA boards, and this same key then decrypts the bitstream on any of the FPGA boards within that set. Aggregate encryption of this single key is performed in a way which ensures that the key can solely be obtained onboard through individual decryption employing the board's private key, thus facilitating secure key provisioning, The proposed cryptosystem is evaluated mainly on Xilinx Zynq™7000 FPGAs.
AB - Cloud computing platforms are progressively adopting Field Programmable Gate Arrays (FPGAs) to deploy specialized hardware accelerators for specific computational tasks. However, the security of FPGA-based bitstream for Intellectual Property (IP) cores from unauthorized interception in cloud environments remains a prominent concern. Existing methodologies for protection of these bitstreams have several limitations, such as requiring a large number of keys, tying bitstreams to specific FPGAs, and relying on trusted third parties. This paper proposes AgEID (Aggregate Encryption and Individual Decryption), a cryptosystem based on key aggregation to enhance the security of FPGA-based bitstreams for IP cores and to address the pitfalls of previous related works. By this scheme, IP providers can encrypt their bitstreams using a single key for a given set of FPGA boards, and this same key then decrypts the bitstream on any of the FPGA boards within that set. Aggregate encryption of this single key is performed in a way which ensures that the key can solely be obtained onboard through individual decryption employing the board's private key, thus facilitating secure key provisioning, The proposed cryptosystem is evaluated mainly on Xilinx Zynq™7000 FPGAs.
KW - Cloud environment
KW - FPGA bitstream protection
KW - IP core
KW - key aggregation
UR - https://www.scopus.com/pages/publications/85210806291
U2 - 10.1109/SEED61283.2024.00025
DO - 10.1109/SEED61283.2024.00025
M3 - Conference proceeding
AN - SCOPUS:85210806291
T3 - Proceedings - 2024 International Symposium on Secure and Private Execution Environment Design, SEED 2024
SP - 155
EP - 165
BT - Proceedings - 2024 International Symposium on Secure and Private Execution Environment Design, SEED 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Symposium on Secure and Private Execution Environment Design, SEED 2024
Y2 - 16 May 2024 through 17 May 2024
ER -