Optimized Trusted Execution Environments for FPGAs with Enhanced Security

Systems and methods for creating a custom trusted execution environment (TEE) for FPGAs with isolated memory and cache in order to protect keys against side-channel attacks.

Background:

FPGAs are commonly used by high-security industries while being particularly vulnerable to side-channel attacks.  Intel SGX and Arm TrustZone are two hardware TEE solutions, but our novel technology provides extra secure features that they do not offer.  Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to side-channel attacks.

Technology Overview:

BYOTEE (Build Your Own Trusted Execution Environments) is an infrastructure for building multiple equally secure TEEs by utilizing commodity System-on-Chip (SoC) Field Programmable Gate Arrays (FPGA) devices.  The systems and methods provide physically isolated execution environments on-demand, which even hardware debuggers and DMA-enabled devices cannot access.  In this design, the TEEs do not share cache and have separated memory regions.  All hardware resources for TEEs are physically isolated from the REE.

Advantages:

  • Increased security for keys in FPGAs.

Applications:

  • FPGAs are commonly used by high-security industries such as banking and military.

Intellectual Property Summary:

Provisional patent 63/423,642 filed 11/8/2022.

Stage of Development:

TRL 6

Licensing Status:

Available for license or collaboration.



Patent Information: