Painless Encryption:Intel Advanced Encryption Standard New Instructions (AES-NI)
With the increasing ubiquity of computing devices permeating all areas of our lives at work and at home, the need for encryption has become more important than ever. Desktops, laptops, smart phones, "pad" PCs, PDAs, Blue-ray players, and many more devices all share this need to be able to encrypt sensitive information. Without encryption, everything you send over a network (or even store on a local storage device) is out in the open, for anyone to read anytime he wants to read it. Sure, access controls/permissions offer some protection, but when you're serious about security, encryption has to be a part of your multi-layered security strategy. While you might think that you have nothing to hide, the fact is that information that you think would be of no value to anyone can be leveraged in surprising ways by people who don't have your best interests in mind. Thus, in today's business world, especially, encryption should be considered the default state, not an optional one.
The Importance of Encryption
Think about the scenarios where encryption is used (or should be used) in your daily life:
- When you turn on the laptop and automatically connect to your wireless access point, you're probably using WPA for encryption and using AES as the encryption algorithm.
- When you connect to secure web sites to share information or purchase products, that SSL connection is an encrypted session that's designed to ensure that your personal information is not shared with the rest of the world.
- When your laptop uses BitLocker to encrypt the information on disk, if the laptop is stolen, all that information doesn't become "public domain."
- When you establish a IPsec VPN connection or an IPsec based DirectAccess connection to your company's network, that IPsec connection is secured using AES encryption
There are many more examples, but it is pretty obvious that encryption, and specifically AES encryption, is an integral part of your computing life, whether you knew that or not.
As a network admin, you know that encryption is critical as part of your back-end infrastructure. Hackers are not concerned about taking down your entire network like they used to do with exploits like slammer and blaster. Why? It's because there's no money to be made with network-wide attacks. With hacking incurring more and more severe criminal penalties, most of the bad guys are no longer in it "just for the fun of it." Instead, the hacker of today is an illegal entrepreneur who wants to make money. One way he can do that is by compromising key servers and being very quiet about it. He wants to steal information that's sellable, such as databases full of personal info or your company's trade secrets. The hacker usually can not make money off a downed server, and he can not make money if you find out he's there and stop him before he gets what he wants. Thus, you need to use encryption on the back end as a protective mechanism of "last resort" to prevent the attacker from gaining access to critical information.
Encryption is also a big part of everyday IT regulatory compliance; for example, the following all include encryption as part of their standards:
- HIPAA (Health Insurance Portability and Accountability Act)
- SOX (Sarbanes-Oxley)
- PCI DSS (Payment Card Industry Data Security Standard)
AES: The New Standard
AES is the current U.S. government standard for encryption and replaces the previous standard, triple DES, which used a standard 56-bit key. AES can use variable key lengths, which are characterized as AES-128, AES-192 and AES-256. Depending on the key length, there can be up to 14 rounds of transformation required to produce the final cipher text.
AES also has several modes of operation, including:
- electronic codebook (ECB)
- cipher block chaining (CBC)
- counter (CTR)
- cipher feedback (CFB)
- output feedback (OFB)
Cipher block chaining is the most commonly used mode because it provides an acceptable level of security and is not liable to vulnerability against statistical attacks.
The Challenge: Security vs. Performance
The biggest problem with advanced encryption methods such as AES with CBC is that they are extremely processor intensive. This is especially the case with servers, but it can be an issue for busy client systems too, because of the relatively less powerful processors installed on client systems. This means you may find yourself having to choose between having the best security and getting the best performance out of your systems. This situation can become so problematic on the server side that workarounds, such as SSL or IPsec offload cards (encryption offload cards) are used to take the heat off the processor and enable the processor to do work other than session setup and bulk encryption.
The problem with add-on cards is that they are application dependent and they may or may not work, depending on what you want to use them for. What we really need is a generic solution that works in all AES encryption scenarios, so that you don't have to do anything special to offload the encryption work from the main processor. What we need is a "plug and play" solution that's built into the operating system and the motherboard.
Intel AES-NI to the Rescue
If you agree with this, then there's some good news for you - the new Intel AES-NI instruction set, which is currently available on Intel Xeon5600 series processors, meets these criteria. This processor was previously known by its code name, Westmere-EP. AES-NI executes some of the AES steps in hardware, right on the processor chip. However, you should be aware that the AES-NI on the processor doesn't include the entire AES application, just components of it that are required to optimize encryption performance. AES-NI does this by adding six new AES instructions: four for encryption/decryption, one for the "mix" column, and one for generating the "next round" text (where the number of rounds is controlled by the bit length you choose).
One nice thing about Intel AES-NI is that because it is hardware based there is no need for lookup tables held in memory and the encryption blocks are executed in the processor. This reduces the chances of successful "side channel attacks". In addition, Intel AES-NI enables the system to execute longer key lengths, with the end result being that the data is more secure.
At this time, Intel AES-NI focuses on three primary use cases:
- Secure transactions over the Internet and the intranet
- Full disk encryption (such as that provided by Microsoft BitLocker)
- Application level encryption (part of the secure transaction)
Secure transactions over the Internet and the intranet might include the use of SSL to connect to a secure Web site on the Internet or the intranet. In addition, IPsec tunnel and transport modes are becoming increasingly popular for securing sessions over the intranet, and in the case of DirectAccess, over the Internet. Keep in mind that SSL is used for securing layer 7 communications, while IPsec is used to secure network level (layer 3) communications.
We have been hearing lately that the Cloud is the next big thing in computing, and Cloud service providers will significantly benefit from the Intel AES-NI, where the majority of their communications are over an encrypted channel. As for IPsec, if there are just a few IPsec connections with a server, SSL offload might be good enough. But if you have a busy server, Intel AES-NI alone or in combination with SSL offload is going to be a better solution.
Then there is the transaction component of "secure transactions". In addition to application or network level encryption, there is application level encryption that can benefit from Intel AES-NI. For example:
- Databases can be encrypted
- Email can be encrypted
- Rights management services use encryption
- The file system itself can be encrypted (in contrast to disk level encryption).
- Applications such as Microsoft SQL can use Transparent Data Encryption (TDE) to automatically encrypt entries made into the database.
The bottom line is that Intel AES-NI can significantly speed up transaction time and make customers happier and employees more productive.
Full disk encryption encrypts the entire disk except for the MBR. In addition to Microsoft BitLocker, there are other disk encryption applications that can benefit from Intel AES-NI, such as PGPdisk. The problem with full disk encryption is that it can extract a performance hit, which might lead the users to avoid using it. With Intel AES-NI, that performance hit essentially goes away, and users will be more likely to enable full disk encryption and reap the benefits thereof.
So what kind of performance improvements will you actually see with Intel AES-NI? It's hard to say at this time what you will find out in the wild, since the technology is so new. But Intel has run some tests of their own and what they've found so far looks good:
- With a web banking workload using Microsoft IIS/PHP, they found that when comparing two Nehalem based systems, one with encryption and one without, that there was a 23% increase in the number of users that could be supported on the system. When a Nehalem based system with encryption enabled was compared to a non-Nehalem system, there was a 4.5 times improvement in terms of number of users supported. Those are some amazing stats!
- In a database encryption/decryption test using Oracle 11g, they found that when comparing two Nehalem systems, one with encryption enabled and the other with encryption disabled, that the encryption enabled system showed a 89% time reduction to decrypt a 5.1 million row encrypted table. There was also an 87% reduction in time to encrypt an OLTP-type table and repeatedly insert and truncate one million rows.
- Full disk encryption can be very time consuming for the initial disk encryption. Intel found that when encrypting an Intel 32 GB SDD drive for the first time using McAfee endpoint encryption for PCs, that there was a 42% reduction in time for the first provisioning. That is a profound difference and one that you'll definitely notice if you're ever waited for a full disk encryption process to complete.
Encryption is now a requirement in almost everyone's everyday computing life. AES is the new standard for encryption. While encryption enables us to secure our data, there can be a significant performance cost associated with encryption, and at times the encryption overhead can take away processor cycles from the work we want to get done. In the past you could handle the problem by upgrading to more powerful processors, or adding more processors, or using encryption offload solutions. However, all of these approaches had built-in limitations. The new Intel AES-NI significantly improves performance and security by putting 6 new AES related instructions on the chip. This enables increased performance and security for a number of scenarios, such as secure network and application layer sessions, secure transactions, and full disk encryption with little or no impact to overall processor utilization. Intel AES-NI should be part of any client or server deployment plan where encryption is going to be used on an extensive basis, such as when DirectAccess is used to connect to the corporate network. The combination of Nehalem architecture and Intel AES-NI promises to revolutionize computing and improve user and admin satisfaction while improving productivity.
For more information about the Intel Xeon 5600 series of processors with Intel AES-NI, check out the following link.