Abstract
A new scheme for securing users' data and applications in public clouds and data centers using Field Programmable Gate Arrays (FPGAs) has been developed. This scheme incorporates all necessary protocols, hardware, and software components to provide protection against many known potential attacks including internal attacks. It achieves perfect forward secrecy, provides FPGA authentication and integrity checks, and securely establishes a symmetric session key between the user and the FPGA. A complete prototype has been implemented to show the feasibility of the proposed scheme with current FPGAs. Experimental results showed that an FPGA-based compute node can be set up in a cloud in 3.36s; 12.6 times faster than booting a medium-size conventional Virtual Machine (VM) on the same cloud. Based on the average global Internet speed, the time it takes to set up the FPGA-based machine from anywhere in the world was estimated to be 15s. Also, running an experimental secure image processing application on the FPGA took 50 percent less time than running the same application on a conventional state-of-The art processor (without a secure container).
| Original language | English |
|---|---|
| Article number | 8789445 |
| Pages (from-to) | 593-604 |
| Number of pages | 12 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| Volume | 18 |
| Issue number | 2 |
| DOIs | |
| State | Published - 1 Mar 2021 |
Bibliographical note
Publisher Copyright:© 2004-2012 IEEE.
Keywords
- Cryptographic protocols and algorithms
- FPGAs
- hardware security
- key management
- secure cloud computing
ASJC Scopus subject areas
- Computer Science (all)
- Electrical and Electronic Engineering