Secure Computing Enclaves Using FPGAs

摘要

A new scheme for securing users' data and applications in public clouds and data centers using Field Programmable Gate Arrays (FPGAs) has been developed. This scheme incorporates all necessary protocols, hardware, and software components to provide protection against many known potential attacks including internal attacks. It achieves perfect forward secrecy, provides FPGA authentication and integrity checks, and securely establishes a symmetric session key between the user and the FPGA. A complete prototype has been implemented to show the feasibility of the proposed scheme with current FPGAs. Experimental results showed that an FPGA-based compute node can be set up in a cloud in 3.36s; 12.6 times faster than booting a medium-size conventional Virtual Machine (VM) on the same cloud. Based on the average global Internet speed, the time it takes to set up the FPGA-based machine from anywhere in the world was estimated to be 15s. Also, running an experimental secure image processing application on the FPGA took 50 percent less time than running the same application on a conventional state-of-the art processor (without a secure container).