12
%
Of cyber attacks have espionage as its motivation
81
%
Of large companies have reported cyber security breaches within the last 12 months
60
%
Of incidents can be attributed to errors in configuration or setup by system administrators
Why encrypt data in motion?
Targeted attacks on networks and corporate espionage are increasing will only become more and more advanced.
Corporate cybersecurity strategy must be continuously revised precisely on the basis of newer and more advanced methods from those who commit them.
At the same time, we, both as consumers and companies, place greater expectations on our data being securely handled by other organizations.
Corporate cybersecurity strategy must be continuously revised precisely on the basis of newer and more advanced methods from those who commit them.
At the same time, we, both as consumers and companies, place greater expectations on our data being securely handled by other organizations.
- Protect confidential information and preserve industrial property.
- Maintain control of access to confidential information and sensitive data.
- Establish and carry out secure communications and transactions
- Protect the privacy of people.
- * Comply with multiple standards and directives, such as PCI, GDPR, PSD2, eIDAS, ISO 27001, etc.
Fiberoptic networks
Fiber-optic cable networks connect the world and are used to transport data. They have long been considered the fastest and most reliable method of transmitting data, in all industries - and destined for the critical sectors of financial services, telecommunications, pharmaceuticals and government.
Cyber-warfare
Cyber-warfare between nation states takes, then corporate and commercial espionage must be taken very seriously and they must be considered in the security plans of any organization. Internal network security alone is not sufficient, as information traveling between physical locations can be compromised without much difficulty.
Hardware vs. Software encryption
Which is better: hardware or software-based encryption? Obviously, this depends on the individual application.
But if consistent high throughput, low latency and security are key issues, then dedicated, optimised hardware-based encryption is superior to software-based encryption.
But if consistent high throughput, low latency and security are key issues, then dedicated, optimised hardware-based encryption is superior to software-based encryption.
1Performance
Two parameters are relevant when evaluating performance: throughput and latency. While throughput is relevant in applications with large amounts of data to be encrypted, latency is an important benchmark whenever some kind of interactivity is required such as in connection with a video conference or a remote desktop application.
2Throughput
Even though hardware has a clear advantage, when it comes to performance, software encryption efficiency is increasing. This is a result of CPU enhancements such as the dedication AES instruction set. But also Graphic Processing Units (GPUs) have proven to be able to provide high encryption throughput.
But even with the progress in software-based encryption, custom-designed, dedicated application-specific hardware outperforms software solutions by orders of magnitude.
3Latency
Modern computers and CPUs are huge, complex circuits with pipelining, hyper-threading and multiple levels of cache, and all of these technologies improve throughput. But when it comes to the relative simple task of encryption, the added complexity adds to latency.
If software-based encryption is running on a multitasking operating system, consistent latency may be an issue. Other tasks and interrupts can take CPU cycles from the encryption task and result in spikes in latency.
Dedicated application-specific hardware can be optimised for short data paths for encrypted data. The level of parallelisation in the encryption engine can be fine-tuned for optimal throughput performance ratio.
4Security
Generally, software encryption can be considered secure. Hardware-based encryption, however, has some properties that enhance security.
5Hardware Random Number Generator (HRNG)
Encryption depends on random numbers for key generation and cryptographic nonces.
Most software uses a pseudo random number generator. The word pseudo refers to the fact that software is intrinsically deterministic and therefore unable to generate a truly random value.
Hardware encryption can be aided by a hardware random number generator. A hardware random number generator relies on a measured value of a physical process that is inherently random.
6Software vulnerabilities
Software complexity is constantly increasing and with increased complexity comes a growing risk of human errors or bugs. Issues that can compromise security are not isolated to the encryption engine. If an underlying operating system can be compromised, so can the integrity of the entire system.
With hardware encryption the encryption engine can be small and efficiently isolated from software.
AES 256 Hardware Encryption
The Advanced Encryption Standard (AES) is a symmetric block cipher. A cipher is a method for converting data from an unencrypted into an encrypted format. The encrypted data is also referred to as cipher text.
What is the Advanced Encryption Standard?A block cipher operated on blocks of individually encrypted data that are encrypted individually. In the case of AES a block is 128 bits, which is equal to 16 bytes. Symmetric means that the same key is used to encrypt and decrypt data. AES is available in variants with different key lengths: 128 bit, 192 bit, and 256 bit key. The longer the key is the higher is the level of security.
What is the Advanced Encryption Standard?A block cipher operated on blocks of individually encrypted data that are encrypted individually. In the case of AES a block is 128 bits, which is equal to 16 bytes. Symmetric means that the same key is used to encrypt and decrypt data. AES is available in variants with different key lengths: 128 bit, 192 bit, and 256 bit key. The longer the key is the higher is the level of security.
1Proven Standard
The Advanced Encryption Standard is a standard ratified by the National Institute of Standards and Technology (NIST) in the year 2000 as a replacement for the Data Encryption Standard (DES) from 1977. AES was later approved as the FIPS standard, is included in ISO/IEC 18033-3 and is the only publicly available cipher approved by NSA for communication at top secret level.
2Number of possible keys
Currently, no significant weaknesses have been found in AES. This means brute force is the only existing way of attacking it. Brute force can also be described as the method of trial and error: every possible key is tried until the correct one is found.
So how long would it take to find the key? From June 2017 the world’s fastest supercomputer has been TaihuLight. It performs ~ 100 petaFLOPs or 1.0E17 operations per second. The AES 256 key space is 2^256 ~= 1.1E77. For a full key space search, TaihuLight would need in the order of 1.1E77/1.0E17 = 1E60 seconds. But it would not be able to complete the task! In a much shorter time – in 3.7E17 second – Earth would have been swallowed by the Sun, which would have become a red dwarf.
3But what if there are secret computers with more power than TaihuLight?
Let us assume the unthinkable: that we were able to design a computer with the performance of TaihuLight from just one atom and that we transformed every atom of Earth into such a computer: Earth is estimated to consist of 1E50 atoms. With that many supercomputers, the 256 bit key space could be traversed in 1E10 seconds or 316 years. So even with the help of a computer that we cannot imagine it would take more than a lifetime to make use of brute force against AES 256.
4Quantum safe
The emergence of Quantum computers will change the cryptography landscape. When sufficiently large quantum computers become available, Grover’s algorithm will allow the key place to search in O(sqrt(n)) time. When quantum technology becomes available, AES 256 will have the same security level as AES 128 has today.
5Hardware
Basically, AES 256 is available as software or hardware implementation. Hardware implementation allows for increased security and performance compared to software. Hardware AES 256 can perform 10Gbps without significant latency.
Hardware encryption is typically much less complex than similar software encryption. And reduced complexity can be translated into less vulnerability to malware and errors.