A Secure and Flexible FPGA–based Blockchain System for IIoTs

Blockchain is a promising solution for Industry 4.0 due to its traceability and immutability. However, blockchain itself does not guarantee the input data integrity. The tampered data from an endpoint device can be a significant problem because it may result in a cascaded negative effect on the whole smart factory operations. In this paper, we propose an FPGA-based private blockchain system for IIoTs, where the transaction generation is performed inside the FPGA in an isolated and enclaved manner. For the key confidentiality and transaction integrity, the proposed system utilizes a PUF, soft processor, and tightly coupled sensor connections inside the FPGA fabric. Since all the critical operations are hidden under the hood, adversaries even with the root privilege cannot intervene in the transaction generation process. The implemented IIoT device provides 33 transactions per minute and consumes a 191 mW of power

FPGA based Blockchain System for Industrial IoT

Industrial IoT (IIoT) is critical for industrial infrastructure modernization and digitalization. Therefore, it is of utmost importance to provide adequate protection of the IIoT system. A modern IIoT system usually consists of a large number of devices that are deployed in multiple locations and owned/managed by different entities who do not fully trust each other. These features make it harder to manage the system in a coherent manner and utilize existing security mechanisms to offer adequate protection. The emerging blockchain technology provides a powerful tool for IIoT system management and protection because the IIoT nature of distributed deployment and involvement of multiple stakeholders fits the design philosophy of blockchain well. Most existing blockchain construction mechanisms are not scalable enough and too heavy for an IIoT system. One promising way to overcome these limitations is utilizing hardware based trusted execution environment (TEE) in the blockchain construction. However, most of existing works on this direction do not consider the characteristics of IIoT devices (e.g., fixed functionality and limited supply) and face several limitations when they are applied for IIoT system management and protection, such as high energy consumption, single root-of-trust, and low decentralization level. To mitigate these challenges, we propose a novel field programmable gate array (FPGA) based blockchain system. It leverages the FPGA to build a simple but efficient TEE for IIoT devices, and removes the single root-of-trust by allowing all stakeholders to participate in the management of the devices. The FPGA based blockchain system shifts the computation/storage intensive part of blockchain management to more powerful computers but still involves the IIoT devices in the block construction to achieve a high level of decentralization. We implement the major FPGA components of the design and evaluate the performance of the whole system with a simulation tool to demonstrate its feasibility for IIoT applications

Estimated Interval-Based Checkpointing (EIC) on Spot Instances in Cloud Computing

In cloud computing, users can rent computing resources from service providers according to their demand. Spot instances are unreliable resources provided by cloud computing services at low monetary cost. When users perform tasks on spot instances, there is an inevitable risk of failures that causes the delay of task execution time, resulting in a serious deterioration of quality of service (QoS). To deal with the problem on spot instances, we propose an estimated interval-based checkpointing (EIC) using weighted moving average. Our scheme sets the thresholds of price and execution time based on history. Whenever the actual price and the execution time cross over the thresholds, the system saves the state of spot instances. The Bollinger Bands is adopted to inform the ranges of estimated cost and execution time for user's discretion. The simulation results reveal that, compared to the HBC and REC, the EIC reduces the number of checkpoints and the rollback time. Consequently, the task execution time is decreased with EIC by HBC and REC. The EIC also provides the benefit of the cost reduction by HBC and REC, on average. We also found that the actual cost and execution time fall within the estimated ranges suggested by the Bollinger Bands

DIoTA: Decentralized Ledger based Framework for Data Authenticity Protection in IoT Systems

It is predicted that more than 20 billion IoT devices will be deployed worldwide by 2020. These devices form the critical infrastructure to support a variety of important applications such as smart city, smart grid, and industrial internet. To guarantee that these applications work properly, it is imperative to authenticate these devices and data generated from them. Although digital signatures can be applied for these purposes, the scale of the overall system and the limited computation capability of IoT devices pose two big challenges. In order to overcome these obstacles, we propose DIoTA, a novel decentralized ledger-based authentication framework for IoT devices. DIoTA uses a two-layer decentralized ledger architecture together with a lightweight data authentication mechanism to facilitate IoT devices and data management. We also analyze the performance and security of DIoTA, and explicitly give the major parameters an administrator can choose to achieve a desirable balance between different metrics

