Intel AES-NI Application Performance

•Download as PPTX, PDF•

1 like•969 views

Niall O'Connor

An investigation into the application impact of employing Intel AES-NI

Software

Less Painful Application Encryption
April, 2015
Niall O’Connor
Chief Technology Officer
Boston Security Conference #4

WE ENCRYPT A LOT OF DATA
Patient Data
PGP Encryption
Transform Raw
Data Into Results
AES 256 bit Encryption
AES Decryption
AES Decryption
AES Decryption

Encryption as a Persistence Rule
● Readable
● Understandable encryption model
● No database dependency

ENCRYPTION PERFORMANCE IMPACT
IS OVERSTATED
…but worth minimizing.

OPTIMIZING THE ADVANCED
ENCRYPTION STANDARD
(AES)

Full Round
SubBytes – Each byte was substituted
ShiftRows – Last three rows of block is shifted cyclically
MixColumns – Block columns are shifted
AddRoundKey
Last Round
SubBytes
ShiftRows
AddRoundKey
128 bit Key = 10
192 bit Key = 12
256 bit Key = 14
First Round
AddRoundKey – Each byte is XOR’d with each byte of round key
KeyExpansion – create round keys from cipher key
AES Algorithm

Block Cipher Mode of Operation
0
50
100
150
200
250
300
350
CFB CTR OFB CBC ECB
ms
Mode
44%

Block Cipher Mode of Operation
0
50
100
150
200
250
300
350
CFB CTR OFB CBC ECB
ms
36%

Provider Library
0
50
100
150
200
250
BC SunJCE NSS
ms
Encrypt
Decrypt
36%

ADVANCED ENCRYPTION STANDARD
NEW INSTRUCTIONS
(AES-NI)

Full Round
SubBytes
ShiftRows
MixColumns
AddRoundKey
Last Round
SubBytes
ShiftRows
AddRoundKey
First Round
AddRoundKey
KeyExpansion
AESENC/AESDEC
AESENCLAST/AESDECLAST
AESENC/AESDEC
AESKEYGENASSIST
AES Algorithm Steps
Intel AES-NI Hardware
Operations

Provider Library (AES-NI)
0
50
100
150
200
250
BC SunJCE NSS
ms
Provider Library
AES
AES-NI
136.5ms
93%

AES-NI Impact on Key Length
0
20
40
60
80
100
120
140
160
180
128 bit 192 bit 256 bit
AES
AES-NI

AES-NI Key Length
0
5
10
15
20
25
30
35
40
128→192 128→256
AxisTitle
Axis Title
AES
AES-ni

Average Attribute Request Time
0
0.5
1
1.5
2
2.5
3
3.5
AES AES-NI
ms
Processing
DB.attributeDesc
Decrypt
Deserialization
DB.attribute
3.7%

Platelet Count Request Time
0
0.5
1
1.5
2
2.5
3
3.5
AES AES-NI
ms
processing
DB.attributeDesc
decryptTime OFF
deserializeTime OFF
DB.attribute
8.9%

Scaling Decryption Time
0
10
20
30
40
50
60
70
80
90
765 1000 10000 100000
ms
Patients
AES
AES-NI

Conclusion
• Choose your Provider Library wisely
• Operating mode
• Key Length
• Encryption not an application
bottleneck
• Scalable data encryption

Acknowledgements
Ketan Patel and David Houlding @ Intel
Ryan Kophs @ GenoSpace
Any Questions?
Niall O’Connor
Chief Technology Officer
Boston Security Conference #4

