Cryptographic Acceleration: Today's Challenge
Most cryptographic operations such as data encryption or signing utilize complex mathematical processes that require significant system resources. As organizations strive to meet customer expectations and service-level agreements, they generally prefer to add hardware capacity rather than live with degraded performance. As a result, essential cryptographic processes can drive increases in the total cost of ownership (TCO) for the business applications in question. Exacerbating this challenge is the pressure, from standards bodies such as NIST, for example, to increase security by using longer cryptographic keys. The longer the keys, the more CPU cycles are needed to perform cryptographic operations, and the more additional capacity is needed to ensure appropriate levels of performance.
Although it’s true that CPU performance is constantly increasing, it is still the case that cryptographic performance often lags ordinary processing performance and can still be a serious bottleneck. In just the same way that graphics accelerators, math co-processors, and other after-market peripherals have been used over the years to make up for performance deficiencies when executing specialized tasks, the practice of cryptographic acceleration, or, more correctly, cryptographic offloading, can provide a clear return on investment.
- Resource-intensive cryptographic processes can tie up CPU cycles and degrade application performance.
- Performance bottlenecks limit scalability and can have a significant impact on systems with unpredictable or widely varying demand, such as seasonal services and online retailing.
- Different cryptographic algorithms and key lengths have different performance characteristics; the transition to new algorithms or longer keys can have a significant destabilizing impact on capacity.
- Faced with performance challenges, administrators have the option to add physical servers. In addition to driving up management costs, the addition of servers increases the number of key instances, cryptographic processes, and other security sensitive operations and ultimately increases the potential for attack.
Cryptographic Acceleration: Thales e-Security Solutions
Offloading cryptographic operations onto nShield hardware security modules (HSMs) delivers significant performance benefits and reduces hardware costs. nShield HSMs are optimized for performing the mathematical operations needed for cryptographic processing in addition to providing a tamper-resistant security boundary for protecting those operations. In many cases, especially for high-volume applications such as SSL processing, high-speed signing, or other operations that rely heavily on the use of asymmetric cryptography, the savings in server hardware more than justifies the cost of the HSM. For some applications, cryptographic acceleration is the main reason for acquiring the HSM, although the HSM also delivers valuable security benefits.
- Reduce capital cost and overall of ownership for high-volume applications and improve application scalability.
- Avoid having to choose between security and performance.
- Get more from your servers by offloading cryptographic operations onto hardware optimized for the purpose.
- Future proof you implementations with sufficient horsepower to support longer keys lengths and different algorithms that might be introduced in the future.
- Gain valuable security benefits and significant cost savings from your HSMs.