TPU as Cryptographic Accelerator

Polynomials defined on specific rings are heavily involved in various cryptographic schemes, and the corresponding operations are usually the computation bottleneck of the whole scheme. We propose to utilize TPU, an emerging hardware designed for AI applications, to speed up polynomial operations and convert TPU to a cryptographic accelerator. We also conduct preliminary evaluation and discuss the limitations of current work and future plan

Blockchain based End-to-end Tracking System for Distributed IoT Intelligence Application Security Enhancement

IoT devices provide a rich data source that is not available in the past, which is valuable for a wide range of intelligence applications, especially deep neural network (DNN) applications that are data-thirsty. An established DNN model in turn provides useful analysis results that can improve the operation of IoT systems. The progress in distributed/federated DNN training further unleashes the potential of integration of IoT and intelligence applications. When a large number of IoT devices deployed in different physical locations, distributed training allows training modules to be deployed to multiple edge data centers that are close to the IoT devices to reduce the latency and movement of large amounts of data. In practice, these IoT devices and edge data centers are usually owned and managed by different parties, who do not fully trust each other or have conflicting interests. It is hard to coordinate them to provide an end-to-end integrity protection of the DNN construction and application with classical security enhancement tools. For example, one party may share an incomplete data set with others, or contribute a modified sub DNN model to manipulate the aggregated model and affect the decision-making process. To mitigate this risk, we propose a novel blockchain based end-toend integrity protection scheme for DNN applications integrated with an IoT system in the edge computing environment. The protection system leverages a set of cryptography primitives to build a blockchain adapted for edge computing that is scalable to handle a large number of IoT devices. The customized blockchain is integrated with a distributed/federated DNN to offer integrity and authenticity protection services

SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection

This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients\u27 data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability

Decentralized Translator of Trust: Supporting Heterogeneous TEE for Critical Infrastructure Protection

Trusted execution environment (TEE) technology has found many applications in mitigating various security risks in an efficient manner, which is attractive for critical infrastructure protection. First, the natural of critical infrastructure requires it to be well protected from various cyber attacks. Second, performance is usually important for critical infrastructure and it cannot afford an expensive protection mechanism. While a large number of TEE-based critical infrastructure protection systems have been proposed to address various security challenges (e.g., secure sensing and reliable control), most existing works ignore one important feature, i.e., devices comprised the critical infrastructure may be equipped with multiple incompatible TEE technologies and belongs to different owners. This feature makes it hard for these devices to establish mutual trust and form a unified TEE environment. To address these challenges and fully unleash the potential of TEE technology for critical infrastructure protection, we propose DHTee, a decentralized coordination mechanism. DHTee uses blockchain technology to support key TEE functions in a heterogeneous TEE environment, especially the attestation service. A Device equipped with one TEE can interact securely with the blockchain to verify whether another potential collaborating device claiming to have a different TEE meets the security requirements. DHTee is also flexible and can support new TEE schemes without affecting devices using existing TEEs that have been supported by the system.Comment: Appeared in ACM BSCI'2

Adaptive transaction scheduling for transactional memory systems

Transactional memory systems are expected to enable parallel programming at lower programming complexity, while delivering improved performance over traditional lock-based systems. Nonetheless, there are certain situations where transactional memory systems could actually perform worse. Transactional memory systems can outperform locks only when the executing workloads contain sufficient parallelism. When the workload lacks inherent parallelism, launching excessive transactions can adversely degrade performance. These situations will actually become dominant in future workloads when large-scale transactions are frequently executed. In this thesis, we propose a new paradigm called adaptive transaction scheduling to address this issue. Based on the parallelism feedback from applications, our adaptive transaction scheduler dynamically dispatches and controls the number of concurrently executing transactions. In our case study, we show that our low-cost mechanism not only guarantees that hardware transactional memory systems perform no worse than a single global lock, but also significantly improves performance for both hardware and software transactional memory systems.M.S.Committee Chair: Lee, Hsien-Hsin; Committee Member: Blough, Douglas; Committee Member: Yalamanchili, Sudhaka