通过探索简单而有效的时钟方法保护多租户 FPGA 中的并行数据加密

IF 2.8 2区工程技术 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Very Large Scale Integration (VLSI) Systems Pub Date : 2024-07-01 DOI:10.1109/TVLSI.2024.3418961

Yankun Zhu;Pingqiang Zhou

{"title":"通过探索简单而有效的时钟方法保护多租户 FPGA 中的并行数据加密","authors":"Yankun Zhu;Pingqiang Zhou","doi":"10.1109/TVLSI.2024.3418961","DOIUrl":null,"url":null,"abstract":"Capitalizing on their versatility and high-performance attributes within heterogeneous designs, increasingly number of field-programmable gate arrays (FPGAs) are integrated into cloud data centers by cloud service providers (CSPs). While CSPs intend to reduce the cost by sharing one board among multiple users (called multi-tenant FPGA), hardware security problems such as side-channel attacks restrict it from spreading commercially. Existing research works have underscored the feasibility of remote side-channel attacks targeting a singular advanced encryption standard (AES) module on multi-tenant FPGAs, but they have not looked into the scenario of parallel data encryption on multiple AES modules for a single tenant, which is possible due to the small resource consumption of one AES module. In this work, we scrutinize correlation power analysis (CPA)-based side-channel attacks on parallel data encryption modules and develop two simple yet effective protective methods based on clocking methodologies—clocking phase shift and small frequency shift. The former technique adopts an identical clock frequency but with distinctive clocking phase to parallel encryption modules while the latter implements slightly different clock frequencies for parallel encryption modules. Experimental results show that both the methods can effectively increase the minimum required power traces for successful CPA, thus instituting a natural protective barrier for parallel data encryption.","PeriodicalId":13425,"journal":{"name":"IEEE Transactions on Very Large Scale Integration (VLSI) Systems","volume":"32 10","pages":"1919-1929"},"PeriodicalIF":2.8000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Protecting Parallel Data Encryption in Multi-Tenant FPGAs by Exploring Simple but Effective Clocking Methodologies\",\"authors\":\"Yankun Zhu;Pingqiang Zhou\",\"doi\":\"10.1109/TVLSI.2024.3418961\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Capitalizing on their versatility and high-performance attributes within heterogeneous designs, increasingly number of field-programmable gate arrays (FPGAs) are integrated into cloud data centers by cloud service providers (CSPs). While CSPs intend to reduce the cost by sharing one board among multiple users (called multi-tenant FPGA), hardware security problems such as side-channel attacks restrict it from spreading commercially. Existing research works have underscored the feasibility of remote side-channel attacks targeting a singular advanced encryption standard (AES) module on multi-tenant FPGAs, but they have not looked into the scenario of parallel data encryption on multiple AES modules for a single tenant, which is possible due to the small resource consumption of one AES module. In this work, we scrutinize correlation power analysis (CPA)-based side-channel attacks on parallel data encryption modules and develop two simple yet effective protective methods based on clocking methodologies—clocking phase shift and small frequency shift. The former technique adopts an identical clock frequency but with distinctive clocking phase to parallel encryption modules while the latter implements slightly different clock frequencies for parallel encryption modules. Experimental results show that both the methods can effectively increase the minimum required power traces for successful CPA, thus instituting a natural protective barrier for parallel data encryption.\",\"PeriodicalId\":13425,\"journal\":{\"name\":\"IEEE Transactions on Very Large Scale Integration (VLSI) Systems\",\"volume\":\"32 10\",\"pages\":\"1919-1929\"},\"PeriodicalIF\":2.8000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Very Large Scale Integration (VLSI) Systems\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10579855/\",\"RegionNum\":2,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Very Large Scale Integration (VLSI) Systems","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10579855/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

云服务提供商（CSP）利用现场可编程门阵列（FPGA）在异构设计中的多功能性和高性能特性，将越来越多的FPGA集成到云数据中心中。虽然 CSP 希望通过多个用户共享一块板（称为多租户 FPGA）来降低成本，但侧信道攻击等硬件安全问题限制了它的商业推广。现有研究强调了在多租户 FPGA 上针对单个高级加密标准（AES）模块进行远程侧信道攻击的可行性，但没有研究单个租户在多个 AES 模块上进行并行数据加密的情况，而这种情况由于一个 AES 模块的资源消耗较小而成为可能。在这项工作中，我们仔细研究了对并行数据加密模块的基于相关功率分析（CPA）的侧信道攻击，并开发了两种基于时钟方法--时钟相移和小频率移动--的简单而有效的保护方法。前者对并行加密模块采用相同的时钟频率但不同的时钟相位，后者对并行加密模块采用略有不同的时钟频率。实验结果表明，这两种方法都能有效提高 CPA 成功所需的最小功率迹线，从而为并行数据加密建立了天然的保护屏障。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Protecting Parallel Data Encryption in Multi-Tenant FPGAs by Exploring Simple but Effective Clocking Methodologies

Capitalizing on their versatility and high-performance attributes within heterogeneous designs, increasingly number of field-programmable gate arrays (FPGAs) are integrated into cloud data centers by cloud service providers (CSPs). While CSPs intend to reduce the cost by sharing one board among multiple users (called multi-tenant FPGA), hardware security problems such as side-channel attacks restrict it from spreading commercially. Existing research works have underscored the feasibility of remote side-channel attacks targeting a singular advanced encryption standard (AES) module on multi-tenant FPGAs, but they have not looked into the scenario of parallel data encryption on multiple AES modules for a single tenant, which is possible due to the small resource consumption of one AES module. In this work, we scrutinize correlation power analysis (CPA)-based side-channel attacks on parallel data encryption modules and develop two simple yet effective protective methods based on clocking methodologies—clocking phase shift and small frequency shift. The former technique adopts an identical clock frequency but with distinctive clocking phase to parallel encryption modules while the latter implements slightly different clock frequencies for parallel encryption modules. Experimental results show that both the methods can effectively increase the minimum required power traces for successful CPA, thus instituting a natural protective barrier for parallel data encryption.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Very Large Scale Integration (VLSI) Systems 工程技术-工程：电子与电气

CiteScore

6.40

自引率

7.10%

发文量

187

审稿时长

3.6 months

期刊介绍： The IEEE Transactions on VLSI Systems is published as a monthly journal under the co-sponsorship of the IEEE Circuits and Systems Society, the IEEE Computer Society, and the IEEE Solid-State Circuits Society. Design and realization of microelectronic systems using VLSI/ULSI technologies require close collaboration among scientists and engineers in the fields of systems architecture, logic and circuit design, chips and wafer fabrication, packaging, testing and systems applications. Generation of specifications, design and verification must be performed at all abstraction levels, including the system, register-transfer, logic, circuit, transistor and process levels. To address this critical area through a common forum, the IEEE Transactions on VLSI Systems have been founded. The editorial board, consisting of international experts, invites original papers which emphasize and merit the novel systems integration aspects of microelectronic systems including interactions among systems design and partitioning, logic and memory design, digital and analog circuit design, layout synthesis, CAD tools, chips and wafer fabrication, testing and packaging, and systems level qualification. Thus, the coverage of these Transactions will focus on VLSI/ULSI microelectronic systems integration.