skip to main content
research-article

A Protection and Pay-per-use Licensing Scheme for On-cloud FPGA Circuit IPs

Published: 13 August 2019 Publication History

Abstract

Using security primitives, a novel scheme for licensing hardware intellectual properties (HWIPs) on Field Programmable Gate Arrays (FPGAs) in public clouds is proposed. The proposed scheme enforces a pay-per-use model, allows HWIP's installation only on specific on-cloud FPGAs, and efficiently protects the HWIPs from being cloned, reverse engineered, or used without the owner's authorization by any party, including a cloud insider. It also provides protection for the users’ designs integrated with the HWIP on the same FPGA. This enables cloud tenants to license HWIPs in the cloud from the HWIP vendors at a relatively low price based on usage instead of paying the expensive unlimited HWIP license fee. The scheme includes a protocol for FPGA authentication, HWIP secure decryption, and usage by the clients without the need for the HWIP vendor to be involved or divulge their secret keys. A complete prototype test-bed implementation showed that the proposed scheme is very feasible with relatively low resource utilization. Experiments also showed that a HWIP could be licensed and set up in the on-cloud FPGA in 0.9s. This is 15 times faster than setting up the same HWIP from outside the cloud, which takes about 14s based on the average global Internet speed.

References

[1]
P. K. Gupta. 2017. Bringing FPGA acceleration to the cloud-IT peer network. Retrieved from https://itpeernetwork.intel.com/fpga-acceleration-to-the-cloud/.
[2]
S. Putnam et al. 2014. A reconfigurable fabric for accelerating large-scale datacenter services. In Proceedings of the 41st Annual International Symposium on Computer Architecture (ISCA’14), 13--24.
[3]
S. Kesturt, J. D. Davis, and O. Williams. 2010. BLAS comparison on FPGA, CPU and GPU. Proceedings of the IEEE Annual International Symposium on Very Large Scale Integration (ISVLSI’10), 288--293.
[4]
J. Morra. 2016. Amazon plugs xilinx FPGA into its cloud. Retrieved from http:// www.electronicdesign.com/fpgas/amazon-plugs-xilinx-fpga-its-cloud.
[5]
Project Catapult, Microsoft Research. Retrieved from http://www.microsoft.com/en-us/research/project/project-catapult.
[6]
R. Maes, D. Schellekens, and I. Verbauwhede. 2012. A pay-per-use licensing scheme for hardware IP cores in recent SRAM-based FPGAs. IEEE Trans. Info. Forensics Secur. 7, 98--108, (2012).
[7]
J. Zhang, Y. Lin, Y. Lyu, and G. Qu. 2015. A PUF-FSM Binding scheme for FPGA IP protection and pay-per-device licensing. IEEE Trans. Info. Forensics Secur. 11 (2015), 2626--2627.
[8]
J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. Lect. Notes Comput. Sci. 4727, 63--80, (2007).
[9]
M. A. Gora, A. Maiti, and P. Schaumont. 2010. A flexible design flow for software IP binding in FPGA. IEEE Trans. Ind. Inform. 6 4, (2010), 719--728.
[10]
S. S. Kumar et al. 2008. The butterfly PUF protecting IP on every FPGA. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust (HOST’08). 67--70.
[11]
J. Guajardo et al. 2007. Physical unclonable functions and public-key crypto for FPGA IP protection. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL’07), 189--195.
[12]
S. Kumar et al. 2017. A flexible pay-per device licensing scheme for FPGA IP cores. In Proceedings of the IEEE Computer Society Annual Symposium on Very Large Scale Integration. 677--682.
[13]
L. Bossuet, G. Gogniat, and W. Burleson, 2006. Dynamically configurable security for SRAM FPGA bitstreams. Int. J. Embed. Syst. 2 1/2, (2006), 73--85.
[14]
T. Güneysu, B. Möller, and C. Paar. 2007. Dynamic intellectual property protection for reconfigurable devices. In Proceedings of the International Conference on Field Programmable Technology (ICFPT’07). 169--176.
[15]
P. Swierczynski, M. Fyrbiak, C. Paar, C. Huriaux, and R. Tessier. 2015. Protecting against cryptographic trojans in FPGAs. In Proceedings of the 23rd IEEE International Symposium on Field-Programmable Custom Computing Machines (FCCM’15).
[16]
A. Moradi, M. Kasper, and C. Paar. 2012. Black-box side-channel attacks highlight the importance of countermeasures an analysis of the xilinx virtex-4 and virtex-5 bitstream encryption mechanism. Topics Cryptol. 7178, 1--18 (2012).
[17]
M. Masoomi, M. Masoumi, and M. Ahmadian. 2010. A practical differential power analysis attack against an FPGA implementation of AES cryptosystem. In Proceedings of the International Conference of the Information Society. 308--312.
[18]
F. Khelil, M. Hamdi, S. Guilley, J. L. Danger, and N. Selmane. 2008. Fault analysis attack on an FPGA AES implementation. In Proceedings of the Conference on New Technologies, Mobility, and Security (NTMS’08). 1--5.
[19]
V. Carlier, H. Chabanne, E. Dottax, and H. Pelletier. 2005. Generalizing square attack using side-channels of an aes implementation on an FPGA. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL’05). 433--437.
[20]
E. De Mulder, P. Buysschaert, S. B. Ors, P. Delmotte, B. Preneel, G. Vandenbosch, and I. Verbauwhede. 2005. Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In Proceedings of the International Conference on the Computer as a Tool (EUROCON’05).
[21]
