What is cryptography, AES and AES-NI?

Cryptography, encryption, identity theft, rootkit, malware - none of this sounds familiar? You're not alone. These are words that identifies with managing, communicating, and protecting information and data in business environment and in our personal life.  Rootkit and malware are nasty software that get below the hypervisor and OS to infect your computer system. Cryptography is the science of secret codes, transforming data from ordinary readable form into unintelligible gibberish in order to provide confidentiality, integrity and authentication for data protection, end to end protection, and access control. The challenge is that historically, cryptography has been complex and computation costly.

Why is cryptography hot in the marketplace today, especially in the enterprise? For starters, over 90 million consumers have been notified of potential security breaches regarding personal information since 2005 per privacyrights website. The rate is accelerating and the attacks are more complex and harder to detect. There is a shift from attacks that infects millions of computers to one which targets a few banks/government agencies with sensitive financial and personally identifiable information. In the highly virtualized environment of computing today, several virtual machines share the same hardware resources. The hardware resources needs more secure protection as there are more eggs in one basket. Encryption provides the defense in depth that even if the systems are compromised, information is lost, it is still possible to make the information unusable through symmetric, asymmetric, and hash crypto schemes. Encryption also provides data protection increasingly important due to HIPPA (health), SOX (US companies), and PCI (payment card industry) regulation compliance

Asymmetric cryptography involving a public and private key, symmetric cryptography with just one key, and hashes are all cryptography types. Advanced Encryption Standard (AES) is a type of symmetric cryptography that has been adopted by the US government as well as other governments in the world.  Three main enterprise AES usage models include secure transactions with SSL/HTTPS/FTP/SSH/Ipsec, software full disk encryption (FDE), and application level encryption in databases, mail servers etc.

As for AES-NI, it comprises 7 instructions for accelerating different sub-steps of the AES algorithm. 4 instructions to perform the first round and last round of the 10/12/14 rounds of transformation that encrypts 128b of data from plaintext to ciphertext and vice versa. 1 instruction for mix column operation and 1 instruction for generating the next round key. The 7th instruction, CLMUL, does the packed carry-less multiply in hardware. The benefit are reduction of software side-channel attacks and reduction of performance overhead.

To find out more, please attend my class "Securing the Enterprise with AES-NI" class with Michael Kounavis and come see the "Westmere-EP Encrypting the Internet" demo at Fall IDF in San Francisco.