ADVANCED ENCRYPTION STANDARD ANALYSIS WITH … · significantly reduce) security-related problems...

International Journal of Computer Science and Applications, Technomathematics Research Foundation Vol. 13, No. 2, pp. 89 – 105, 2016

89

ADVANCED ENCRYPTION STANDARD ANALYSIS WITH MULTIMEDIA DATA ON INTEL® AES-NI ARCHITECTURE

ALEXANDER USKOV, ADAM BYERLY, COLLEEN HEINEMANN

Department of Computer Science and Information Systems, and InterLabs Research Institute Bradley University, 1501 West Bradley Avenue

Peoria, Illinois 61625, U.S.A. [email protected] http://cs.bradley.edu

The Intel® Advanced Encryption Standard (AES) - New Instructions (AES-NI) were designed to implement some of the complex and performance intensive steps of the AES encryption/decryption algorithm (cipher) using hardware acceleration. This paper presents the outcomes of a research project aimed at encryption/decryption analysis of the AES cipher in ECB, CBC, OFB, CFB, and CTR modes of operation on the AES-NI architecture for a secure transfer of rich multimedia test data sets of various sizes through IP-sec-based virtual private networks (VPNs).

Keywords: AES cipher; AES-NI architecture; encryption/decryption; VPN; IPsec.

1. Introduction

1.1. Advanced Encryption Standard (AES) Cipher

The Advanced Encryption Standard (AES) is the United States Government’s Federal Information Processing Standard for symmetric encryption, defined by FIPS Publication #197 [FIPS197 (2001)]. The standard is based on the original Rijndael algorithm [Daemen, J., Rijmen, V. (2003)]. AES was adopted by the U.S. government circa 2001. In 2003, the U.S. National Security Agency (NSA) approved AES for securing classified information [Hoban (2010)].

AES is a block cipher that encrypts a 128-bit block original text (plaintext) to a 128-bit block encoded text (ciphertext), or decrypts a 128-bit block (ciphertext) to a 128-bit block (plaintext). AES uses a key (cipher key) whose length can be 128, 192, or 256 bits; as a result, encryption/decryption processes with a cipher key of 128, 192, or 256 bits long usually is denoted as AES-128, AES-192, AES-256, respectively. AES-128, AES-192, and AES-256 process the data block in, respectively, 10, 12, or 14 iterations of pre-defined sequences of transformations, which are also called AES rounds (rounds) [Daemen, J., Rijmen, V. (2003); Gueron (2012)]. The AES encryption and decryption procedures are presented inn Fig. 1 [Stallings, W. (2011)].

Alexander Uskov, Adam Byerly, Colleen Heinemann 90

Fig. 1. Overall structure of AES block cipher [Stallings, W. (2011)]. (A note: Every round (whether 10, 12,

or 14 total rounds depending on the length of the key) shows the encryption or decryption steps being

completed. The Expand Key step shows what words of the key are being expanded at what step. There are a

total of 44 words in the key. The last round of encryption and the last round of decryption each are distinctive

from the other rounds). The rounds are identical excluding the final round, which slightly differs from the

others (by skipping one of the transformations). The rounds operate on two 128-bit inputs: State and Round Key. Each round from 1 to 10, 12, or 14 uses a different round key. The 10, 12, or 14 round keys are derived from the cipher key by the Key Expansion algorithm. This algorithm is independent of the processed data, and can therefore be carried out independently of the encryption/decryption phase (typically, the key is

Advanced Encryption Standard Analysis with Multimedia Data on Intel ® AES-NI Architecture

91

expanded once and is thereafter used for many data blocks using some cipher mode of operation) [Katz (2014), Paar et all (2010)]. The data block is processed serially as follows: initially, the input data block is XOR-ed with the first 128 bits of the cipher key to generate the state (an intermediate cipher result). Subsequently, the state passes, serially, either 10, 12, or 14 rounds, each consisting of a sequence of transformations operating on the state and using a different round key. For encryption, each round consists of the following four steps: 1) substitute bytes, 2) shift rows, 3) mix columns, and 4) add round key. For decryption, each round consists of the following four steps: 1) inverse shift rows, 2) inverse substitute bytes, 3) add round key, and 4) inverse mix columns. The last step consists of XOR-ing the output of the previous three steps with four words from the key schedule; the outcome of the last round is either the encrypted or decrypted block [Stallings, W. (2013), Gueron (2012), Paar et al (2010), Stinson (2005)].