S. Sun, Z. Yan, and J. Zambreno. 2008. Experiments in attacking FPGA-based embedded systems using differential power analysis. In Proceedings of the IEEE International Conference on Electro/Information Technology. 7--12.
[22]
K. Eguro and R. Venkatesan. 2012. FPGAs for trusted cloud computing. In Proceedings of the 22nd International Conference on Field Programmable Logic and Applications (FPL’12). 63--70.
[23]
L. Xu, W. Shi, and T. Suh. 2014. PFC: Privacy preserving FPGA cloud—A case study of mapreduce. In Proceedings of the IEEE International Conference on Cloud Computing (CLOUD’14). 280--287.
[24]
David Nunez, Isaac Agudo, and Javier Lopez. 2016. Attacks to a proxy-mediated key agreement protocol based on symmetric encryption. IACR Cryptol. 1081 (2016).
[25]
Xilinx Inc. 2013. XAPP1084(v1.3): Developing tamper resistant designs with xilinx virtex-6 and 7 series FPGAs. Retrieved from www.xilinx.com/support/documentation/xapp1084_tamp_resist_dsgns.pdf.
[26]
S. Goren, O. Ozkurt, A. Yildiz, and H. F. Ugurdag. 2011. FPGA bitstream protection with PUFs, obfuscation, and multi-boot. Proceedings of the 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC’11).
[27]
Xilinx Inc. 2012. Xilinx Partial Reconfiguration User Guide. Retrieved from www.xilinx.com/support/documentation/sw_manuals/xilinx14_1/ug702.pdf.
[28]
C. Böhm and M. Hofer. 2013. Physical Unclonable Functions in Theory and Practice, vol. 9781461450.
[29]
Stratix V Device Overview. 2015. Retrieved from https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/hb/stratix-v/stx5_51001.pdf.
[30]
Thorsten Kleinjung et al. 2010. Factorization of a 768-bit RSA modulus. IACR Cryptol. 006 (2010).
[31]
M. Blaze et al. 1998. Divertible protocols and atomic proxy cryptography. In Lecture Notes in Computer Science, vol. 1403, 127--144 (1998).
[32]
M. A. Tariq, B. Koldehofe, and K. Rothermel. 2014. Securing broker-less publish / subscribe systems using identity-based encryption. IEEE Trans. Parallel Distrib. Syst. 25, 2 (2014), 518--528.
[33]
R. C. Merkle. 1978. Secure communications over insecure channels. Commun. Assoc. Comput. Mach. 21, 4 (1978), 294--299.
[34]
K. Alptekin Bayam and B. Örs. 2010. Differential power analysis resistant hardware implementation of the RSA cryptosystem. Turkish J. Electr. Eng. Comput. Sci. 18, 1 (2010), 129--140.
[35]
OpenStack.com, OpenStack Operations Guide. Retrieved from www.openstack.org.
[36]
S. Byma and J. Steffan. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with openstack. Proceedings of the IEEE International Symposium on Field-Programmable Custom Computing Machines. 109--116
[37]
M. Leonhard. Cloudping.info. Retrieved from http://www.cloudping.info.
[38]
D. Suzuki. 2007. How to maximize the potential of FPGA resources for modular exponentiation. In Proceedings of the Advances in Cryptology Conference on Cryptographic Hardware and Embedded Systems (CHES’07). 272--288.
[39]
A. Daly and W. Marnane. 2002. Efficient architectures for implementing Montgomery modular multiplication and RSA modular exponentiation on reconfigurable logic. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays. 40--49.
[40]
M. Jackson. 2016. Global Average Internet Speeds Hit 6.3Mbps vs. 14.9Mbps in UK. Retrieved from www.ispreview.co.uk/ index.php/2016/06/q1-2016-akamai-uk-internet-speeds-reach-15-mbps-vs-6-3-mbps-globally.html.
[41]
S. Drimer et al. 2008. Protecting multiple cores in a single FPGA design. Retrieved from http://www.saardrimer.com/sd410/papers/protect_many_cores.pdf.
[42]
L. Zhang and C. Chang. 2014. A pragmatic per-device licensing scheme for hardware IP cores on SRAM-based FPGAs. IEEE Trans. Info. Forens. Secur. 9, 11 (2014), 1893--1905.
[43]
L. Zhang and C. Chang. 2015. Public key protocol for usage-based licensing of FPGA IP cores. In Proceedings of the IEEE International Symposium on Circuits and Systems.
[44]
S. Koteshwara, C. H. Kim, and K. K. Parhi. 2018. Key-based dynamic functional obfuscation of integrated circuits using sequentially-triggered mode-based design. IEEE Trans. Info. Forensics Secur 13, 1 (2018), 79--93.
[45]
J. Zhang and G. Qu. 2014. A Survey on security and trust of FPGA-based systems. Proceedings of the 13th International Conference on Field Programmable Technology. 147--152.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Reconfigurable Technology and Systems
ACM Transactions on Reconfigurable Technology and Systems  Volume 12, Issue 3
Special Section on Security in FPGAs and Regular Articles
September 2019
150 pages
ISSN:1936-7406
EISSN:1936-7414
DOI:10.1145/3357092
  • Editor:
  • Deming Chen
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2019
Accepted: 01 April 2019
Revised: 01 January 2019
Received: 01 August 2018
Published in TRETS Volume 12, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. FPGAs
  2. Hardware IPs
  3. cryptographic protocols and algorithms
  4. hardware cloning and reverse engineering
  5. hardware protection
  6. hardware security
  7. key management

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

  • King Fahd University of Petroleum and Minerals, Saudi Arabia

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 11 Feb 2025

Other Metrics

Citations

Cited By

View all

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media