Virtualized Reconfigurable Resources and Their Secured Provision in an Untrusted Cloud Environment

The cloud computing business grows year after year. To keep up with increasing demand and to offer more services, data center providers are always searching for novel architectures. One of them are FPGAs, reconfigurable hardware with high compute power and energy efficiency. But some clients cannot make use of the remote processing capabilities. Not every involved party is trustworthy and the complex management software has potential security flaws. Hence, clients’ sensitive data or algorithms cannot be sufficiently protected. In this thesis state-of-the-art hardware, cloud and security concepts are analyzed and com- bined. On one side are reconfigurable virtual FPGAs. They are a flexible resource and fulfill the cloud characteristics at the price of security. But on the other side is a strong requirement for said security. To provide it, an immutable controller is embedded enabling a direct, confidential and secure transfer of clients’ configurations. This establishes a trustworthy compute space inside an untrusted cloud environment. Clients can securely transfer their sensitive data and algorithms without involving vulnerable software or a data center provider. This concept is implemented as a prototype. Based on it, necessary changes to current FPGAs are analyzed. To fully enable reconfigurable yet secure hardware in the cloud, a new hybrid architecture is required.Das Geschäft mit dem Cloud Computing wächst Jahr für Jahr. Um mit der steigenden Nachfrage mitzuhalten und neue Angebote zu bieten, sind Betreiber von Rechenzentren immer auf der Suche nach neuen Architekturen. Eine davon sind FPGAs, rekonfigurierbare Hardware mit hoher Rechenleistung und Energieeffizienz. Aber manche Kunden können die ausgelagerten Rechenkapazitäten nicht nutzen. Nicht alle Beteiligten sind vertrauenswürdig und die komplexe Verwaltungssoftware ist anfällig für Sicherheitslücken. Daher können die sensiblen Daten dieser Kunden nicht ausreichend geschützt werden. In dieser Arbeit werden modernste Hardware, Cloud und Sicherheitskonzept analysiert und kombiniert. Auf der einen Seite sind virtuelle FPGAs. Sie sind eine flexible Ressource und haben Cloud Charakteristiken zum Preis der Sicherheit. Aber auf der anderen Seite steht ein hohes Sicherheitsbedürfnis. Um dieses zu bieten ist ein unveränderlicher Controller eingebettet und ermöglicht eine direkte, vertrauliche und sichere Übertragung der Konfigurationen der Kunden. Das etabliert eine vertrauenswürdige Rechenumgebung in einer nicht vertrauenswürdigen Cloud Umgebung. Kunden können sicher ihre sensiblen Daten und Algorithmen übertragen ohne verwundbare Software zu nutzen oder den Betreiber des Rechenzentrums einzubeziehen. Dieses Konzept ist als Prototyp implementiert. Darauf basierend werden nötige Änderungen von modernen FPGAs analysiert. Um in vollem Umfang eine rekonfigurierbare aber dennoch sichere Hardware in der Cloud zu ermöglichen, wird eine neue hybride Architektur benötigt

Hardware Obfuscation for Finite Field Algorithms

With the rise of computing devices, the security robustness of the devices has become of utmost importance. Companies invest huge sums of money, time and effort in security analysis and vulnerability testing of their software products. Bug bounty programs are held which incentivize security researchers for finding security holes in software. Once holes are found, software firms release security patches for their products. The semiconductor industry has flourished with accelerated innovation. Fabless manufacturing has reduced the time-to-market and lowered the cost of production of devices. Fabless paradigm has introduced trust issues among the hardware designers and manufacturers. Increasing dependence on computing devices in personal applications as well as in critical infrastructure has given a rise to hardware attacks on the devices in the last decade. Reverse engineering and IP theft are major challenges that have emerged for the electronics industry. Integrated circuit design companies experience a loss of billions of dollars because of malicious acts by untrustworthy parties involved in the design and fabrication process, and because of attacks by adversaries on the electronic devices in which the chips are embedded. To counter these attacks, researchers have been working extensively towards finding strong countermeasures. Hardware obfuscation techniques make the reverse engineering of device design and functionality difficult for the adversary. The goal is to conceal or lock the underlying intellectual property of the integrated circuit. Obfuscation in hardware circuits can be implemented to hide the gate-level design, layout and the IP cores. Our work presents a novel hardware obfuscation design through reconfigurable finite field arithmetic units, which can be employed in various error correction and cryptographic algorithms. The effectiveness and efficiency of the proposed methods are verified by an obfuscated Reformulated Inversion-less Berlekamp-Massey (RiBM) architecture based Reed-Solomon decoder. Our experimental results show the hardware implementation of RiBM based Reed-Solomon decoder built using reconfigurable field multiplier designs. The proposed design provides only very low overhead with improved security by obfuscating the functionality and the outputs. The design proposed in our work can also be implemented in hardware designs of other algorithms that are based on finite field arithmetic. However, our main motivation was to target encryption and decryption circuits which store and process sensitive data and are used in critical applications

A Survey on Security Threats and Countermeasures in IEEE Test Standards

International audienceEditor's note: Test infrastructure has been shown to be a portal for hackers. This article reviews the threats and countermeasures for IEEE test infrastructure standards

Hardware accelerated authentication system for dynamic time-critical networks

The secure and efficient operation of time-critical networks, such as vehicular networks, smart-grid and other smart-infrastructures, is of primary importance in today’s society. It is crucial to minimize the impact of security mechanisms over such networks so that the safe and reliable operations of time-critical systems are not being interfered. Even though there are several security mechanisms, their application to smart-infrastructure and Internet of Things (IoT) deployments may not meet the ubiquitous and time-sensitive needs of these systems. That is, existing security mechanisms either introduce a significant computation and communication overhead, or they are not scalable for a large number of IoT components. In particular, as a primary authentication mechanism, existing digital signatures cannot meet the real-time processing requirements of time-critical networks, and also do not fully benefit from advancements in the underlying hardware/software of IoTs. As a part of this thesis, we create a reliable and scalable authentication system to ensure secure and reliable operation of dynamic time-critical networks like vehicular networks through hardware acceleration. The system is implemented on System-On-Chips (SoC) leveraging the parallel processing capabilities of the embedded Graphical Processing Units (GPUs) along with the CPUs (Central Processing Units). We identify a set of cryptographic authentication mechanisms, which consist of operations that are highly parallelizable while still maintain high standards of security and are also secure against various malicious adversaries. We also focus on creating a fully functional prototype of the system which we call a “Dynamic Scheduler” which will take care of scheduling the messages for signing or verification on the basis of their priority level and the number of messages currently in the system, so as to derive maximum throughput or minimum latency from the system, whatever the requirement may be