Top

Published in:

2020 | OriginalPaper | Chapter

HCC: 100 Gbps AES-GCM Encrypted Inline DMA Transfers Between SGX Enclave and FPGA Accelerator

Authors : Luis Kida, Soham Desai, Alpa Trivedi, Reshma Lal, Vincent Scarlata, Santosh Ghosh

Published in: Information and Communications Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper describes a Heterogeneous Confidential Computing (HCC) system composed of a CPU Trusted Computing Environment and a hardware accelerator. We implement two AES-GCM hardware engines with high-bandwidth and low-latency that are designed for end-to-end encryption of DMA transfers. Our solution minimizes changes to the hardware platform and to the application and SW stack. We prototyped and report the performance of protected image classification with proposed encrypted-DMA on an Intel Arria-10 FPGA.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter PiDicators: An Efficient Artifact to Detect Various VMs

next chapter Information-Theoretic Security of Cryptographic Channels

Azure Confidential Computing. https://azure.microsoft.com/en-us/solutions/confidential-compute/

Google: Advancing confidential computing with asylo. https://cloud.google.com/blog/products/identity-security/advancing-confidential-computing-with-asylo-and-the-confidential-computing-challenge

IBM cloud data shield. https://www.ibm.com/cloud/blog/announcements/announcing-ibm-cloud-data-shield-experimental

McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP 2013, pp. 1–8 (2013)

Volos, S., Vaswani, K., Bruno, R.: Graviton: trusted execution environments on GPUs. In: Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2018) (2018)

Jang, I., Kim, T., Sethumadhavan, S., Huh, J.: Heterogeneous isolated execution for commodity GPUs. In: ASPLOS 2019, 13–17 April (2019)

Chung, E., et al.: Serving DNNs in real time at datacenter scale with project brainwave. IEEE Micro 38, 8–20 (2018)CrossRef

Intel® Distribution of OpenVINO™ toolkit. https://software.intel.com/en-us/openvino-toolkit

Intel® Acceleration Stack for Intel Xeon® CPU with FPGA. https://www.intel.com/content/www/us/en/programmable/solutions/acceleration-hub/acceleration-stack.html

10.

Intel® Programmable Accelerator Card with Intel Arria® 10 FPGA. https://www.intel.com/content/www/us/en/programmable/products/boards_and_kits/dev-kits/altera/acceleration-card-arria-10-gx/overview.html

11.

McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30556-9_27CrossRef

12.

IEEE: IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Security Amendment 1: Galois Counter Mode–Advanced Encryption Standard– 256 (GCM-AES-256) Cipher Suite.Satoh, A.: High-speed hardware architectures for authenticated encryption mode GCM. IEEE ISCAS (2006)

13.

Crenne, J., Cotret, P., Gogniat, G., Tessier, R., Diguet, J.: Efficient key-dependent message authentication in reconfigurable hardware. In: International Conference on Field Programmable Technology (FPT), pp. 1–6 (2011)

14.

Abdellatif, K.M., Chotin-Avot, R., Mehrez, H.: Authenticated encryption on FPGAs from the static part to the reconfigurable part. Microprocess. Microsyst. 38, 526–538 (2014)CrossRef

15.

Zhou, G., Michalik, H., Hinsenkamp, L.: Improving throughput of AES-GCM with pipelined Karatsuba multipliers on FPGAs. In: Becker, J., Woods, R., Athanas, P., Morgan, F. (eds.) ARC 2009. LNCS, vol. 5453, pp. 193–203. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00641-8_20CrossRef

16.

Abdellatif, K.M., Chotin-Avot, R., Mehrez, H.: AES-GCM and AEGIS: efficient and high speed hardware implementations. J. Sig. Process. Syst. 88(1), 1–12 (2016). https://doi.org/10.1007/s11265-016-1104-yCrossRef

17.

Mathew, S., et al.: 53 Gbps native GF(2⁴)² composite-field AES-Encrypt/Decrypt accelerator for content-protection in 45 nm high-performance microprocessors. J. Solid-State Circuits 46(4), 767–776 (2011)CrossRef

18.

Gueron, S., Mathew, S.: Hardware implementation of AES using area-optimal polynomials for composite-field representation GF(2^4)^2 of GF(2^8). In: ARITH 2016, pp. 112–117 (2016)

19.

Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H., Paterson, K.G.: Pushing the limits: a very compact and a threshold implementation of AES. In: EUROCRYPT (2016)

20.

Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06734-6_17CrossRef

21.

Baby Chellam, M., Natarajan, R.: AES hardware accelerator on FPGA with improved throughput and resource efficiency. Arab. J. Sci. Eng. 43, 6873–6890 (2018)CrossRef

22.

Luebbeers, E., Liu, S., Chu, M.: Simplify software integration for FPGA accelerators with OPAE Whitepaper. https://01.org/sites/default/files/downloads/opae/open-programmable-acceleration-engine-paper.pdf

23.

Martinasek, Z., et al.: 200 Gbps hardware accelerated encryption system for FPGA network cards. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security (ASHES@CCS), pp. 11–17. ACM (2018)

24.

Buhrow, B., Fritz, K., Gilbert, B., Daniel, E.: A highly parallel AESGCM core for authenticated encryption of 400 Gb/s network protocols. In: 2015 International Conference on ReConFigurable Computing and FPGAs (ReConFig), pp. 1–7 (2015)

25.

Koteshwara, S., Das, A., Parhi, K.K.: FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes. In: 2017 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–4 (2017)

26.

Lemsitzer, S., Wolkerstorfer, J., Felber, N., Braendli, M.: Multi-gigabit GCM-AES architecture optimized for FPGAs. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 227–238. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_16CrossRef

27.

Vliegen, J., Reparaz, O., Mentens, N.: Maximizing the throughput of threshold-protected AES-GCM implementations on FPGA. In: 2017 IEEE 2nd International Verification and Security Workshop (IVSW), pp. 140–145 (2017). https://doi.org/10.1109/ivsw.2017.8031559

28.

29.

Martinasek, Z., Hajny, J., Malina, L., Matousek, D.: Hardware-accelerated encryption with strong authentication. Secur. Protect. Inf. 1, 5 (2017)

30.

Lu, T., Kenny, R., Atsatt, S.: Secure device manager for Intel® Stratix® 10 Devices Provides FPGA and SoC Whitepaper

31.

Graphene - a Library OS for Unmodified Applications. https://grapheneproject.io/. Accessed 2020

32.

Confidential Computing Consortium. https://confidentialcomputing.io/. Accessed 09 July 2020

Title: HCC: 100 Gbps AES-GCM Encrypted Inline DMA Transfers Between SGX Enclave and FPGA Accelerator
Authors: Luis Kida
Soham Desai
Alpa Trivedi
Reshma Lal
Vincent Scarlata
Santosh Ghosh
Publisher: Springer International Publishing
Book: Information and Communications Security
Print ISBN: 978-3-030-61077-7

Electronic ISBN: 978-3-030-61078-4

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-61078-4_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner