The HEROIC framework: Encrypted computation without shared keys

Nektarios Georgios Tsoutsos, Mihalis Maniatakos

Research output: Contribution to journalArticle

Abstract

Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: 1) a RTL implementation for reconfigurable hardware and 2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.

Original languageEnglish (US)
Article number7079493
Pages (from-to)875-888
Number of pages14
JournalIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Volume34
Issue number6
DOIs
StatePublished - Jun 1 2015

Fingerprint

Microprocessor chips
Cryptography
Reconfigurable hardware
Computer architecture
Outsourcing
Scalability
Servers
Costs
Industry
Virtual machine

Keywords

  • cloud computing
  • Encrypted processor
  • homomorphic encryption
  • one instruction set computer
  • Paillier
  • virtualization

ASJC Scopus subject areas

  • Software
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Cite this

The HEROIC framework : Encrypted computation without shared keys. / Tsoutsos, Nektarios Georgios; Maniatakos, Mihalis.

In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Vol. 34, No. 6, 7079493, 01.06.2015, p. 875-888.

Research output: Contribution to journalArticle

@article{9b88831aab384d2e8de18fcc5e686483,
title = "The HEROIC framework: Encrypted computation without shared keys",
abstract = "Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: 1) a RTL implementation for reconfigurable hardware and 2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.",
keywords = "cloud computing, Encrypted processor, homomorphic encryption, one instruction set computer, Paillier, virtualization",
author = "Tsoutsos, {Nektarios Georgios} and Mihalis Maniatakos",
year = "2015",
month = "6",
day = "1",
doi = "10.1109/TCAD.2015.2419619",
language = "English (US)",
volume = "34",
pages = "875--888",
journal = "IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems",
issn = "0278-0070",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

TY - JOUR

T1 - The HEROIC framework

T2 - Encrypted computation without shared keys

AU - Tsoutsos, Nektarios Georgios

AU - Maniatakos, Mihalis

PY - 2015/6/1

Y1 - 2015/6/1

N2 - Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: 1) a RTL implementation for reconfigurable hardware and 2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.

AB - Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: 1) a RTL implementation for reconfigurable hardware and 2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.

KW - cloud computing

KW - Encrypted processor

KW - homomorphic encryption

KW - one instruction set computer

KW - Paillier

KW - virtualization

UR - http://www.scopus.com/inward/record.url?scp=84930504380&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84930504380&partnerID=8YFLogxK

U2 - 10.1109/TCAD.2015.2419619

DO - 10.1109/TCAD.2015.2419619

M3 - Article

AN - SCOPUS:84930504380

VL - 34

SP - 875

EP - 888

JO - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

JF - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

SN - 0278-0070

IS - 6

M1 - 7079493

ER -