1.2. Modes of operation of AES encryption algorithm (AES cipher)

The performance of encryption/decryption processes and security of to-be-transferred rich multimedia data (for example, through a Virtual Private Network – VPN - tunnel using IPsec stack of protocols - IPSec) significantly depends on the efficiency of its selected components – encryptions algorithms (ciphers), modes of cipher operation (modes), data integrity algorithms, authentication algorithms, etc. [Mogollon (2007), Bollapragada et al (2005), Uskov (2012), Uskov (2013), Uskov (2014)].

A mode of cipher operation is one of the most important components in secure communications over a computer network due to the fact that the modes of operation are separate algorithms that use the block cipher to provide additional confidentiality. Different modes of operation do this is differing ways based on additional criteria. The common modes for the AES cipher are:

(1) electronic codebook (ECB), (2) cipher-block chaining (CBC), (3) cipher feedback (CFB), (4) output feedback (OFB), (5) counter (CTR),

in addition to several other modes [NIST (2013), Dworkin (2001)].

1.3. Performance Analysis of AES encryption algorithm (AES cipher)

The performance of the AES cipher in various modes of operation and on various single-core computer architectures have been extensively analyzed by multiple researchers [CRYPTO++ (2013), Krovetz and Rogaway (2011), Moise et al (2011), Uskov (2012), Uskov (2014)]. However, from the mid-2000s, we observe a conceptual move from a CPU’s frequency scaling to processor core scaling, i.e. from single-core to multi-core computer architectures and data processing. As a result, processor manufacturers have been forced to integrate more and more processing cores in various types of processor architectures, passing along the problem regarding performance improvement to software companies [Gepner and Kowalik (2006)].


The other prospective way to increase computer-processing power is to implement hardware acceleration of the various most actively used processes or their parts in processor architecture and set of instructions. For example, the new 2010 Intel® Core™ processor based on the 32nm Intel® micro architecture family (code name Westmere) includes a set of new instructions, the Intel® Advanced Encryption Standard (AES) New Instructions (AES-NI) [Intel (2012a)]. These instructions were designed to implement some of the complex and computationally intensive steps of the AES algorithm using

hardware and, thus, accelerate the execution of the AES algorithms. AES-NI can be used to accelerate the performance of an AES implementation by a factor from 3 to 10x over a complete software implementation [Intel (2012a), Calomel.org (2015)]. In accordance with [Lupescu et all (2014)], the MP AES-NI CPU processor, in general, can provide a significant increase of performance in comparison with other modern processors such as CL R7 250 dGPU (that is based on graphic processing unit – GPU – technology) and CL HD7540 iGPU processor (Fig. 2).

1.4. VPN technology and IPsec stack of protocols

The integrated use of Virtual Private Network (VPN) technology [Lewis (2006), Bollapragada et al (2005)] and the IPsec stack of security protocols [Carmouche (2007), Frankel (2005)] is considered one of the most efficient approaches to overcome (or significantly reduce) security-related problems in computer networks for a transfer of confidential data, including rich multimedia (RMM) data (audio, video, graphics, etc.) over the public Internet. The key aspect of VPN design, development and implementation is a set of security, communication and data exchange protocols and mechanisms that use dynamic VPN tunnels to support user security [Shneyderman and Casati (2002), Bollapragada et al (2005), Uskov (2013)].

Fig. 2. Comparison of performance (in MB/Sec) between different modern processing units [Lupescu et all (2014)]


93

IPsec is a framework of open standards for ensuring private secure communications over public Internet Protocol (IP) based networks [Carmouche (2007)]. It provides security services at the IP layer by enabling a system to select security protocols, identify various encryption and authentication algorithms to be used, and set up cryptographic keys required to provide the requested services [Kent and Seo (2005), Kent (2005a), Kent (2005b)].

1.5. Research project goal

The main goal of this research project was to analyze efficiency of the AES encryption algorithm in various modes of operation on one of the most promising computer architectures – multi-core processor with the AES-NI set of instructions - in the real-world end user environment that includes:

(1) powerful end user desktop computer system that has CPU with AES-NI set of instructions (i.e. AES hardware acceleration);

(2) RMM test data sets - ready-to-be streamed RMM files (i.e. webified files with audio, video, animation, simulation, outcomes of recorded computer screen technology, static graphics, text, etc.) of significantly different sizes; the examples of files include Web-taped ready-to-be-streamed video lectures with synchronized RMM data [Uskov (2004), Uskov (2005), Uskov (2013)];

(3) various modes of AES cipher operation such as ECB, CBC, CFB, OFB and CTR;

(4) IPsec-based VPN network for a transfer of streaming RMM data [Uskov (2014), Frankel (2005), Lewis (2006)].

The rest of this paper consists of the following parts. In Section 2, a brief description of the Intel® Advanced Encryption Standard - New Instructions set is provided. In Section 3 the specifications of the real-world practical RMM research environment that was used are provided, and in Section 4 – obtained research outcomes about efficiency of AES cipher in various modes on AES-NI architecture and IPsec-based VPN. Finally, in Section 5 conclusions and recommendations of this research project are presented.

This paper complements the research outcomes of one of the co-authors [Uskov (2012)], Uskov (2013), Uskov (2014)] regarding efficiency of modern encryption/decryption algorithms in various modes of operation in IPsec-based VPNs.

2. Advanced Encryption Standard (AES) New Instructions

2.1. Intel® Advanced Encryption Standard (AES) New Instructions Set – AES-NI

The AES-NI instruction set is comprised of six new instructions that perform several computing intensive parts of the AES algorithm. These instructions can execute using significantly fewer clock cycles than a software solution. Four of the new instructions are for accelerating the encryption/decryption processes of a round (Fig. 3 and Fig. 4) and two new instructions are for round key generation [Intel (2012a)]. The following is a description of the new AES-NI instructions [Gueron (2012)]:


(1) AESENC. This instruction performs a single round of encryption; it combines the four steps of the AES algorithm - ShiftRows, SubBytes, MixColumns &

AddRoundKey - into a single instruction. (2) AESENCLAST. Instruction for the last round of encryption; it combines the

ShiftRows, SubBytes, & AddRoundKey steps into one instruction. (3) AESDEC. Instruction for a single round of decryption; it combines the four steps

of AES - InvShiftRows, InvSubBytes, InvMixColumns, AddRoundKey - into a single instruction.

(4) AESDECLAST. Performs last round of decryption; it combines InvShiftRows,

InvSubBytes, AddRoundKey into one instruction. (5) AESKEYGENASSIST is used for generating the round keys used for encryption. (6) AESIMC is used for converting the encryption round keys to a form usable for

decryption using the Equivalent Inverse Cipher. In Fig. 3 and Fig. 4, the AESENC, AESENCLAST, AESDEC, and AESDECLAST instructions are defined by the pseudo code (“xmm1” and “xmm2” are aliases to any two xmm registers). These instructions perform a grouped sequence of transformations of the AES encryption/decryption flows (in fact, they perform the longest sequence possible, without introducing a branch in an instruction) [Gueron (2012), Intel (2012a)].

The AES-NI instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation, and even some nonstandard or future variants. They offer a significant increase in performance compared to the current pure-software implementations. Beyond improving performance, the AES-NI instructions provide important security benefits. By running in data-independent time and not using

Fig. 3. The AESENC and AESENCLAST instructions of AES-NI [Gueron (2012)]

Fig. 4. The AESDEC and AESDECLAST instructions of AES-NI [Gueron (2012)]


95

tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks [Gueron (2012), Intel (2012a)].

2.2. Previous performance analysis of AES-NI

Various researchers recently analyzed the performance of AES-NI. For example, Gueron [Gueron (2013)] analyzed a) cipher use in SSL/TLS connections and b) AES in GCM mode for authenticated encryption. The obtained results can be summarized as follows: the performance of the AES-128-GCM encryption scheme on 4KB buffer is equal to 1) 2.53 CPU cycles per byte on Intel® Core™ i7-2600K processor, and 2) 3.90 CPU cycles per byte on Intel® Core™ i7-880 processor.

Bogdanov et al. [Bogdanov (2014)] discussed the performance of authenticated modes of operation for block ciphers using AES on Intel’s recent Haswell architecture. (A note: Haswell architecture improves the performance characteristics of critical instructions, such as AES-NI, over the previous Intel® micro architectures code named Sandy Bridge and Ivy Bridge). As a general technique to speed up both inherently sequential modes and the scenario of having many shorter messages, the authors proposed the scheduling of multiple messages in parallel already in the implementation of the algorithm itself. In accordance with the authors, this approach leads not only to significant speedups for serial modes, but also to considerable improvements for parallelizable modes. Applied to modes such as CBC, CCM, CLOC, SILC, JAMBU and McOE-G, the authors obtained an AES performance increase of factors from ×3.6 to ×6.8.

Calomel.org [Calomel.org (2015)] presented the performance analysis outcomes of the AES cipher in CBC mode on various processors with AES-NI acceleration; obtained outcomes are summarized in Table 1 below. In that case, the testing environment specifications were as follows:

(1) AES-NI acceleration enabled (if allowed by the CPU); (2) LibreSSL 2.3.0 ( ~ OpenSSL 1.0.2d); (3) FreeBSD 10.2, Clang LLVM compiler; (4) 8192 byte blocks; (5) five test runs, the average speed reported.

Table 1. Cipher performance per CPU core (in MB/Sec) [Calomel.org].

Modern processor with AES-NI implementation

Cipher performance (in MB/Sec) AES-128-CBC AES-256-CBC

Intel i7-6700 1400 1021 Intel i7-4750HQ 688 499 AMD FX 8150 716 515 Intel i7-3840QM 725 520 AMD FX 6100 671 481


AMD A10-7850K 685 499 AMD A8-7600 Kaveri 648 470 AMD Opteron 6380 589 423 AMD Opteron 6378 561 406 AMD Opteron 6274 524 376 Intel i7-2635QM 564 404 Intel Xeon E5-2630 541 394 Intel Xeon E5645 727 524 Intel Xeon L5630 626 450 AMD Opteron 2382 215 150 Intel Core2 Q9300 221 161 AMD X4 610e 198 139 Intel P4 3Ghz Will 55 43 Intel ATOM D525 28 20

These and multiple additional recent publications and reports from industry and

companies in the IT security area clearly show that the AES-NI hardware acceleration is a very promising way to increase AES encoding/decoding performance in general. However, those publications did not take into account nor provide important details on 1) specifics of data encoding/decoding/transfer processes in IPsec VPN networks, 2) specifics of streaming RMM data/files, and 3) various modes of AES cipher operation. These topics were in the center of our research project; the obtained research outcomes (data), findings, conclusions and recommendations are presented below.

3. Research environment

3.1. Test RMM data files used

One of the objectives of this research project was to analyze the efficiency of AES cipher in various modes of operation on RMM ready-to-be-streamed files of significantly different sizes – from 100 MB to 2.0 GB. The names of RMM test data sets used in this research project and their exact sizes in bytes are given in Table 2.

Table 2. The names of test RMM data sets and their exact sizes (in Bytes).

Test data set name Exact size of test RMM data set (in Bytes) 100 MB 104,252,836 200 MB 208,505,672 500 MB 521,264,180 1,000 MB 1,042,528,360 2,000 MB 2,085,056,720

3.2. Technical platform used

The other objective of this research project was to test the efficiency of the AES-NI hardware implementation on a recently released, affordable, and commonly used technical platform (TP); a summary of the technical platform used in this research project is presented in Table 3.


97

Table 3. Specifications of technical platform used.

Technical platform used

Name and specs of technical platform used Operating system used

CPU Modes available

Powerful desktop computer system

Motherboard: MSI ATX DDR3 2600 LGA 1150 Motherboards Z97 GAMING 5

CPU: Intel Core i7-4790K Processor RAM: Corsair Vengeance Pro 16GB 2x8GB

DDR3 2400MHz PC3 19200 HDD: WD Black 3TB Performance Desktop

Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache

GPU: XFX RADEON Double D R9 280X 1000MHz BOOST Ready 3GB DDR5 2XmDP HDMI 2XDVI Graphics Cards R9-280X-TDFD

OS: Windows 7 SP1 x64

1-Core

4-Core

3.3. Intel® Core™ i7-4790K Processor

For the purpose of this research project, an advanced, recently released Intel processor has been selected and used, specifically the Intel® Core™ i7-4790K Processor [Intel (2012b)]. The main technical specifications of this processor – those that are relevant to the current research project – are presented in Table 4.

Table 4. Intel® Core™ i7-4790K Processor: technical specs (relevant to research project)

Essentials Processor Number i7-4790K Intel® Smart Cache 8 MB DMI2 5 GT/s Instruction Set 64-bit Instruction Set Extensions SSE4.1/4.2, AVX 2.0 Performance # of Cores 4 # of Threads 8 Processor Base Frequency 4 GHz Max Turbo Frequency 4.4 GHz Memory Specifications Max Memory Size (dependent on memory type)

32 GB

Max # of Memory Channels 2 Max Memory Bandwidth 25.6 GB/s Graphics Specifications Processor Graphics ‡ Intel® HD Graphics 4600 Graphics Base Frequency 350 MHz Graphics Max Dynamic Frequency 1.25 GHz Graphics Video Max Memory 1.7 GB Intel® Data Protection Technology Intel® AES New Instructions Yes Secure Key Yes


All software implementations were coded in C++ and compiled with Microsoft Visual C++ 2005 SP1 (with whole program optimization and optimization for speed).

3.4. Legend used

The following legend is used to reflect obtained research outcomes in Tables 5-6, Fig. 5 and Fig. 6:

(1) RMM test data set name: a name of test RMM data set based on size of RMM ready-to-be-streamed file to be encrypted (100 MB, 200 MB, 500 MB, etc.);

(2) TIME: an average time (in Sec) needed to encrypt/decrypt the entire RMM test data set;

(3) PERF: performance of the AES cipher in MB/Sec, where 1 MB = 1,000,000 Bytes/Sec;

(4) CYCLES: number of clock cycles needed to encrypt one byte of RMM test data (in 1/Byte);

(5) Median: median values of corresponding calculated parameters.

4. Research outcomes

A summary of obtained values of the PERF parameter (in MB/Sec) and the CYCLES parameter (in 1/B) for AES cipher in various modes for designated RMM test data sets is presented in Table 5 and Fig. 5 (with disabled AES-NI architecture), and Table 6 and Fig. 6 (with AES-NI enabled).

Table 5. AES cipher performance on Intel® Core™ i7-4790K processor with AES-NI in DISABLED mode

Names of RMM test data set and its calculated parameters

Modes of AES cipher operation Median values CTR ECB CBC CFB OFB

1 2 3 4 5 6 7 8 100 MB TIME (in Sec) 0.312 0.371 0.381 0.381 0.399

PERF (MB/sec) 334.144 280.702 273.917 273.917 261.024 284.741 CYCLES(1/B) 11.971 14.250 14.603 14.603 15.324 14.150

200 MB TIME (in Sec) 0.312 0.371 0.381 0.381 0.399 PERF (MB/sec) 334.144 280.702 273.917 273.917 261.024 284.741 CYCLES(1/B) 11.971 14.250 14.603 14.603 15.324 14.150

500 MB TIME (in Sec) 0.312 0.371 0.381 0.381 0.399 PERF (MB/sec) 334.144 280.702 273.917 273.917 261.024 284.741 CYCLES(1/B) 11.971 14.250 14.603 14.603 15.324 14.150

1,000 MB TIME (in Sec) 0.312 0.371 0.381 0.381 0.399 PERF (MB/sec) 334.144 280.702 273.917 273.917 261.024 284.741 CYCLES(1/B) 11.971 14.250 14.603 14.603 15.324 14.150

2,000 MB TIME (in Sec) 0.312 0.371 0.381 0.381 0.399 PERF (MB/sec) 334.144 280.702 273.917 273.917 261.024 284.741 CYCLES(1/B) 11.971 14.250 14.603 14.603 15.324 14.150 Median TIME = 335.600 280.490 274.453 273.110 261.205 284.972 Median PERF = 11.919 14.261 14.574 14.646 15.314 14.143


99

Table 6. AES cipher performance on Intel® Core™ i7-4790K processor with AES-NI in ENABLED mode

Names of RMM test data set and its calculated parameters

Modes of AES cipher operation Median values CTR ECB CBC CFB OFB

1 2 3 4 5 6 7 8 100 MB TIME (in Sec) 0.072 0.065 0.243 0.240 0.250

PERF (MB/sec) 1451.989 1594.080 428.319 434.025 417.680 865.219 CYCLES(1/B) 2.755 2.509 9.339 9.216 9.577 6.679

200 MB TIME (in Sec) 0.143 0.128 0.484 0.481 0.499 0.000 PERF (MB/sec) 1454.014 1628.951 431.153 433.845 417.680 873.128 CYCLES(1/B) 2.751 2.456 9.277 9.220 9.577 6.656

500 MB TIME (in Sec) 0.365 0.318 1.204 1.204 1.245 0.000 PERF (MB/sec) 1428.121 1638.165 432.800 432.872 418.686 870.129 CYCLES(1/B) 2.801 2.442 9.242 9.241 9.554 6.656

1,000 MB TIME (in Sec) 0.727 0.637 2.412 2.409 2.493 0.000 PERF (MB/sec) 1434.409 1637.651 432.262 432.836 418.182 871.068 CYCLES(1/B) 2.789 2.443 9.254 9.241 9.565 6.658

2,000 MB TIME (in Sec) 1.451 1.273 4.824 4.823 4.986 0.000 PERF (MB/sec) 1437.177 1637.908 432.262 432.279 418.199 871.565 CYCLES(1/B) 2.783 2.442 9.254 9.253 9.565 6.659 Median TIME = 1441.142 1627.350 431.359 433.171 418.085 870.221 Median PERF = 2.775 2.458 9.273 9.234 9.567 6.661


(Notes: 1) the obtained average performance of 273.110 MB/Sec of AES-CFB mode in Table 5 is very close to the obtained average performance of AES-CBC mode performance of 274.453 MB/Sec; as a result, the AES-CFB graph is overlapped by AES-CBC graph in Fig. 5; 2) the obtained average performance of 433.171 MB/Sec of AES-CFB mode in Table 6 is very close to the obtained average performance of AES-CBC mode performance of 431.359 MB/Sec; as a result, the AES-CFB graph is overlapped by AES-CBC graph in Fig. 6).

