Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encrypting the Internet 09/01/10

Published byEugenio Flores Pinto Modified over 5 years ago

Similar presentations

Presentation on theme: "Encrypting the Internet 09/01/10"— Presentation transcript:

1 Encrypting the Internet 09/01/10
M. Kounavis, X. Kang, K. Grewal, M. Eszenyi, D. Durham Intel Corporation S. Gueron Intel Corporation and Univ. of Haifa

2 Problem Space Trends/facts Problem statement Is this possible?
50,000,000 web sites but only 600,000 enable SSL/TLS Problem statement how do we secure the Internet? encrypt sites authentication everywhere Is this possible?

3 Anatomy of a TLS Session
RSA decrypt: >2 million clocks RSA encrypt client public key server pre-master secret decrypted pre-master secret AES encryption and authentication key encrypted and authenticated data: >2 million clocks encryption is costly

4 Accomplishment CPUs are now capable of: Symmetric encryption:
encrypting packets at line rates Symmetric encryption: New AES instructions (AES-NI) 4-12x speedup Asymmetric encryption: RSA optimizations 40% speedup

5 Out of Scope Certificate/trust management
Malicious software/viruses/worms Privacy breaches at the end-system

6 What is AES? US Standard for symmetric encryption FIPS 197
128-bit blocks, 128, 192 or 256-bit keys AES round 10 (128), 12 (192) or 14 (256) rounds AES key schedule

7 AES: Walkthrough a0 a0 a0 invert in GF(28) affine map a0 a0 a4 a8 a12

8 AES: Walkthrough a0 a0 a0 invert in GF(28) S-box substitution
SubBytes() invert in GF(28) a0 a0 a4 a8 a12 a1 a5 a9 a13 a0 a2 a6 a10 a14 a3 a7 a11 a15 affine map a0

9 AES: Walkthrough SubBytes() example 07 87 3a 1b b4 16 66 c9 1a fd 67
75 d3 f2 d7 2e 2d e4 1c 63 aa 67 6e 29 71 5c 96 19 c8 38 ea a2 44 c6 ff d3 12 43 21 0a b7 51 84 3f a9 a3 a7 a11 a15 a2 a6 a10 a14 a1 a5 a9 a13 a0 a4 a8 a12 SubBytes() example

10 AES: Walkthrough 1b 07 87 3a 66 c9 b4 16 fd 67 a9 1a d1 5f 75 d3 07 87
byte permutation ShiftRows() 1b 07 87 3a 66 c9 b4 16 fd 67 a9 1a d1 5f 75 d3 07 87 3a 1b b4 16 66 c9 1a fd 67 a9 d1 5f 75 d3

11 AES: Walkthrough 2 = x 1 3 d1 d8 fd 81 66 cd 1b c5 linear diffusion
MixColumns() c5 41 97 16 cd b8 3d ab 81 d6 7c e7 d8 d9 39 bf 1b 07 87 3a 66 c9 b4 16 fd 67 a9 1a d1 5f 75 d3

12 AES: Walkthrough = AddRoundKey() c5 41 97 16 cd b8 3d ab 81 d6 7c e7
39 bf 1b 07 87 3a 66 c9 b4 16 fd 67 a9 1a d1 5f 75 d3 f2 15 11 01 c9 83 de b1 1e 20 cb 32 d9 00 9a bf 37 54 86 17 04 3b e3 1a 9f f6 b7 d5 01 d9 a3 00 = AddRoundKey()

13 (combinatorial logic)
What is AES-NI? code without AES-NI (table lookups) AES-NI (combinatorial logic)

14 Also CLMUL, AESIMC, AESKEYGENASSIST
The New Instructions ShiftRows() SubBytes() MixColumns() AddRoundKey() InvShiftRows() InvSubBytes() AddRoundKey() AESENCLAST AESENC ShiftRows() SubBytes() AddRoundKey() InvShiftRows() InvSubBytes() InvMixColumns() AddRoundKey() AESDECLAST AESDEC Also CLMUL, AESIMC, AESKEYGENASSIST

15 Restructuring RSA Big Number Multiply (Any Algorithm) BEFORE
Monolithic Montgomery Implementation Big Number Multiply (Any Algorithm) plug any multiplication algorithm here Reduction Using 1.5 multiplies AFTER e.g., 9 by 9 Karatsuba-like Multiplier e.g., ASM Schoolbook Multiplier

16 TLS 1.2 Combined mode algorithm support (AEAD)
encryption, authentication Enables fast AES-GCM implementations We developed the first public domain implementation TLS 1.2 with AES-GCM

17 AES Instruction Performance
24 clocks 6 clocks 2 clocks1 AES round latency (table lookups) AES-NI latency AES-NI throughput 1AESENC, AESENCLAST, AESDEC, AESDECLAST throughput on Westmere processor Westmere is the codename for the family of 32nm processors based upon the Intel® microarchitecture codename Nehalem

18 Crypto Algorithm Performance
AES-NI: OFF AES-NI: ON 16.1 4.1 19.3 1.3 15.6 1.2 29.5 3.9 AES-128 CBC encrypt AES-128 CTR encrypt AES-128 ECB encrypt AES-128 GCM encrypt (cycles/byte) encryption only encryption + authentication

19 TLS 1.2 Performance Intel® Core™ i5 661 w/o AES-NI
501 SSL sessions/sec 835 SSL sessions/sec 2.17 million RSA 1024 1216 SSL sessions/sec cost (CPU clocks) 1.34 million AES 2.30 million 1.34 million RSA 1024 0.58 million AES RSA 1024 0.19 million 1.18 million 1.18 million SHA1 SHA1 0.37 million GCM other 0.73 million other 0.73 million 0.73 million other Intel® Core™ i w/o AES-NI Intel® Core™ i w/ AES-NI, CBC Intel® Core™ i5 661` w/ AES-NI, GCM Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations. Source: Intel Internal measurements using internal benchmarks on an early reference server with two Westmere CPUs: frequency 3.20GHz, single core, single threaded, cache size: KB; Memory:12 GB; OS: Linux fedora fc10.x86_64; session size = 140KB.  As of August 31, 2009. session size = bytes

20 Conclusion Substantial crypto performance boost Future work
1(8) cores to saturate 1(10) Gbps links Specialized appliances more expensive Future work RSA 2048/3072 acceleration SHA-3 winning algorithm Public trials Can we encrypt the Internet?

21 Questions?

Download ppt "Encrypting the Internet 09/01/10"

Similar presentations

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.

Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Advanced Encryption Standard

Advanced Encryption Standard
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Study of AES Encryption/Decription Optimizations Nathan Windels.

Study of AES Encryption/Decription Optimizations Nathan Windels.
Cryptography and Network Security

Cryptography and Network Security
Cryptography and Network Security

Cryptography and Network Security
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:

Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.

Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Dan Boneh Block ciphers The AES block cipher Online Cryptography Course Dan Boneh.

Dan Boneh Block ciphers The AES block cipher Online Cryptography Course Dan Boneh.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.

Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google