Wednesday, May 9, 2018

ICMC18: Using FPGAs in the CLoud for Decentralized Trusted Execution

Using FPGAs in the Cloud for Decentralized Trusted Execution (G12a) Ahmed Ferozpuri, George Mason University, United States

Started with an overview of TPM (Trusted Platform Modules), widely available in servers and laptops.

[reminder: these are the notes from the presentation and do not reflect the views or opinions of myself or my employer]

Intel has Software Guard Extensions to create a trusted environment within the chip. It's boundary is at the CPU, data outside the core is encrypted. It helps you avoid snooping and has better application state measurement (attestation), but there are concerns as well.

Data about the code, data, stack, heap is stored in the MRENCLAVE. They can be identified by their EPID processor group ID. Right now, remote attestation requires connecting to Intel's attestation servers.

You can use TEEs (Trusted Execution Environments) for secure cloud and multi-party computing, HSMs (see paper on Barbican integration from Intel Labs), Public Blockchains (PoET, etc).

Resource Efficient Mining (REM) is a goal to reduce energy waste in Bitcoin's Proof of Work. It uses Proof of USEFUL Work instead. This leverages Blockchain agents on the network that you can trust. There is a lot to explore here for new avenues in secure computing technologies.

FPGAs are becoming more common, can use Amazon's HDK to develop your own custom logic. Leverage Physical Unclonable Functions (PUFs).

The slides went by a bit too fast to take accurate notes, lots of proofs (Proof of Secret, Proof of Instantiation, Proof of Execution) and diagrams :-)