Cloud native EDA tools & pre-optimized hardware platforms
Dana Neustadter, Sr. Product Marketing Manager for Security IP, Synopsys
Data that is created and transferred between billions of devices and the cloud is growing exponentially. More and more devices are entering the market, the cloud is expanding to the network edge and new applications are emerging. All these factors are drivers for technological advances in high-performance computing (HPC), reshaping system-on-chip (SoC) designs to address the need for more acceleration, more storage capacity, new compute architectures, and increased bandwidths for faster data movement.
High bandwidth interfaces such as DDR, PCIe, CXL, and Ethernet are proliferating, and their speeds continue to increase from generation to generation.
While the technology is undergoing a revolution and data is growing rapidly, the security of data and systems is paramount because with poor security mechanisms attackers might aim to profit from secret information and interfere with private citizens’ lives, or company and government operations.
Multiple factors propel these security needs:
Whether for data-in-transit or data-at-rest protection, security solutions need to support the latest interfaces bandwidth and low latency requirements, and in minimum area.
Memory and storage security involves protecting storage resources and the data stored on them, both on-premises and in external data centers and the cloud.
With HPC, the volume and variety of data are growing, as is the need for higher capacity, faster access, and accelerated processing. Designers are turning to high-performance, low-latency memory encryption solutions to preserve performance while protecting data over the latest generations of DDR, LPDDR, GDDR, and HBM memory interfaces.
AES-XTS, or as it is sometimes referred XTS-AES, is the de-facto cryptographic algorithm for protecting the confidentiality of data-at-rest on storage devices. It is a standards-based symmetric algorithm defined by NIST SP800-38E and IEEE Std 1619-2018 specifications, that by its nature allows for pipelined architectures that can scale in performance to Terabits per second (Tbps) bandwidth. The Ciphertext stealing (CTS) mode provides support for data units with size that is not divisible by the 16-byte block size of the underlying AES cipher.
AES-XTS is the critical component for memory security in HPC applications. It needs to be highly optimized and scale to support increasing bandwidths while keeping the latency and area as low as possible and allowing for seamless SoC physical design and timing closure. In addition to being fully compliant with the cryptographic specifications, AES-XTS solutions need to support encryption, and decryption for all key sizes, allow for seamless context switching for a high number of contexts, support efficient keys setup/refresh, and be certifiable, for example to the FIPS 140-3 Level 2 requirements as a typical target, or Level 3 for more sensitive applications.
When looking for storage or memory encryption IP solutions for HPC SoCs, it is important to consider optimized solutions from trusted IP providers that offer the highest performance, lowest latency, and optimal area, are compliant with the latest standards and are backed by experts.
It is also important for the IP to be built under a rigorous a security development process that includes:
Synopsys Ultra High-Performance AES-XTS Cryptographic IP core (Figure 1) addresses these while providing the configurability needed to adjust to the SoC designs’ specific use cases and performance requirements.
By integrating Synopsys’ standards-compliant AES-XTS crypto cores, HPC SoCs take advantage of:
With Synopsys’ Ultra High-Performance AES-XTS IP, designers are making sure that memory security of their HPC SoCs is robust and that data-at-rest confidentiality is maintained even in the face of new threats.
Figure 1: Synopsys Ultra High-Performance AES-XTS IP Block Diagram
With the tremendous data and bandwidth growth in our connected world, security is essential to protect private and sensitive data as it moves across systems to storage, including memory. At the heart of storage security lies the AES-XTS cryptographic algorithm, which for HPC applications needs to support scalable high data rates with minimal latency and area impact.
Synopsys’ Ultra High-Performance AES-XTS Crypto IP cores address the needs of the latest technological advances and security requirements with advanced features and capabilities while allowing them to be optimally configured to the SoC designs’ specific use cases.
Synopsys is uniquely positioned in the market with complete standards-compliant secure interface solutions that align with the latest application demands and enable designers to quickly implement the required security on their SoCs with low risk and fast time to market.
In addition to the ultra high-performance AES-XTS cryptographic cores for memory encryption, Synopsys provides a broad portfolio from standalone cryptographic cores to highly integrated security IP solutions that use a common set of standards-based building blocks and security concepts to enable the most efficient silicon design and highest levels of security for a range of products in the cloud computing, mobile, automotive, digital home and IoT markets.
Synopsys’ highly configurable security IP solutions include hardware secure modules with Root of Trust, PCIe Integrity and Data Encryption (IDE) and CXL IDE Security Modules, content protection, cryptography, and security protocol accelerators for integration into SoCs. These integrated solutions enable the heart of many security standards, supporting confidentiality, data integrity, user/system authentication, non-repudiation, and positive authorization. Combined, Synopsys’ Security IP solutions help prevent a wide range of evolving threats in connected devices such as theft, tampering, side channels attacks, malware, and data breaches.