In the previous blog “The Many Flavors of AES – Part 2″, we “navigated” through the world of AES “modes” like ECB, CBC, OFB, CFB, CTR, CCM, GCM and XTS.
We will explore today a few of the selection points that need to be taken into account when looking for AES based solutions.
Selection point one: what security applications in what overarching application are you going to use AES for? Is it IPsec, SSL/TLS, Wi-Fi, MACsec, WiMAX, LTE-Advanced, Storage, etc? Knowing which application space for AES will usually tell you a lot about the modes, key size requirements, and throughput requirements. This helps narrow things down a lot for the next steps.
Selection point two: software, hardware, or both? This usually touches on throughput and latency requirements, and the form of the data to be processed. Software running on an embedded processor is very versatile, but not nearly as efficient (per clock cycle) as dedicated hardware. In a processor-centric system where offload hardware is on a shared bus, getting data to and from the dedicated hardware can sometimes be a noticeable fraction of total processing time. If the throughput requirement is quite modest – say 10’s of Mbps, then the AES job may be best handled on the processor with tuned cryptographic software. If the throughput requirement is relatively high, say 100’s of Mbps, then the AES job is likely best handled by dedicated hardware (in fact the processor probably couldn’t do it even if it did nothing else), with data either being moved to/from that hardware by the processor or moved by the hardware (with e.g. an embedded DMA system) with the host processor freed to do other things in parallel. The form of the data to be processed matters as well. Cryptographic operations often have overheads associated with them which are amortized out over larger chunks…
Selection point three: what level of security is being sought? Key sizes 128/192/256 are available, but the longer the key the greater the level of security in a well-designed system. There are trade-offs to be considered. Bigger keys either mean lower throughput or, in hardware in particular, more gates. You might add support in hardware for keys you won’t use now to allow for future requirements (brute force attackers keep getting faster computers), but that will cost something.
There are other factors that come into play when selecting an AES solution, like power and cost.
In conclusion, AES is a very popular, versatile block cipher, with a multitude of modes and a long list of applications and protocols which continues to grow. If you are looking for and “AES encryption” solution, realize that it’s going take more than a few minutes to find what you need. The selection process needs to be done hand-in-hand with more information about the application space, protocols, modes, software versus hardware, power, and the list can go on …
At Elliptic we offer certified software and hardware AES solutions for a broad range of applications. See www.elliptictech.com for more information, or contact firstname.lastname@example.org.