Fig. 5. AES cipher performance on Intel® Core™ i7-4790K processor with AES-NI in DISABLED mode


101

Fig. 6. AES cipher performance on Intel® Core™ i7-4790K processor with AES-NI in ENABLED mode

Technical specifications of performed encoding/decoding analysis of the AES cipher

on selected research technical platform are as follows: (1) Intel® Core™ i7-4790K processor in 1-Core mode (all other cores have been

disabled); (2) AES-NI acceleration was in DISABLED mode (with corresponding obtained

research data in Table 5 and Fig.5) and in ENABLED mode (Table 6 and Fig. 6); (3) AES block size - 16; (4) AES keylength size – 16; (5) five test runs, and the average (median) speed reported. The data obtained regarding the increase in AES performance (AES-NI enabled vs.

AES-NI disabled) for each mode of AES operation are presented in Table 7. For example, the obtained performance of AES-128 in CTR mode on Intel® Core™ i7-4790K processor with AES-NI acceleration disabled is equal to 335.600 MB/Sec, and


with AES-NI acceleration enabled – 1,441.142 MB/Sec. As a result, the increase in AES performance due to active use of AES-NI acceleration for AES-128 in CTR mode is equal to 4.294 times. A median value of obtained increase of AES performance – AES-NI disabled vs AES-NI enabled - for all modes of operation and on various RMM test date sets is equal to 3.054.

Table 7. An increase of AES cipher performance on Intel® Core™ i7-4790K processor: AES-NI in ENABLED mode vs AES-NI in DISABLED mode

AES-NI (disabled

or enabled)

AES cipher’s calculated

parameters PERF and CYCLES

Modes of AES cipher operation

Median values CTR ECB CBC CFB OFB

AES-NI disabled

Mean PERF = 335.600 280.490 274.453 273.110 261.205 284.972 Mean CYCLES = 11.919 14.261 14.574 14.646 15.314 14.143

AES-NI enabled

Median PERF = 1441.142 1627.350 431.359 433.171 418.085 870.221 Median CYCLES = 2.775 2.458 9.273 9.234 9.567 6.661 Increase of PERF 4.294 5.802 1.572 1.586 1.601 3.054

5. Conclusions and recommendations

5.1. Conclusions

The obtained research data and encryption/decryption analysis enable us to make the following conclusions regarding the efficiency of the AES encryption algorithm in various modes of operation on modern processor with AES-NI hardware acceleration in terms of encryption/decryption performance of RMM data in a real-world IPsec-based VPN environment.

(1) The AES-128 cipher in CTR mode demonstrated the best overall median (i.e. based on encryption of RMM test data sets of all sizes) performance of 335.600 MB/Sec on a powerful computer system with the Intel® Core™ i7-4790K processor in AES-NI DISABLED mode among all tested modes – CTR, ECB, CBC, CFB and OFB.

(2) The AES-128 cipher in ECB mode demonstrated the best overall median performance of 1,627.350 MB/Sec on the same computer system with the Intel® Core™ i7-4790K processor in AES-NI ENABLED mode among all tested modes. AES-128 in CTR mode demonstrated the second best performance of 1,441.142 MB/Sec.

(3) The obtained increase of AES cipher performance on Intel® Core™ i7-4790K processor for AES-NI in ENABLED mode vs AES-NI in DISABLED mode is in the range of x1.5 (for CBC, CFB, and OFB modes) up to ×4.2 (CTR) and ×5.8 (ECB) on designated RMM test data files of significantly large size (up to 2.0 GB).

(4) The Intel® Core™ i7-4790K processor has 4 cores; as a result, it is possible to execute performance analysis of the AES cipher on the AES-NI set of instructions in 1-Core mode (1 core is active, other cores inactive), and in 4-


103

Core mode (all cores have been activated and used). All corresponding tests (that are identical to tests described in Tables 4 and 5) have been executed; however, the obtained outcomes did not show a great difference in performance of AES-NI for processor in 1-Core vs 4-Core modes.

(5) Gueron [Gueron (2013)] obtained average values of the CYCLES parameter for AES-128 in a range from 2.53 to 3.90 CPU cycles per byte. Our experiments show the following research outcomes: 2.775 cycles per byte in CTR mode and 2.458 cycles per byte in ECB mode (Table 7).

