计算机科学 ›› 2020, Vol. 47 ›› Issue (7): 278-281.doi: 10.11896/jsjkx.190700110

• 信息安全 • 上一篇    下一篇

一种基于云端加密的FPGA自适应动态配置方法

陈利锋1, 朱路平2   

  1. 1 复旦大学计算机国家级实验教学示范中心 上海200433
    2 91045部队 上海200940
  • 收稿日期:2019-07-17 出版日期:2020-07-15 发布日期:2020-07-16
  • 通讯作者: 陈利锋(chenlf@fudan.edu.cn)
  • 基金资助:
    “核高基”重大专项(KCH230110)

Encrypted Dynamic Configuration Method of FPGA Based on Cloud

CHEN Li-feng1, ZHU Lu-ping2   

  1. 1 National Demonstration Center for Experimental Computer Education,Fudan University,Shanghai 200433,China
    2 Troops 91045,Shanghai 200940,China
  • Received:2019-07-17 Online:2020-07-15 Published:2020-07-16
  • About author:CHEN Li-feng,born in 1977,doctor.His main research interests include embedded system application,and machine learning.
  • Supported by:
    This work was supported by the Sub Project of HGJ Major Project(KCH230110)

摘要: 在需要进行大量数据并行计算的算法(如云计算、机器学习算法、人工智能算法等)中,FPGA作为一种提升性能的重要技术手段,得到了广泛的应用。FPGA配置方式中,需要在存储器中读取配置数据,然后将其写入FPGA中。作为技术成果的实际体现,FPGA的配置数据可能被非法获取,从而导致研究成果泄露的问题。为了较好地应对这个问题,文中提出了一种有效的基于云加密的FPGA配置方法。该方法通过云端加密APP对配置数据文件进行加密管理,在需要配置FPGA的时候,由微处理器通过云端服务器的访问端口获取加密的配置数据,并使用内置在微处理器的解密算法进行解密,然后用解密后的数据对FPGA进行动态配置。该方法将FPGA的配置数据存储于云端服务器,在云服务器上通过加密手段进行严格的数据保护和文件保护,由此提供了灵活而强大的加密保护功能;微处理器从云端通过加密通道获取数据,将加密数据解密后再用于FPGA的配置,整个过程中配置数据都是处于加密状态,数据泄密的风险得到了有效控制。这样,既实现了对配置数据最大限度保护,防止其被非法获取和使用,又实现了对FPGA的远程动态配置。所提方法在阿里云和腾讯云平台得到了实际验证,其不仅保密效果好,而且能灵活配置。

关键词: FPGA动态配置, 对称加密, 非对称加密, 数据保护, 云存储安全

Abstract: In the field of parallel computing which needs a lot of data,such as cloud computing,machine learning algorithm,artificial intelligence computing,etc.,as an important technical means to improve performance,FPGA has been widely used.In the configuration of FPGA,configuration data need to be read from memory and then written into the FPGA.As a practical embodiment of technological achievements,configuration data has the problem of how to prevent data from being illegally acquired,lea-ding to the leakage of research property.In order to deal with this problem,this paper proposes an effective method of FPGA configuration based on cloud encryption.This method encrypts and manages the configuration data file by cloud-based encryption APP.When configuring the FPGA,the microprocessor obtains the encrypted configuration data through the access port of the cloud-based server,and decrypts it using the decryption algorithm built in the microprocessor.Then,the decrypted data are used dynamically to config the FPGA.The method described in this paper stores the configuration data of the FPGA in the cloud ser-ver,and carries out strict data protection and file protection through encryption means on the cloud server,thus providing a flexible and powerful encryption protection capability.The microprocessor obtains data from the cloud through encryption channel,decrypts the encrypted data and then uses it for the configuration of FPGA.In the whole process,the configuration data are encrypted,and the risk of data leakage is effectively controlled.Thus,the configuration data can be protected to the maximum extent to prevent illegal acquisition and use,meanwhile the remote dynamic configuration of the FPGA can be realized.The proposed method has been verified in Aliyun and Tencent cloud platforms,which achieves good confidentiality and flexible configuration.

Key words: Asymmetric encryption, Cloud storage security, Data protection, Dynamic configuration of FPGA, Symmetric encryption

中图分类号: 

