Challenge between security and performance
The biggest problem with advanced encryption methods such as AES and CBC is that they require high processing power. Especially with the case of servers, but it can also be a problem for busy client systems, because on them are often installed inferior processors. That means you need to make your choice between getting the best level of security and getting the best performance for your systems. This situation can become difficult to resolve on the server side where solutions such as SSL or IPsec offload card (encryption offload card) are used to cool the processor and allow the processor. do tasks outside of session settings and bulk encryption.
The problem with add-on tags is, they are a standalone application and can or cannot work, depending on what you want to use them for. What we really need here is a general solution that can work in all AES encryption scenarios, the goal is for you not to have to do anything special to offload word encoding work. main processor. What we need is a 'plug and play' solution built into the operating system and motherboard.
Solve the problem with Intel AES-NI
If you agree with what we mentioned above, there are some good news for you - the new Intel AES-NI instruction set, included in Intel's Xeon5600 series processors, meeting these standards. This processor was previously known by the code name Westmere-EP. AES-NI implements a number of AES steps in hardware, right on the processor chip. However, you should know that AES-NI on the processor does not include the entire AES application but only some of its components, which are some components required to optimize performance. encryption rate. AES-NI does this by adding 6 new AES instructions: four for encoding / decoding, one for the 'mix' column and one for the 'next round' text creation (where the number of rounds is controlled by the bit length you choose).
One interesting thing about Intel AES-NI is that, because it is hardware-based, there is no need for the search tables inside the memory and the encryption blocks are executed in the processor. This reduces the chance of successful "side channel attack". In addition, Intel AES-NI allows the system to implement longer key lengths, and the end result gives us more secure data.
At this time, Intel AES-NI currently focuses on three main use cases:
Secure transactions over the Internet and the intranet may include the use of SSL to connect to a secure website on the Internet or the intranet. In addition, IPsec transmission and tunneling modes are becoming popular for securing sessions over the intranet, and in the case of DirectAccess, over the Internet. It should be noted that SSL is used for layer 7 communications encryption, while IPsec is used to secure network level communication (layer 3).
Surely we've heard 'cloud' will be a big problem in computing, and cloud service providers will benefit from Intel AES-NI, where most of their communications are done via an encrypted channel. For IPsec, if there are only a few IPsec connections with one server, SSL offload may be good enough. However, if you have a busy server, Intel AES-NI alone or in combination with SSL offload will be a better solution.
After obtaining the trading component of 'safe transactions'. In addition to application or network level encryption, there is an application-level encryption that can benefit from Intel AES-NI. For example:
It can be said that Intel AES-NI can significantly speed up transaction time and make customers feel happier, employees have better productivity.
Full disk encryption will perform encryption for the entire external disk from the MBR. In addition to Microsoft BitLocker, there are other disk encryption applications that can benefit from Intel AES-NI, such as PGPdisk. The problem with full disk encryption is that it can affect performance, which can prevent users from using it. However, with Intel AES-NI, that performance effect is basically unavailable, users will be able to enable full disk encryption and benefit from it.
Performance improvements
So what kind of performance improvements are there with Intel AES-NI? It's hard to say at this point because the technology is still so new. However, Intel did some tests and what they have received so far is quite good:
Conclude
Encryption is now a requirement in everyone's daily computing life. AES is a new standard for this issue. While encryption allows us to secure our data, there may be a significant performance cost associated with encryption and sometimes the overhead of encryption can take up some processor cycles from public What we want to do is done. In the past you could handle this problem by upgrading to more powerful processors, or adding more processors, or using offload encryption solutions. However, all of these methods have limitations. The new Intel AES-NI significantly improves performance and security by placing new AES-related instructions on the chip. This allows for increased performance and security for some scenarios, such as secure networks and application layer sessions, secure transactions, and full disk encryption with little or no affects the entire processor. Intel AES-NI should be part of any client and server deployment plan, where encryption will be used on an extended basis, such as when DirectAccess is used to connect to the network. company. The combination of Nehalem and Intel AES-NI architecture promises a revolution in computing and improved governance satisfaction while improving performance.
For more information about Intel's Xeon 5600 series processors with Intel AES-NI, please refer here.