Abstract
Field-programmable gate arrays (FPGAs) have gained massive popularity today as accelerators for a variety of workloads, including big data analytics, and parallel and distributed computing. This has fueled the study of mechanisms to provision FPGAs among multiple tenants as general purpose computing resources on the cloud. Such mechanisms offer new challenges, such as ensuring IP protection and bitstream confidentiality for mutually distrusting clients sharing the same FPGA. A direct adoption of existing IP protection techniques from the single tenancy setting do not completely address these challenges, and are also not scalable enough for practical deployment.
In this paper, we propose a dedicated and scalable framework for secure multi-tenant FPGA provisioning that can be easily integrated into existing cloud-based infrastructures such as OpenStack. Our technique has constant resource/memory overhead irrespective of the number of tenants sharing a given FPGA, and is provably secure under well-studied cryptographic assumptions. A prototype implementation of our proposition on Xilinx Virtex-7 FPGAs is presented to validate its overheads and scalability when supporting multiple tenants and workloads. To the best of our knowledge, this is the first FPGA provisioning framework to be prototyped that achieves a desirable balance between security and scalability in the multi-tenancy setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Nvidia Inc. GRID GPUs
Arasu, A., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: A secure coprocessor for database applications. In: 2013 23rd International Conference on Field Programmable Logic and Applications (FPL), pp. 1–8. IEEE (2013)
Azarderakhsh, R., Reyhani-Masoleh, A.: Efficient FPGA implementations of point multiplication on binary Edwards and generalized Hessian curves using Gaussian normal basis. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 20(8), 1453–1466 (2012)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22
Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_9
Chen, F., Shan, Y., Zhang, Y., Wang, Y., Franke, H., Chang, X., Wang, K.: Enabling FPGAs in the cloud. In: Proceedings of the 11th ACM Conference on Computing Frontiers, p. 3. ACMD (2014)
Duursma, I., Lee, H.S.: Tate pairing implementation for hyperelliptic curves y\(\hat{}\) 2= x\(\hat{}\) p-x+ d. In: ASIACRYPT, vol. 2894, pp. 111–123. Springer (2003). https://doi.org/10.1007/978-3-540-40061-5_7
Freund, K.: Amazon’s Xilinx FPGA Cloud: Why This May Be A Significant Milestone (2016)
Frey, G., Muller, M., Ruck, H.G.: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Trans. Inf. Theory 45(5), 1717–1719 (1999)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_15
Johansson, K.H., Törngren, M., Nielsen, L.: Vehicle applications of controller area network. In: Hristu-Varsakelis, D., Levine, W.S. (eds.) Handbook of Networked and Embedded Control Systems, pp. 741–765 (2005). https://doi.org/10.1007/0-8176-4404-0_32
Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004). https://doi.org/10.1007/s00145-004-0312-y
Joux, A., Pierrot, C.: Technical history of discrete logarithms in small characteristic finite fields - the road from subexponential to quasi-polynomial complexity. Des. Codes Cryptograph. 78(1), 73–85 (2016). https://doi.org/10.1007/s10623-015-0147-6
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie-Hellman problem on E(Fq5) (2010)
Kean, T.: Cryptographic rights management of FPGA intellectual property cores. In: Proceedings of the 2002 ACM/SIGDA Tenth International Symposium on FIeld-programmable Gate Arrays, pp. 113–118. ACM (2002)
Kerins, T., Marnane, W.P., Popovici, E.M., Barreto, P.S.L.M.: Efficient hardware for the tate pairing calculation in characteristic three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 412–426. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_30
Kirchgessner, R., Stitt, G., George, A., Lam, H.: VirtualRC: a virtual FPGA platform for applications and tools portability. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, pp. 205–208. ACM (2012)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Krautter, J., Gnad, D.R., Schellenberg, F., Moradi, A., Tahoori, M.B.: Active fences against voltage-based side channels in multi-tenant FPGAS. IACR Cryptol. ePrint Arch 2019:1152 (2019)
Lie, W., Feng-Yan, W.: Dynamic partial reconfiguration in FPGAs. In: 2009 Third International Symposium on Intelligent Information Technology Application, IITA 2009, vol. 2, pp. 445–448. IEEE (2009)
Longa, P., Miri, A.: New Multibase Non-Adjacent Form Scalar Multiplication and its Application to Elliptic Curve Cryptosystems (extended version). IACR Cryptology ePrint Archive 2008:52 (2008)
McLoone, M., McCanny, J.V.: Rijndael FPGA implementations utilizing look-up tables. J. VLSI Signal Process. Syst. Signal Image Video Technol. 34(3), 261–275 (2003)
Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)
Mukhopadhyay, D., Roy, D.B.: Revisiting FPGA implementation of montgomery multiplier in redundant number system for efficient ECC application in GF (p). In: 2018 28th International Conference on Field Programmable Logic and Applications (FPL), pp. 323–3233. IEEE (2018)
Oliveira, L.B., Aranha, D.F., Morais, E., Daguano, F., López, J., Dahab, R.: Tinytate: computing the Tate pairing in resource-constrained sensor nodes. In: Sixth IEEE International Symposium on Network Computing and Applications, 2007. NCA 2007, pp. 318–323, IEEE (2007)
Opitz, F., Sahak, E., Schwarz, B.: Accelerating distributed computing with FPGAs. Xcell J. 3, 20–27 (2012)
Ovtcharov, K., Ruwase, O., Kim, J.Y., Fowers, J., Strauss, K., Chung, E.S.: Accelerating deep convolutional neural networks using specialized hardware. Microsoft Res. Whitepaper 2(11), 1–4 (2015)
Patranabis, S., Shrivastava, Y., Mukhopadhyay, D.: Provably secure key-aggregate cryptosystems with broadcast aggregate keys for online data sharing on the cloud. IEEE Trans. Comput. 66(5), 891–904 (2017)
Provelengios, G., Holcomb, D., Tessier, R.: Characterizing power distribution attacks in multi-user FPGA environments. In: 2019 29th International Conference on Field Programmable Logic and Applications (FPL), pp. 194–201. IEEE (2019)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)
Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient Rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_16
Shu, C., Gaj, K., El-Ghazawi, T.: Low latency elliptic curve cryptography accelerators for NIST curves over binary fields. In: Proceedings of the 2005 IEEE International Conference on. Field-Programmable Technology, 2005, pp. 309–310. IEEE (2005)
So, H.K.H., Brodersen, R.: A unified hardware/software runtime environment for FPGA-based reconfigurable computers using BORPH. ACM Trans. Embed. Comput. Syst. (TECS) 7(2), 14 (2008)
Ueno, R., Homma, N., Sugawara, Y., Nogami, Y., Aoki, T.: Highly efficient GF (2\(\hat{}\)8) g f (2 8) inversion circuit based on redundant GF arithmetic and its application to AES design. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 63–80. Springer (2015). https://doi.org/10.1007/978-3-662-48324-4_4
Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(1), 455–461 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bag, A., Patranabis, S., Roy, D.B., Mukhopadhyay, D. (2020). Cryptographically Secure Multi-tenant Provisioning of FPGAs. In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2020. Lecture Notes in Computer Science(), vol 12586. Springer, Cham. https://doi.org/10.1007/978-3-030-66626-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-66626-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66625-5
Online ISBN: 978-3-030-66626-2
eBook Packages: Computer ScienceComputer Science (R0)