(6) Bogdanov et al. [Bogdanov (2014)] obtained an average increase of AES performance in various modes on Intel’s® recent (of 2013) Haswell architecture with AES-NI and additional proposed parallelization techniques/algorithms by factors from ×3.6 to ×6.8. Our research experiments show the median overall increase (×3.054) of AES performance with AES-NI hardware acceleration for all designated ciphers; however, AES in CTR mode has an increase of performance by a factor of ×4.294 and in ECB mode by a factor of ×5.801.

(7) Calomel.org [Calomel.org (2015)] announced the obtained 688 MB/Sec performance of AES-128 in CBC mode with data blocks of 8192 Bytes on the Intel® Core™ i7-4750HQ processor with AES-NI hardware acceleration. We obtained AES-228-CBC performance in a range of 428-432 MB/Sec with significantly greater sizes of data blocks ranging from 100 MB to 2,000 MB.

(8) Lupescu in [Lupescu et all (2014)] obtained AES cipher performance values ranging from 600 to about 900 MB/Sec on MP AES-NI CPU processor (Fig. 2) for data files from 16 to 384 MB in size. Our research data show a median performance of 870.221 Mb/Sec by AES cipher for all modes (including CTR, ECB, CBC, CFB, and OFB) on RMM test data sets from 100 MB to 2,000 MB in size.

5.2. Recommendations

(1) As expected, the obtained performance of the AES cipher for designated RMM test data sets (Table 2) on the AES-NI architecture is from a factor of ×1.5 to ×5.8 times greater than on the same processor with AES-NI acceleration disabled (Table 7).

(2) Despite the fact that AES-128 in ECB mode demonstrated the highest performance in AES-NI architecture, we do not recommend the use of ECB mode. This is because ECB encrypts plaintext blocks into identical ciphertext blocks, and, therefore, does not completely hide data patterns.

(3) The AES-128 cipher in CTR mode provides a satisfactory level of security (confidentiality) and the second highest level of performance on AES-NI architecture; as a result, it can be recommended for a secure transfer of data over VPN networks.


6. Acknowledgements

Dr. Alexander Uskov would like to thank the Office of the Provost and Vice President for Academic Affairs at Bradley University for awarding him with the Caterpillar Fellowship grants in 2011-2014 and 2016-2017 to perform research, design and development of effective and highly secure cryptographic schemes for IPsec-based virtual private networks.

References

Bogdanov, A., Lauridsen, M., Tischhauser, E. (2014) AES-Based Authenticated Encryption Modes in Parallel High-Performance Software, International Association for Cryptologic Research, available at https://eprint.iacr.org/2014/186.pdf

Bollapragada, V., Khalid, M., Wainner, S. (2005). IPSec VPN Design. Cisco Press, Indianapolis, IN, USA.

Carmouche, J. (2007). IPsec Virtual Private Network Fundamentals, Cisco Press, Indianapolis, IN, U.S.A.

CISCO (2014). Cisco 2014 Annual Security Report, available at http://www.cisco.com Calomel.org (2015). AES-NI SSL Performance a study of AES-NI acceleration using LibreSSL,

OpenSSL, available at https://calomel.org/aesni_ssl_performance.html Crypto++ (2013). Crypto++ 5.6.0. benchmarks, available at http://www.cryptopp.com/ Daemen, J., Rijmen, V. (2003). AES Proposal: Rijndael, National Institute of Standards and

Technology, available at http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf# page=1

Dworkin, M. (2001). Recommendations for Block Cipher Modes of Operation, National Institute of Standards and Technology, USA, available at http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

FIPS197 (2001). Federal Information Processing Standards Publication 197 (FIPS197), available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Frankel, S. et al. (2005). Guide to IPsec VPNs: Recommendations of the National Institute of Standards and Technology, National Institute of Standards and Technology, USA, available at http://csrc.nist.gov/ publications/nistpubs/ 800-77/sp800-77.pdf

Hoban, A. (2010). Using Intel® AES New Instructions and PCLMULQDQ to Significantly Improve IPSec Performance on Linux, available at http://www.intel.com/content/dam/ www/public/us/en/documents/white-papers/aes-ipsec-performance-linux-paper.pdf

Intel (2012a). Intel® Advanced Encryption Standard New Instructions (AES-NI), available at https://software. intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/

Intel (2012). Intel® Core™ i7-4790K Processor (8M Cache, up to 4.40 GHz), available at http://ark.intel.com/products/80807/Intel-Core-i7-4790K-Processor-8M-Cache-up-to-4_40-GHz

Gepner, P. , Kowalik, M. (2006) Multi-Core Processors: New Way to Achieve High System Performance. Proc. int. symposium on Parallel Computing in Electrical Engineering PAR ELEC 2006, pp. 9 – 13.

