The popular encryption standard, the Advanced Encryption Standard (AES), was adopted by the U.S. government in 2001, and is widely used today across the software ecosystem to protect network traffic, personal data and corporate IT infrastructure. AES applications include secure commerce, data security in database and storage, secure virtual machine migration, and full disk encryption. According to an IDC Encryption Usage Survey , the most widely used applications are corporate databases and archival backup. Full disk encryption is also receiving lots of attention.
In order to achieve faster, more secure encryption -- which makes the use of encryption feasible where it was not before -- Intel introduced the Intel Advanced Encryption Standard New Instructions (IntelAES-NI), a set of seven new instructions in the Intel Xeon processor family and the 2nd gen Intel Core processors:
- Four instructions accelerate encryption and decryption.
- Two instructions improve key generation and matrix manipulation.
- The seventh aids in carry-less multiplication.
By implementing some complex and costly sub-steps of the AES algorithm in hardware, AES-NI accelerates execution of the AES-based encryption. The results include performance improvement implications, and cryptographic libraries that independent software vendors (ISVs) can use to replace basic AES routines with these optimizations.
AES-NI implements in hardware some sub-steps of the AES algorithm. This speeds up execution of the AES encryption/decryption algorithms and removes one of the main objections to using encryption to protect data: the performance penalty.
To be clear, AES-NI doesn’t implement the entire AES application. Instead, it accelerates just parts of it. This is important for legal classification purposes because encryption is a controlled technology in many countries. AES-NI adds six new AES instructions, four for encryption and decryption, one for the mix column, and one for generating next round text. These instructions speed up the AES operations in the rounds of transformation and assist in the generation of the round keys. AES-NI also includes a seventh new instruction: CLMUL. This instruction could speed up the AES-GCM and binary Elliptical Curve Cryptography (ECC), and assists in error-correcting codes, general-purpose cyclic redundancy checks (CRCs) and data de-duplication. It particularly helps in carry-less multiplication, also known as “binary polynomial multiplication.”
Besides the performance benefit of these instructions, execution of instructions in hardware provides some additional security in helping prevent software side-channel attacks. Software side channels are vulnerabilities in the software implementation of cryptographic algorithms. They emerge in multiple processing environments (multiple cores, threads or operating systems).Cache-based software side-channel attacks exploit the fact that software-based AES has encryption blocks, keys and lookup tables held in memory. In a cache collision-timing side-channel attack, a piece of malicious code running on the platform could seed. For more information on the AES new instructions, see this report . For more information on the CLMUL instruction and its handling of carry-less multiplication, see explanation.
Encryption Usage Models
There are three main usage models for AES-NI: network encryption, full disk encryption (FDE) and application-level encryption. Networking applications use encryption to protect data in flight with protocols encompassing SSL, TLS, IPsec, HTTPS, FTP and SSH. AES-NI also assists FDE and application-level models that use encryption to protect data at rest. In all three of these models, improved performance is gained. Such performance improvements can enable the use of encryption where it might have otherwise been impractical due to performance impact.
In today’s highly networked world, Web servers, application servers and database back-ends all connect via an IP network through gateways and appliances. SSL is typically used to deliver secure transactions over the network. It’s well-known for providing secure processing for banking transactions and other ecommerce, as well as for enterprise communications (such as an intranet).
Where AES-NI provides a real opportunity is in reducing the computation impact (load) for those SSL transactions that use the AES algorithm. There is significant overhead in establishing secure communications, and this can be multiplied by hundreds or thousands, depending on how many systems want to concurrently establish secure communications with a server. Think of your favorite online shopping site during the holiday season. Integrating AES-NI would improve performance by reducing the computation impact of all these secure transactions.
With the growing popularity of cloud services, secure HTTPS connections are getting increased attention -- and use. The growth in cloud services is putting enormous amounts of user data on the Web. To protect users, operators of public or private clouds must ensure the privacy and confidentiality of each individual’s data as it moves between client and cloud. This means instituting a security infrastructure across their multitude of service offerings and points of access. For these reasons, the amount of data encrypted, transmitted, and decrypted in conjunction with HTTPS connections is predicted to grow as clouds proliferate.
For cloud providers, the performance and responsiveness of transactions, streaming content and collaborative sessions over the cloud are all critical to customer satisfaction. Yet the more subscribers cloud services attract, the heavier the load placed on servers. This makes every ounce of performance that can be gained anywhere incredibly important. AES-NI and its ability to accelerate the performance of encryption/ decryption can play a significant role in helping the cloud computing movement improve the user experience and speed up secure data exchanges.
Most enterprise applications offer some kind of option to use encryption to secure information. It is a common option used for email, and for collaborative and portal applications. ERP and CRM applications also offer encryption in their architectures with a database backend. Database encryption offers granularity and flexibility at the data cell level, column level, file system level, table space and database level. Transparent data encryption (TDE) is a feature on some databases that automatically encrypts the data when it is stored to the disk and decrypts it when it is read back into memory. Retailers can use features like TDE to help address PCI-DSS requirements. University and health care organizations can use it to automatically encrypt their data to safeguard social security numbers and other sensitive information on disk drives and backup media from unauthorized access. Since AES is a supported algorithm in most enterprise application encryption schemes, the use of AES-NI provides an excellent opportunity to speed up these applications and enhance security.
Full disk encryption (FDE) uses disk encryption software, which encrypts every bit of data that goes on a disk or disk volume. While the term FDE is often used to signify that everything on a disk is encrypted, including the programs that boot OS partitions, the master boot record (MBR) is not and thus this small part of the disk remains unencrypted. FDE can be implemented either through disk encryption software or an encrypted hard drive. Direct-attached storage (DAS) is commonly connected to one or more Serial-attached SCSI (SAS) or SATA hard drives in the server enclosure. Since there are relatively few hard disks and interconnects, the effective bandwidth is relatively low. This generally makes it reasonable for a host processor to encrypt the data in software at a rate compatible with the DAS bandwidth requirements.
In addition to protecting data from loss and theft, full disk encryption facilitates decommissioning and repair. For example, if a damaged hard drive has unencrypted confidential information on it, sending it out for warranty repair could potentially expose its data. Consider, for instance, the experience of the National Archives and Records Administration (NARA). When a hard drive with the personal information of around 76 million servicemen malfunctioned, NARA sent it back to its IT contractor for repairs. By failing to wipe the drive before sending it out, NARA arguably created the biggest government data breach ever. Similarly, as a specific hard drive gets decommissioned at the end of its life or re-provisioned for a new use, encryption can spare the need for special steps to protect any confidential data. In a data center with thousands of disks, improving the ease of repair, decommissioning and re-provisioning can save money.
In summary, these AES-NI capabilities are able to make performance-intensive encryption feasible and can be easily applied into various usage models.