Secure FPGA Configuration with Post-Quantum Cryptography and Blockchain Technology.

Research demonstrates a hybrid hardware-software solution securing Field Programmable Gate Arrays (FPGAs), specialised hardware crucial for 5G networks, against cryptographic threats. Remote attestation and Post-Quantum Cryptography (PQC) algorithms are integrated, with blockchain ensuring secure evidence storage. Evaluation across FPGA families reveals a mere 2% performance overhead when utilising PQC.

The increasing deployment of edge computing in 5G and future 6G (Beyond 5G) networks necessitates specialised hardware accelerators, notably Field Programmable Gate Arrays (FPGAs), to deliver the required performance. These reconfigurable integrated circuits, however, present a significant security challenge when operating in potentially hostile environments. Researchers now address this vulnerability with a novel system integrating remote attestation, a process verifying the integrity of a device’s configuration, with post-quantum cryptography (PQC), a field developing algorithms resistant to attacks from quantum computers, and blockchain technology for tamper-proof evidence storage. Ilias Papalamprou, Nikolaos Fotos, Nikolaos Chatzivasileiadis, Anna Angelogianni, Dimosthenis Masouros, and Dimitrios Soudris, from the National Technical University of Athens and Ubitech Ltd, detail their approach in the article, “Post-Quantum and Blockchain-Based Attestation for Trusted FPGAs in B5G Networks”, demonstrating a secure configuration process with minimal performance overhead using two distinct FPGA families.

The increasing deployment of 5G networks and edge computing necessitates specialised hardware, with Field Programmable Gate Arrays (FPGAs) gaining prominence due to their performance capabilities. This drives demand for robust security solutions within FPGA-based edge infrastructures, particularly considering the potential threat quantum computing poses to current cryptographic standards. Recent research focuses on a hybrid hardware-software approach designed to securely configure FPGAs and integrate post-quantum cryptographic (PQC) algorithms, thereby bolstering system security and establishing a foundation for trusted edge services.

Central to this approach is remote attestation, a security technique that verifies the integrity of a remote system before establishing trust. The system confirms the FPGA configuration is authentic and unaltered, mitigating the risk of malicious modifications. This addresses a known vulnerability, highlighted by analyses revealing weaknesses in Xilinx FPGA bitstream encryption, and ensures a secure operational starting point. The work acknowledges the potential for hardware Trojans – malicious circuits embedded within the hardware – and bitstream manipulation, actively countering these threats through secure configuration protocols and verification mechanisms. A bitstream is essentially the programming data that configures the FPGA’s logic.

Furthermore, the integration of a blockchain infrastructure provides a secure and immutable record of security evidence, enhancing trust and accountability across the entire edge computing network. This distributed ledger technology, which records transactions across multiple computers, ensures the integrity of attestation data, preventing tampering and providing a verifiable audit trail, crucial for maintaining confidence in distributed systems. The system effectively combines secure hardware enclaves, quantum-resistant algorithms, and distributed ledger technology to create a layered defence against a broad spectrum of threats, safeguarding data confidentiality and integrity.

The incorporation of PQC algorithms proactively prepares the system for the advent of quantum computing, protecting against attacks that threaten currently deployed cryptographic standards and ensuring long-term security. Evaluation across two FPGA families demonstrates a minimal performance overhead of only 2% when utilising PQC, indicating the feasibility of integrating quantum-resistant security measures without significant performance degradation. This is a crucial finding, suggesting practical implementation is achievable without compromising application responsiveness and enabling widespread adoption of secure FPGA-based systems. The system also leverages Physically Unclonable Functions (PUFs), which exploit inherent manufacturing variations in hardware to create unique identifiers, for hardware identification and key generation, further strengthening security measures and providing a robust root of trust. By combining these technologies, the research offers a comprehensive solution for securing critical infrastructure in the evolving landscape of edge computing and beyond.