Similar to Intel AES-NI Application Performance

Aes

Day5

RC4&RC5

RC4&RC5

Iaetsd an survey of efficient fpga implementation of advanced encryption

Iaetsd Iaetsd

DESIGN%20AND%20IMPLEMENTATION%20OF%20DATA%20SECURITY%20USING%20ADVANCED.pptx

Dharani675311

Iaetsd enhanced cryptography algorithm for providing

Iaetsd Iaetsd

Network security cs5

Infinity Tech Solutions

Fundamentals of Information Encryption

Amna Magzoub

Advanced encryption standard (aes)

farazvirk554

Computer security module 2

Deepak John

Secured and opportune transmission of data alwaysis a significant feature for any organization. Robust encryption techniques and algorithms always facilitate in augmenting secrecy, authentication and reliability of data. At present, Advanced Encryption Standard (AES) patronized by NIST is the most secure algorithm for escalating the confidentiality of data. This paper mainly focuses on an inclusive analysis related to the security of existing AES algorithm and aim to enhance the level security of this algorithm. Through some modification of existing AES algorithm by XORing an additional byte with s-box value, we have successfully increased the Time Security and Strict Avalanche Criterion. We have used random additional key for increasing security. Since this key is random, result of security measurement sometimes fluctuates.

Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...

IJCNCJournal

An Efficient VLSI Design of AES Cryptography Based on DNA TRNG Design

IRJET Journal

Block Ciphers and DES.pptx

DrAnilKannur1

Information and data security block cipher and the data encryption standard (...

Mazin Alwaaly

Encryption is a favorite of security and compliance professionals everywhere. Many compliance frameworks actually mandate encryption. Though encryption is important, it is also treacherous. Cryptographic protocols are subtle, and researchers are constantly finding new and creative flaws in them. Using encryption correctly, especially over time, also is expensive because you have to stay up to date. AWS wants to encrypt data. And our customers, including Amazon, want to encrypt data. In this talk, we look at some of the challenges with using encryption, how AWS thinks internally about encryption, and how that thinking has informed the services we have built, the features we have vended, and our own usage of AWS.

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

Amazon Web Services

An Efficient VLSI Architecture for AES and It's FPGA Implementation

IRJET Journal

Chapter# 3 modified.pptx

Maryam522887

ch06.ppt

AbhishekVishwakarma964719

Block Ciphers and the Data Encryption Standard

Dr.Florence Dayana

Similar to Intel AES-NI Application Performance (20)

Aes

Day5

RC4&RC5

Iaetsd an survey of efficient fpga implementation of advanced encryption

DESIGN%20AND%20IMPLEMENTATION%20OF%20DATA%20SECURITY%20USING%20ADVANCED.pptx

Iaetsd enhanced cryptography algorithm for providing

Network security cs5

Fundamentals of Information Encryption

Advanced encryption standard (aes)

Computer security module 2

Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...

An Efficient VLSI Design of AES Cryptography Based on DNA TRNG Design

Block Ciphers and DES.pptx

Information and data security block cipher and the data encryption standard (...

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

An Efficient VLSI Architecture for AES and It's FPGA Implementation

Chapter# 3 modified.pptx

ch06.ppt

Block Ciphers and the Data Encryption Standard

Recently uploaded

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2

WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...

WSO2

WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration

WSO2

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

WSO2

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Driving Innovation: Scania's API Revolution with WSO2

WSO2

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in Tembisa ● Abortion Pills For Sale in Tembisa ● Tembisa 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

WSO2

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

WSO2

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

WSO2CON 2024 Slides - Unlocking Value with AI

WSO2

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

WSO2Con204 - Hard Rock Presentation - Keynote

WSO2

WSO2Con2024 - Unleashing the Financial Potential of 13 Million People

WSO2

WSO2CON 2024 - How to Run a Security Program

WSO2

WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity

WSO2

WSO2Con2024 - Low-Code Integration Tooling

WSO2

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

Recently uploaded (20)

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...

WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Driving Innovation: Scania's API Revolution with WSO2

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

%in Soweto+277-882-255-28 abortion pills for sale in soweto

WSO2CON 2024 Slides - Unlocking Value with AI

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

WSO2Con204 - Hard Rock Presentation - Keynote

WSO2Con2024 - Unleashing the Financial Potential of 13 Million People

WSO2CON 2024 - How to Run a Security Program

WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity

WSO2Con2024 - Low-Code Integration Tooling

Architecture decision records - How not to get lost in the past

Intel AES-NI Application Performance

1. Less Painful Application Encryption April, 2015 Niall O’Connor Chief Technology Officer Boston Security Conference #4

2. MAKE PERSONALIZED MEDICINE A REALITY

4. WE ENCRYPT A LOT OF DATA Patient Data PGP Encryption Transform Raw Data Into Results AES 256 bit Encryption AES Decryption AES Decryption AES Decryption

5. Transparent Encryption & Optimization

6. Encryption as a Persistence Rule ● Readable ● Understandable encryption model ● No database dependency

7. ENCRYPTION PERFORMANCE IMPACT IS OVERSTATED …but worth minimizing.

8. OPTIMIZING THE ADVANCED ENCRYPTION STANDARD (AES)

9. Full Round SubBytes – Each byte was substituted ShiftRows – Last three rows of block is shifted cyclically MixColumns – Block columns are shifted AddRoundKey Last Round SubBytes ShiftRows AddRoundKey 128 bit Key = 10 192 bit Key = 12 256 bit Key = 14 First Round AddRoundKey – Each byte is XOR’d with each byte of round key KeyExpansion – create round keys from cipher key AES Algorithm

10. Block Cipher Mode of Operation 0 50 100 150 200 250 300 350 CFB CTR OFB CBC ECB ms Mode 44%

11. ECB Not so Fast

12. Block Cipher Mode of Operation 0 50 100 150 200 250 300 350 CFB CTR OFB CBC ECB ms 36%

13. Provider Library 0 50 100 150 200 250 BC SunJCE NSS ms Encrypt Decrypt 36%

14. ADVANCED ENCRYPTION STANDARD NEW INSTRUCTIONS (AES-NI)

15. Full Round SubBytes ShiftRows MixColumns AddRoundKey Last Round SubBytes ShiftRows AddRoundKey First Round AddRoundKey KeyExpansion AESENC/AESDEC AESENCLAST/AESDECLAST AESENC/AESDEC AESKEYGENASSIST AES Algorithm Steps Intel AES-NI Hardware Operations

16. Provider Library (AES-NI) 0 50 100 150 200 250 BC SunJCE NSS ms Provider Library AES AES-NI 136.5ms 93%

17. AES-NI Impact on Key Length 0 20 40 60 80 100 120 140 160 180 128 bit 192 bit 256 bit AES AES-NI

18. AES-NI Key Length 0 5 10 15 20 25 30 35 40 128→192 128→256 AxisTitle Axis Title AES AES-ni

19. GenoSpace Population Analytics

20. Average Attribute Request Time 0 0.5 1 1.5 2 2.5 3 3.5 AES AES-NI ms Processing DB.attributeDesc Decrypt Deserialization DB.attribute 3.7%

21. Platelet Count Request Time 0 0.5 1 1.5 2 2.5 3 3.5 AES AES-NI ms processing DB.attributeDesc decryptTime OFF deserializeTime OFF DB.attribute 8.9%

22. Scaling Decryption Time 0 10 20 30 40 50 60 70 80 90 765 1000 10000 100000 ms Patients AES AES-NI

23. Conclusion • Choose your Provider Library wisely • Operating mode • Key Length • Encryption not an application bottleneck • Scalable data encryption

24. Acknowledgements Ketan Patel and David Houlding @ Intel Ryan Kophs @ GenoSpace Any Questions? Niall O’Connor Chief Technology Officer Boston Security Conference #4

Editor's Notes

Nate—should this get moved up to end the first section?

Intel AES-NI Application Performance

Recommended

Recommended

More Related Content

Similar to Intel AES-NI Application Performance

Similar to Intel AES-NI Application Performance (20)

Recently uploaded

Recently uploaded (20)

Intel AES-NI Application Performance

Editor's Notes