Aggregate Encryption Individual Decryption for FPGA Bitstream Protection on Cloud

Document Type

Conference Article

Publication Title

Proceedings 2024 International Symposium on Secure and Private Execution Environment Design Seed 2024

Abstract

Cloud computing platforms are progressively adopting Field Programmable Gate Arrays (FPGAs) to deploy specialized hardware accelerators for specific computational tasks. However, the security of FPGA-based bitstream for Intellectual Property (IP) cores from unauthorized interception in cloud environments remains a prominent concern. Existing methodologies for protection of these bitstreams have several limitations, such as requiring a large number of keys, tying bitstreams to specific FPGAs, and relying on trusted third parties. This paper proposes AgEID (Aggregate Encryption and Individual Decryption), a cryptosystem based on key aggregation to enhance the security of FPGA-based bitstreams for IP cores and to address the pitfalls of previous related works. By this scheme, IP providers can encrypt their bitstreams using a single key for a given set of FPGA boards, and this same key then decrypts the bitstream on any of the FPGA boards within that set. Aggregate encryption of this single key is performed in a way which ensures that the key can solely be obtained onboard through individual decryption employing the board's private key, thus facilitating secure key provisioning, The proposed cryptosystem is evaluated mainly on Xilinx Zynq™7000 FPGAs. The outcomes demonstrate that our cryptosystem outperforms existing techniques with respect to resource, time and energy sianiflcantly,

First Page

155

Last Page

165

DOI

10.1109/SEED61283.2024.00025

Publication Date

1-1-2024

Link to Full Text

Share

COinS