Data security is a major concern for a wide range of applications, including medical, retail, and gaming applications. These and many other applications involve sensitive personal and financial data that must be protected against theft and unauthorized manipulation. To protect this data, it is often necessary to encrypt communications with the outside world, and to encrypt data stored locally. With the release of the Intel® Advanced Encryption Standard (AES) New Instructions (AES-NI) in the 2010 Intel® Core™ processor family, these encryption tasks can be performed with greater efficiency.
Before we dig into the details of the new instructions, let’s review the basics of encryption. A growing range of applications need encryption to meet government or industry requirements. In the medical field, for example, HIPAA requires personal data to be encrypted when it is transmitted over the public Internet. The recently-passed HITECH Act adds breach notification and enforcement capabilities for unencrypted data, which means there is a strong incentive to encrypt all data, even when it is at rest in local storage. Similarly, the Payment Card Industry Data Security Standard (PCI DSS) requires encryption of stored and transmitted cardholder data.
There are many ways to encrypt data, but AES has emerged as a clear favorite. For example, AES has been adopted by the US government, and is the first publicly accessible and open cipher approved by the NSA for top secret information. The standard is supported in a wide range of software and communications protocols. For example, it is supported by the TSL/SSL protocols used to protect Internet traffic.
Intel AES-NI adds seven new instructions that accelerate the most computationally-intensive sections of the AES algorithm. As shown in Figure 1, four instructions support encryption and decryption, while two support key expansion. The final instruction supports AES in Galois Counter Mode (AES-GCM). These instructions significantly reduce the number of compute cycles required to process the AES algorithms.
Figure 1. The Intel AES-NI instructions accelerate encryption and decryption at several key stages.
The degree of speedup depends on how you use AES. Three common ways to use AES are as follows (see the white paper Securing the Enterprise with Intel AES-NI for details):
- Full-disk encryption
- Application-level encryption
- Secure transactions on Internet
Of these use cases, full-disk encryption is probably the most significant for embedded applications. As the name implies, full-disk encryption (FDE) encrypts the entire contents of a drive, with one small exception—the master boot record (MBR) must be left unencrypted so the system can boot. One common way to implement FDE is with the BitLocker feature available in Microsoft* Windows Embedded Standard 7.
The key benefit of full-disk encryption is that the data is secure even if the drive is physically removed. This feature makes FDE attractive for embedded applications where devices are left unattended, such as kiosks and ATMs. The downside is that FDE can significantly impact performance. As shown in Figure 2, Intel AES-NI significantly closes the gap between encrypted and unencrypted drives. (See AnandTech for the details of this benchmark. Also note that this discussion assumes use of a software-based FDE. You can also use hardware-based FDE to minimize the performance impact.)
PCMark Vantage HDD
\% of Unencrypted Performance
Intel® Core™ i5 661
Intel® Core™ i5 661
Intel® Core™ i5 750 (no Intel AES-NI)
Figure 2. Intel AES-NI significantly closes the performance gap between encrypted and unencrypted drives.
In addition to protecting the entire hard drive, AES can be used to protect only the sensitive data. In a retail application, for example, you might want to encrypt credit card data but leave other data unencrypted. Figure 3 illustrates the speedup you can expect from the new instructions. Here Tom’s Hardware is comparing raw encryption performance between a quad-core Intel® Core™ i7-870 without Intel AES-NI against a dual-core Intel® Core™ i5-661 with Intel AES-NI. Even with only half the number of cores, the Intel Core i5-661 comes out well in the lead. Other benchmarks have reported a speedup on the order of 10X.
Figure 3. Intel AES-NI significantly speeds up encryption of individual files.
Finally, AES can be used to secure communications across the Internet. This area of encryption is unlikely to be a bottleneck for most embedded systems, but the extra efficiency will provide a bit of additional headroom.
To take advantage of Intel AES-NI, look for a system with a Clarkdale or Arrandale Intel Core processor. One example product is the DFI-ITOX CP330-NRM microATX motherboard. This board is available with two processors that offer Intel AES-NI, the Intel® Core™ i7-620M and the Intel® Core™ i5-520M. Other features of the motherboard include:
- Up to 8GB of DDR3 800/1066 MHz dual-channel memory
- Two Gigabit Ethernet controllers
- Support for Intel® Active Management Technology (Intel® AMT 6.0) and Trusted Platform Module (TPM 1.2)
- VGA, DVI, and 24-bit LVDS interfaces with dual-display capability
- Six Serial ATA ports with speeds up to 3Gb/s and RAID 0, 1, 5 and 10 support
- Twelve USB 2.0 ports
- Four Serial COM ports
- Expansion via one CompactFlash* socket, one PCI Express* x16 slot, one PCI Express x4 slot, and one PCI* slot
There is much more to the story on Intel AES-NI than I can cover here. I recommend that you follow the links in this story for more information, including details on how to use the new instructions. I also encourage you to watch the free presentation Improve the Manageability and Security of Your Embedded Devices With Intel® vPro™ Technology. This class covers a number of related topics, including meeting PCI DSS. Take a look and let me know if you have any questions!
DFI-ITOX and Microsoft are Associate members of the Intel® Embedded Alliance.
Roving Reporter (Intel Contractor)
Intel® Embedded Alliance
Embedded Innovator magazine
To view other community content focused on security, see “Security – Top Picks.”