With the emergence of “Cloud Computing” and “Big Data” technologies, we saw an exponential surge on the number of digital data being stored (including sensitive and confidential data) in data centers around the globe. More and more industries and individuals use these technologies because of its efficiency and cost-effectiveness. Because of the increase of the volumes of data being stored, the number data breaches also increased tremendously! Data encryption and key management have become essential mechanisms to secure data in data centers. However, these mechanisms have serious effects in the entire system performance. HSM helps in improving the systems performance by offloading the expensive task of encrypting/decrypting data from the CPU. However, existing device-level (PCIe) solutions have become the performance bottleneck of encrypting large data because it does not perform fast enough. DSI’s HSA fills up this gap by using innovative techniques to increase the encryption/decryption operation throughput.
HSA architecture
Hardware Security Modules (HSM) are used to offload the expensive security tasks (like encryption/decryption) from the host CPU to a hardware module like a PCIe device. However, existing solutions have become the performance bottleneck of encrypting large data because they do not maximize the available resources of the system. Hardware Security Accelerator (HSA) provides techniques that maximize the computing resources to improve the performance of encryption/decryption.
The main technologies introduced in the HSA are in both the software driver and the hardware. On the software driver side, the HSA collects small chunks of data to form bigger blocks in order to maximize the DMA control process. It also provides mechanisms to allow asynchronous processing to support the pipelining process in the hardware. On the hardware side, the HSA maximizes the processing time by pipelining the AES encryption processes.
By introducing these HSA techniques, we have seen an improvement of around 4 times the traditional approaches in doing encryption/decryption on hardware security modules.
