Article Preview
TopIntroduction
Advanced encryption standard (AES) is a widely used secure algorithm for encryption to provide privacy of data. Acceptance of cloud computing in every field causes increase in encryption load in cloud servers. To accelerate applications running on server and to reduce processor load, field programmable gate arrays (FPGAs) are integrated with the server hardware. Computation-intensive applications can be shifted to FPGAs for increasing speed and reducing power consumption. FPGAs are reconfigurable hardware units that can be customized for required applications. Hence, high parallelism can be achieved with lower frequency. Cloud benefits from FPGA in several aspects. First, it could customize the FPGAs for computation-intensive application. Second, FPGAs could run with lower frequency and hence the heat production in server can be reduced to a large amount (Hauck & Andre, 2010; Kilts, 2007; Phan 2004; Teubner & Woods 2013).
Encryption is used in cloud for the privacy of data at rest and data in motion. That means disk encryption of user’s VM, transfer of user data in encrypted form, encrypted communication between different users, encryption as a service, and so on (Amazon Web Services, 2016; Bokefode, Bhise, Satarkar, & Modani 2016; Krutz & Vines, 2010; CLOUDLINK, 2014; Cloudsigma; Encryption at Rest in Google Cloud, 2016; HP Atalla Cloud Encryption, 2013; Protecting Data in Microsoft Azure, 2014; Rahmani, Sundararajan, Ali, & Zin, 2013). FPGA accelerator can be used to speed up the encryption process for large amount of data. Use of FPGA will increase encryption speed and reduce power consumption. To get finest performance, the design should have high speed and low area consumption. Figure 1 shows the scenario in which FPGAs are used in cloud server as accelerators. The intellectual properties (IPs) can be collected from a hardware maker or from trusted third parties. When the processor assigns a job to an FPGA, the bitstream for hardware design can be loaded from bitstream storage if available or from outside cloud through external network.
Figure 1. Usage of FPGA on cloud server
One of the main security issues faced by an AES accelerator on FPGAs that are used in cloud environment is the security of secret key used for encryption inside the FPGA (Trimberger & Moore, 2014). Several types of hardware Trojans are being inserted into the accelerator by attackers for leaking the secret key. The Trojans can be inserted in different phases in accelerator creation such as design, integration, testing, and bitstream transfer. Generally, it is difficult to find a Trojan or the triggering condition of a Trojan because the Trojan circuit will disguise as a functional circuit that is necessary for the design. Power analysis, comparing the design with a golden one (Trojan-free design), and so on are the main methods used to find a Trojan in a design. If there is a key-leaking Trojan, then it takes more power than usual (Bhasin, Danger, Guilley, Ngo, & Sauvage, 2013; Jin & Makris, 2010; Johnson, Saha, Chakraborty, Mukhopadhyay, & Gören, 2014). Detecting a Trojan in a design through power analysis is difficult because to find the triggering condition is time consuming and need to check with a large number of test inputs. Comparing with a golden design is less efficient as there is a need to store more than two golden designs (Mal-Sarkar, Krishna, Ghosh, & Bhunia, 2014; Mal-Sarkar, Karam et al., 2016).
In the proposed work, security for key stored inside FPGA for AES accelerator is provided through a masking scheme. The secret key and expanded key for each round of AES are masked to avoid leakage. A new key expansion (KE) module that produces exact round key from the masked key for each AES round is proposed. To provide high throughput, a multistage pipelining is designed for Key Expansion. Secured AES FPGAs can be applied in all security critical areas such as banking, aerospace and defense, consumer electronics, distributed monetary system etc.