  • G201
[1]DI H.Research on Data Encryption Based on Cloud Computing Platform[J].Journal of Changchun Normal University,2017,36(3):55-58.
[2]MENG Q,MA J F,CHEN K F,et al.A comparison scheme of Internet of things encrypted data based on cloud computing platform[J].Journal of Communications,2018,4:65-70.
[3]ZHANG Y.Fuzzy searchable encryption algorithm for privacy information of cloud platform [J].Electronic Technology and Software Engineering,2018(8):214-214.
[4]ZHAO T G,DING Y W.Research on cloud storage security cross encryption algorithm [J].Software Guide,2018,17(10):204-208.
[5]DENG C Z,LEI Q.Construction and implementation of RSAcloud storage security platform loaded with random oracle model[J].Journal of Huaihua University,2019,38(5):65-69.
[6]JI P,LV X M,SU S T,et al.A new sequence preserving encryption algorithm based on coding tree in cloud environment [J].Computer Engineering,2018,44(12):288-293.
[7]DU Y Z,DU X H,YANG Z.Information flow control and Implementation Based on attribute encryption in cloud computing environment [J].Computer Engineering,2018(3):27-36.
[8]ZHANG H Y.Application of data encryption technology incomputer network communication security [J].Digital Techno-logy and Application,2018(12).
[9]LU Y,CHEN Y,LI T,et al.Convolutional Neural Network
Construction Method for Embedded FPGAs Oriented Edge Computing.Journal[J].Journal of Computer Research and Development,2018,55(3):551-562.
[10]GU L,XU G L,WANG Y R.Dynamic Reconfiguration Theory and Research Development of FPGA[J].Computer Measurement and Control,2007(11):1-4.
[11]LIU K,CAI X J,ZHANG Z Y,et al.NVM verification architecture design and verification based on high performance SOC FPGA array[J].Computer Research and Development,2018,55(2):265-272.
[12]LU Q S,XU Y S.Design of target recognition and tracking system based on FPGA [J].Modern Electronic Technology,2018(18):3-8.
[13]CUI G X.Design of online hardware practice teaching platform based on FPGA[J].Experimental Teaching and Innovation,2017,36(4):153-156.
[14]Xilinx Corp.Xilinx FPGAs Configuration User Guide,UG470(v1.13.1)[EB/OL].https://www.xilinx.com/support/documentation/.
[15]PANG Y Y,WANG S J,PENG X Y.Research on design method of remote reconfigurable system based on SOPC [J].Journal of Electronic Measurement and Instruments,2010(6):548-554.
[16]ZHANG Y,FAN J H,LV Z M,et al.Overview of FPGA dy-namic partial reconfiguration technology [J].Computer and Modernization,2014(3):49-53.
[17]XIONG J B,ZHANG Y Y,TIAN Y L,et al.Cloud data security de duplication based on role symmetric encryption[J].Journal of Communications,2018,39(5):59-73.
[18]COMPTON K,HAUCK S.Reconfigurable Computing:A Su-rvey of Systems and Software[J].ACM Computing Surveys,2002,2(2):936-938.
[1] 毛典辉, 黄晖煜, 赵爽.
符合监管合规性的自动合成新闻检测方法研究
Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance
计算机科学, 2022, 49(6A): 523-530. https://doi.org/10.11896/jsjkx.210300083
[2] 郑嘉彤, 吴文渊.
基于MLWE的双向可否认加密方案
Practical Bi-deniable Encryption Scheme Based on MLWE
计算机科学, 2021, 48(3): 307-312. https://doi.org/10.11896/jsjkx.200100024
[3] 冷峰, 张明凯, 延志伟, 张翠玲, 曾宇.
国密算法在资源公钥基础设施(RPKI)中的应用
Application of Chinese Cryptographic Algorithm in RPKI
计算机科学, 2021, 48(11A): 678-681. https://doi.org/10.11896/jsjkx.210100030
[4] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[5] 庞晓琼, 任孟琦, 王田琪, 陈文俊, 聂梦飞.
一种支持完美隐私保护的批处理数据拥有性证明方案
Perfect Privacy-preserving Batch Provable Data Possession
计算机科学, 2018, 45(11): 130-137. https://doi.org/10.11896/j.issn.1002-137X.2018.11.019
[6] 王超,李战怀,刘海龙,张小芳.
RM-LCDF:一种块级连续数据保护高效数据恢复方法
RM-LCDF:A Recovery Method for Block-level Continuous Data Protection
计算机科学, 2013, 40(6): 172-177.
[7] 伍琦,万常选,李国林.
一个改进型云存储共享方案
Improved Data Sharing Scheme over Cloud Storage
计算机科学, 2012, 39(8): 99-103.
[8] 吴世忠,熊琦,刘晖,刘林,王丽娜.
一种文件级连续数据保护系统的实现与生存性量化
Implementation of a File-level Continuous Data Protection System and its Survivability Quantification
计算机科学, 2012, 39(2): 109-114.
[9] 刘林,熊琦,吴世忠.
连续数据保护中的数据一致性保障技术研究综述
Survey of Data Consistency Insurance Technologies for Continuous Data Protection
计算机科学, 2011, 38(Z10): 124-127.
[10] 侯利曼,李战怀,胡娜.
基于数据差异的CDP邻近时间点恢复
Neighboring Point Data Recovery for CDP Based on Data Gap
计算机科学, 2011, 38(5): 159-163.
[11] .
网络数据库在传输过程中的安全研究

计算机科学, 2005, 32(11): 127-129.
[12] 郑玮 徐锋 吕建.
一种移动Agent数据保护机制的研究

计算机科学, 2002, 29(5): 91-93.
[13] 陆唯杰 陈克非.
易损数字水印技术:研究与应用

计算机科学, 2002, 29(12): 164-167.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!