Gueron, S. (2013) AES-GCM for Efficient Authenticated Encryption – Ending the Reign of HMAC-SHA-1?, Workshop on Real-World Cryptography, Stanford University, Jan. 9-11, 2013, available at https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf

Gueron, S. (2012). Intel® Advanced Encryption Standard (AES) New Instructions Set, available at https://software.intel.com/sites/default/files/article/165683/aes-wp-2012-09-22-v01.pdf

Katz, J., Lindell, Y. (2014). Introduction to Modern Cryptography, Chapman and Hall/CRC, 2nd Ed., Boca Raton, FL, U.S.A., 603 p., ISBN 978-1584885085

Kent, S., K. Seo, K. (2005). RFC 4301 “Security Architecture for the Internet Protocol”, available at http://www.ietf.org/rfc/rfc4301.txt


105

Kent, S. (2005a). RFC 4302 “IP Authentication Header”, available at https://tools.ietf.org/html/ rfc4302

Kent, S. (2005b). RFC 4303 “IP Encapsulating Security Payload”, available at https://tools.ietf.org/ html/rfc4303

Krovetz, T., Rogaway, P. (2011). The Software Performance of Authenticated-Encryption Modes, available at http://www.cs.ucdavis.edu/~rogaway/ papers/ae.pdf

Lupescu, G., Gheorghe, L., Tapus, N. (2014). Commodity hardware performance in AES processing, proceedings of the 13th IEEE International Symposium Parallel and Distributed Computing (ISPDC), IEEE, Marseilles, France, pp. 82-86, June 24-27, 2014, ISBN: 978-1-4799-5918-1

Lewis, M. (2006). Comparing, Designing, and Deploying VPNs. Cisco Press, Indianapolis, IN. Moise, A., Beroset, E., Phinney, T., Burns, M. (2011). EAX’ Cipher Mode, available at

http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax-prime/eax-prime-spec.pdf

Mogollon, M. (2007). Cryptography and Security Services: Mechanisms and Applications. CyberTech Publishing, Hershey, PA, USA.

NIST (2013). Modes Development, National Institute of Standards and Technology, USA, available at http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html

Paar, C., Pelzi, J., Preneel, B. (2010). Understanding Cryptography, Springer-Verlag, Berlin Heidelberg, Germany, 372 p., ISBN 978-3-642-04100-6.

Stallings, W. (2011). Cryptography and Network Security: Principles and Practice (5th Edition), Pearson, Upper Saddle River, NY, U.S.A., 900 p., ISBN 13: 978-0-13-609704-4

Stinson, D. (2005). Cryptography: Theory and Practice, Chapman and Hall/CRC, 3rd Ed., Boca Raton, FL, U.S.A., 616 p., ISBN 978-1584885085

Uskov, V., Uskov, A. (2004). Blending Streaming Multimedia and Communication Technology in Advanced Web-Based Education, International Journal Advanced Technology for Learning, 1 (1) (2004), pp.54-66.

Uskov, V., Uskov, A. (2005): Streaming Media-Based Education: Outcomes and Findings of a Four-Year Research and Teaching Project, International Journal Advanced Technology for Learning, 2(2), pp. 45-57.

Uskov, A. (2012). Information Security of IPsec-Based Mobile VPN: Authentication and Encryption Algorithms Performance, Proceedings of the 11th IEEE international conference on Trust, Security and Privacy in Computing and Communications TrustCom-2012, Liverpool, UK. pp. 1042-1048.

Uskov, A. (2013). IPsec VPN-Based Security of Web-Based Rich Multimedia Systems. Proceedings of the 6th international conference on Intelligent Interactive Multimedia Systems and Services (IIMSS-2013), June 26-28, 2013, Sesimbra, Portugal. IOS Press, ISBN 978-1-61499-261-5, pp. 31-40. DOI: 10.3233/978-1-61499-262-2-31.

Uskov, A. (2014). The Efficiency of Encryption Algorithms in EAX Mode of Operation in IPsec-based Virtual Private Networks for Streaming Rich Multimedia Data. The International Journal of Computer Science and Applications, ISSN: 0972 – 9038, Vol. 11, No. 1, pp. 18-36.

Date post:	29-Apr-2018
Category:	Documents
Upload:	ngodiep
View:	214 times
Download:	1 times

ADVANCED ENCRYPTION STANDARD ANALYSIS WITH … · significantly reduce) security-related problems...

Documents