Intel CPU Enhances Data Security

The protection of both local and online data is of paramount importance in today's IT environment, and the potential costs of a data breach, in terms of both money and reputation, can be sky-high. The last line of defense is data encryption: Even if data is compromised, advanced crypto schemes can make it irretrievable or unusable by the snoop.

To a large extent, data encryption means the Advanced Encryption Standard. AES is an open cipher that has been adopted by many world governments, the U.S. included, and is so good that it's even NSA-approved. Where AES benefits the corporate world is in encrypting database information and providing SSL, HTTPS, IPsec, and other secure transactions, as well as desktop basics like disk-level encryption and file compression security.

As a widely used encryption standard, AES is supported by a range of software applications. Until now, indeed, it's been software -- a job requiring heavy number-crunching by a CPU. Intel's newest "Westmere" processors, however, change that: They're hard-wired for AES.

Enter AES-NI

The chipmaker's newest Core i5 and i7 (but not Core i3) desktop and mobile CPUs introduce AES-NI, a set of extensions (or New Instructions) to the venerable x86 instruction set. AES-NI includes six instructions that accelerate and improve the encryption and decryption processing of applications supporting AES.

The process is very technical, with four instructions handling encryption/decryption and the other two performing key expansion, but at its base, AES-NI supplies hardware support for the popular AES standard. This helps improve performance at various sections of the AES algorithm, to the point where Intel has stated that there will be no performance penalty for encryption or decryption with AES-NI supported software.

By incorporating the AES-NI instruction set into Westmere, Intel has made advanced cryptography not only faster, but significantly less expensive or simpler to implement. These are both important factors for any business, as standard encryption techniques can be very CPU-intensive, and in the online transaction world, time really is money.

In addition to the performance boost, AES-NI mitigates the effects of the ever-popular side-channel attack, which uses multitasking to hide itself within various processes. This is due to the encryption/decryption processing being done within hardware, without the use of tables that are vulnerable to timing- and cache-based attacks in AES software implementations. This protection is possible with an extra software security layer, but again, that would just add to the performance hit on standard platforms.

AES-NI Accelerated Performance

AES can use a 128-, 192-, or 256-bit cipher key. The longer the key, the greater the number of steps in the encryption/decryption process and the more of a performance penalty it will incur. But from Intel's perspective, the longer the cipher key, the higher the comparable performance gain on a Westmere Core i5/i7 processor.

This is borne out in Intel-sponsored performance results, and the new Westmere processors offer higher relative performance and data throughput per cycle using AES-256 compared to AES-128 or -192. In its AES whitepaper, Intel projects very substantial performance gains when dealing with bulk data encryption/decryption jobs, and even in a worst-case scenario would still provide two to three times the performance of a software-based solution.

Naturally, the level of software optimization is a key factor; the faster software can provide the pipelined CPU with data, the faster the AES processing can occur. This sounds a lot like the SSE-speak Intel is famous for, with wild performance claims being tossed around, but with the caveat of needing "fully optimized software" which never really appears before being superseded by the next instruction set.

Even the application programming model follows that of the Intel SSE design, and if operating systems support the SSE state, they can also handle the necessary CPUID checks for AES-NI functionality. And since it's based on an existing open standard, software support is already there in many cases, and easy to implement in others. Intel has added AES-NI support to its popular Intel Integrated Performance Primitives (Intel IPP) library to aid in the transition.

Real-world performance results have shown definite gains when using Westmere-based processors and AES software, though not close to the numbers Intel has quoted. Part of this is due to the lack of industry-standard benchmarks that properly duplicate a large business server environment, but at least the results do indicate that performance gains using AES-256 far outstrip those achieved at AES-128.

Toss in a few synthetic benchmarks like SiSoft Sandra or Everest, and the AES encryption numbers on a Westmere will make you think Intel has hit the mother lode. But like the MMX/SSE multimedia instructions, which also showed insanely high synthetic scores, the real-world improvements for most users will be minimal, and only large server-based environments will incur the sheer volume needed to turn those small increments into noticeable gains. But under the right circumstances, the math does make sense. Even one or two seconds per secure transaction can really add up.

Leaving AMD in the Crypto-Dust

The addition of AES-NI also creates yet another competitive advantage over Intel's longtime rival AMD, which (naturally) has no shipping processors supporting AES-NI and isn't expected to until next year. As the number of performance comparisons increased and the press started giving it more attention, AES-NI has turned into a desirable feature for a new processor. I guess the gearheads will fight over any performance metric, even though AMD doesn't even have a horse in this particular race.

Intel's AES-NI will certainly find a home in the server environment, where its incremental performance gains and enhanced security offer a win-win scenario. But with implementation across a wide range of Westmere processors, AES-NI is also a power-to-the-people technology, and programs as basic as WinZIP and BitLocker currently support it. The performance gains will not be the main selling point on the desktop or laptop, but as many hackers have dropped the risky “big score” mentality and settled for breaching individual PCs instead, the bolstered security features should be.