2019 IEEE High Performance
Extreme Computing Conference
(HPEC ‘19)
Twenty-third Annual HPEC Conference
24 - 26 September 2019
Westin Hotel, Waltham, MA USA
Thursday, September 26, 2019
HPSEC: High Performance Secure Extreme Computing
10:20-12:00 in Eden Vale C1/C2
Chair: Michael Vai / MIT-LL
A Survey on Hardware Security Techniques Targeting Low-Power SoC Designs
Alan Ehret (Boston Univ.), Karen Gettings (MIT-LL), Bruce R. Jordan Jr. (MIT-LL), Michel A. Kinsy (Boston Univ.)
In this work we survey hardware-based security techniques applicable to low-power system-on-chip designs. Techniques related to a system’s
processing elements, volatile main memory and caches, non-volatile memory and on-chip interconnects are examined. Threat models for each
subsystem and technique are considered. Performance overheads and other tradeoffs for each technique are discussed. Defenses with similar
threat models are compared.
Securing HPC using Federated Authentication
Andrew Prout, William Arcand, David Bestor, Bill Bergeron, Chansup Byun, Vijay Gadepally, Michael Houle, Matthew Hubbell, Michael Jones,
Anna Klein, Peter Michaleas, Lauren Milechin, Julie Mullen, Antonio Rosa, Siddharth Samsi, Charles Yee, Albert Reuther, Jeremy Kepner (MIT-
LL)
Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system
security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end
user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations
transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems
provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process.
This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and
InCommon Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have
received only positive feedback from our users.
Synthesis of Hardware Sandboxes for Trojan Mitigation in Systems on Chip
Christophe Bobda (Univ. Florida), Taylor Whitaker (Univ. Arkansas), Joel Mandebi Mbongue (Univ. Florida)
In this work, we propose a high-level synthesis approach for hardware sandboxes in system-on-chip. Using interface formalism to capture
interactions between non-trusted IPs and trusted parts of a system on chip, along with the properties specification language to specify non-
authorized actions of non-trusted IPs, sandboxes are generated and made ready for inclusion as IP in a system-on-chip design. The concepts
of composition, compatibility, and refinement are used to capture illegal actions and optimize resources across the boundary of single IPs. We
have designed a tool that automatically generates the sandbox and facilitates their integration into system-on chip. Our approach was validated
with benchmarks from trusthub. com and FPGA implementations. All our results showed 100% Trojan detection and mitigation, with only a
minimal increase in resource overhead and no performance decrease.
Garbled Circuits in the Cloud using FPGA Enabled Nodes
Kai Huang (Northeastern), Mehmet Gungor (Northeastern), Xin Fang (Qualcomm), Stratis Ioannidis (Northeastern), Miriam Leeser
(Northeastern)
Data privacy is an increasing concern in our interconnected world. Garbled circuits is an important approach used for Secure Function
Evaluation (SFE); however it suffers from long garbling times. In this paper we present garbled circuits in the cloud using Amazon Web
Services, and particularly Amazon F1 FPGA enabled nodes. We implement the garbler and evaluator in software, and show how F1 instances
can accelerate the garbling process and rapidly adapt to several different applications. Experimental results, measured on AWS, indicate a 15
times speedup for garbling done using an FPGA. This results in total application speedup, including garbling, communications and evaluation,
of close to three times over a large range of application sizes.
BLAST: Blockchain-based Trust Management in Smart Cities and Connected Vehicles Setup
Farah Kandah, Brennan Huber, Amani Altarawneh, Sai Medury, Anthony Skjellum (Univ. Tennessee Chattanooga)
Advancement in communication technologies and the Internet of Things (IoT) is driving smart cities adoption that aims to increase operational
efficiency of infrastructure, improve the quality of services, and citizen welfare, among other worthy goals. For instance, it is estimated that by
2020, 75% of cars shipped globally will be equipped with hardware to facilitate vehicle connectivity. The privacy, reliability, and integrity of
communication must be ensured so that actions can be accurate and implemented promptly after receiving actionable information. Because
vehicles are equipped with the ability to compute, communicate, and sense their environment, there is a concomitant critical need to create
and maintain trust among network entities in the context of the network’s dynamism, an issue that requires building and validating the trust
between entities in a small amount of time before entities leave each other’s range. In this work, we present a multi-tier scheme consisting of
an authentication- and trust-building/distribution framework designed with blockchain technology to ensure the safety and validity of the
information exchanged in the system. Through simulation, we illustrate the tradeoff between blockchain mining time and the number of blocks
being generated as well as the effect of the vehicle speed on the number of blocks being generated.