This paper presents a new cryptosystem, AgEID, designed to enhance the security of FPGA-based bitstream for IP cores in cloud environments. The current security methodologies have several limitations, including the need for a large number of keys, tying bitstreams to specific FPGAs, and reliance on trusted third parties. AgEID, based on key aggregation, addresses these issues. In this scheme, IP providers can encrypt their bitstreams with a single key for a set of FPGA boards. The key is encrypted in a way that it can only be obtained onboard through individual decryption using the board’s private key. This ensures secure key provisioning. The system was primarily tested on Zynq FPGAs and demonstrated superior performance compared to existing techniques in terms of resource, time, and energy usage while maintaining robust security.
Publication date: 28 Sep 2023
Project Page: https://arxiv.org/abs/2309.16282
Paper: https://arxiv.org/pdf/2309.16282
