Intel's AES-NI

Charles Milo is an Enterprise Technical Specialist with Intel Americas.
He has been at Intel 12 years and is a member of Intel Americas Senior Staff.

1. Federal Information Processing Standards Publication 197
   November 26, 2001
   Announcing the ADVANCED ENCRYPTION STANDARD (AES)
   http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
   
   
2. Advanced Encryption Standard New Instructions (AES-NI)
   

   AES-NI is a set of instructions that consolidates mathematical operations used in the Advanced Encryption Standard (AES) algorithm.
   Enabling AES-NI requires a computer system with an AES-NI-enabled processor
   as well as non-Intel software to execute the instructions in the correct sequence.
   AES-NI is available on Intel Core i5-600 Desktop Processor Series,
   Intel Core i7-600 Mobile Processor Series, and Intel Core i5-500 Mobile Processor Series.
   For more information, see http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
   
   With AES-NI, six new Single Instruction Multiple Data (SIMD) instructions are introduced on the processor.
   Four instructions are provided for data encryption and decryption.
   These instructions have register-register and register-memory variants.

   • AESENC: AES Encrypt Round
   • AESENCLAST: AES Encrypt Last Round
   • AESDEC: AES Decrypt Round
   • AESDECLAST: AES Decrypt Last Round.

   Two other instructions are provided to assist with AES key expansion.

   • AESIMC: AES Inverse Mix Columns
   • AESKEYGENASSIST: AES Key Generation Assist

   of particular interest is the sample code:
   Figure 20. AES-128 Key Expansion
   Figure 16. AES-128 Encryption, featuring AESENC and pre-expanded key schedule
   Figure 17. Using AESIMC for AES-192 Decryption, featuring AESDEC and pre-expanded key schedule
   Figure 27. AES-128 Parallel Modes of Operation (a clever optimization)
   
   But the examples don't show chain modes, initialization vector
   or how to get high enthropy random numbers for ephemeral keys.
   
   Many thanks to Izaac Falken for clarifying the Intel architecture:
   • the new Intel AES instuctions run on the co-processor:
     the latest enhancement in the Intel line of: FPU ⇒ MMX ⇒ SSE ⇒ SSE-2 ⇒ SSE-3 ⇒ SSE-E3 ⇒ SSE-4
   • so they use the 16: 128 bit co-processor registers, not the main core registers
   • The register name "xmm" is mmx backwards
   • FXSAVE and FXRSTOR instructions loads or stores ALL 16 of the co-processor registers, thus the preference of expanding the key into registers for all the round and saving all the registers. No need to recalculate the round keys, just re-load all the key registers. They're read or written directly to RAM, bypassing the cache (for security: no snooping).
   
   
   
3. Intel IT Healthcare Professionals: Wireless technologies
   
   http://premierit.intel.com/docs/DOC-5876
   Intel IT Healthcare Professionals:
   Intel and Cisco WLAN Deployment Guide for Healthcare
   

   Mobile technologies have demonstrated maturity in large enterprises, empowering workers and boosting productivity by greatly increasing access to tools and information.
   Adoption of mobile technologies continues to increase, with wireless networks becoming nearly ubiquitous in Fortune 5001 campus environments.
   Many forward-looking healthcare provider organizations are deploying mobile solutions to help improve quality of care, patient satisfaction, staff efficiency, and clinical outcomes. These include mobile point-of-care (MPOC) solutions that combine mobile devices, mobilized applications, and wireless infrastructure to support delivery of healthcare to the patient.
   As populations continue to age, wireless technologies are expected to facilitate more home-based monitoring and long-term care.

   Intel and Cisco WLAN Deployment Guide for Healthcare.pdf
   
   http://premierit.intel.com/docs/DOC-5890
   Delivering Mobile Point of Care with Pervasive Wireless Networks
   
   Several hospital case studies.
   
   The Cisco Intel Alliance (www.ciscointelalliance.com) is the vehicle for both companies
   to collaborate in specific technology areas for the benefit of their mutual customers.
   
   
4. Next Generation Desktop.pdf
   Implementing New Hardware-Based Information Security Capabilities
   
   Executive Summary
   The U.S. Department of Defense (DoD) Defense Intelligence Agency (DIA) is in the first year of a multi-year program to deploy and use Intel vPro technology to support Multi-Level Security (MLS) capabilities on end-user PC desktops enabled with Intel vPro technology and Intel Graphics. Going forward, DIA looks to build on this effort by implementing a Type 1, bare-metal hypervisor client virtualization solution using Citrix XenClient.
   
   NGD: Leveraging the Investment in Intel vPro Technology
   In September 2009, DIA acquired new thick client desktops with the Intel vPro technology stack. The desktops are scheduled to replace existing legacy single-domain machines as well as serve as the basis for the Next Generation Desktop solution end point. DIA expects the Next Generation Desktop effort to produce a solution that fully leverages the security and management attributes of Intel vPro technology-enabled PCs, to include Intel Trusted Execution Technology (Intel TXT), Intel Virtualization Technology2 for Directed I/O (Intel VT-d), Intel Active Management Technology3 (Intel AMT), and remote management. The Next Generation Desktop solution shall provide the enterprise with the ability to fully provision a bare metal hypervisor onto the desktop, with central management of the user's workload. The system will leverage not only the security enhancements provided by the COTS platform utilizing Intel vPro technology, but also the built-in capabilities of Intel Graphics.
   
   
5. http://premierit.intel.com/docs/DOC-5898
   Updates from the Intel Developer Forum:
   Benefitting Enterprise Computing with New Technologies, Products and Acquisitions
   
   Features of the 2nd Generation Intel Core processor that should be of particular interest to IT include:
   • An enhanced version of Intel Turbo Boost Technology that automatically shifts or reallocates processor cores and processor graphics resources to accelerate performance, tailoring a workload to give users an immediate performance boost when needed
   • Enhanced KVM remote control built-in and available on more SKUs
   • Hardware-level theft protection of PCs with Intel Anti-Theft Technology that enforces data encryption software authentication even on resume from sleep, and Intel AES New Instructions (Intel AES-NI) encryption acceleration instruction on more SKUs
   • Easier activation and firmware version management that allows activation in minutes with streamlined scripts
   Intel to Ramp Intel vPro Technology Aggressively
   
   Intel CEO Paul Otellini highlighted how the next generation of the Intel Core vPro processor family will help businesses protect their information with more efficient encryption capabilities embedded into the hardware.
   
   As an example, Otellini showed a three-person video conference demo with 256-bit encryption on a live video stream using three next-generation Intel Core vPro processor-based PCs and a server (based on the next-generation Intel Xeon processor, formerly codenamed Romley) with special encryption instructions and optimized video conferencing software by Vidyo The server decrypted and encrypted all three video streams with virtually no time delay. These new Intel processors will offer expanded special instructions called Intel AES-NI to enable a 10x improvement in encryption and decryption performance for more secure transactions.
   
   Data Center Capabilities Also Advance
   
   The new Westmere-EX will bring new capabilities enabled by Intel's scalable architecture and 32 nm technology. It increases the number of cores from eight to 10 which means you can have 20 threads running in parallel. It increases the memory from the previous Intel Xeon processor 5500 series by 2X to 32 gigabytes per DIMM which means a two-socket system can now have up to two terabytes of memory. It comes with the newest security technologies like Intel AES-NI and Intel Trusted Execution Technology. These machines will be available in the first half of 2011.