Posted by Dana Neustadter on January 27, 2021
By Dana Neustadter, Sr. Staff Product Marketing Manager, Solutions Group
Whether you’re streaming a movie, tracking your health and fitness on a wearable device, or managing your investment portfolio online, you’re relying on the cloud to store and manage your data. Today’s data centers—and, in particular, hyperscale data centers—are managing petabytes (and beyond) of information. This volume is expected to grow exponentially as demand increases for internet of things (IoT) applications, online collaboration, video streaming, augmented reality (AR) and virtual reality (VR) applications, and cloud storage.
How can we ensure the security of massive volumes of data as it moves between end devices and the cloud?
In the case of a streamed show, it may not be a big deal if a malicious actor intercepts the data. But when it comes to the growing amounts of sensitive personal data managed in the cloud, such as health or financial information, the stakes are a lot higher. As more businesses incorporate cloud computing applications in their day-to-day operations (particularly with the increase in work-from-home arrangements during the pandemic), they, too, can be vulnerable, especially if the breached information involves content like intellectual property, product roadmaps, or operational details. And governments also can risk exploitation and national security threats if their sensitive data gets into the wrong hands.
If you’re designing chips for data center applications, you can keep cloud data safe by safeguarding the high-speed interfaces on which the data travels.
High-speed interfaces like PCI Express® (PCIe®) 5.0 and Compute Express Link™ (CXL™) 2.0 deliver the high throughput and low latency needed to support the real-time demands of cloud applications. As data traverses the interfaces from device to data center servers, it can be corrupted, replaced, modified, or stolen by malicious actors. Attackers might aim to profit from secrets learned, interfere with the operations of a targeted company, or obstruct a government agency, for example.
Both PCIe 5.0 and CXL 2.0 are integrated with integrity and data encryption (IDE) functions that enhance the level of security available from each. For PCIe 5.0, the IDE functions provide confidentiality, integrity, and replay protection for transaction layer packets (TLPs). According to PCI-SIG, the cryptographic mechanisms are aligned to current industry best practices and can be extended as security requirements evolve. The security model considers threats from physical attacks on links. In CXL 2.0, the CXL Consortium has added link-level IDE to provide confidentiality, integrity, and replay protection for data transiting the CXL link.
Synopsys recently announced the industry’s first embedded security modules for protecting data in high-performance computing (HPC) systems-on-chip (SoCs) that use the PCIe 5.0 or CXL 2.0 protocols. DesignWare® IDE Security Modules provide a robust security solution that makes it faster and easier for designers to protect against data tampering and physical attacks on links while complying with the latest versions of these protocols. The Security Modules are designed and validated with DesignWare Controller IP to accelerate SoC integration while providing the configurability needed to adjust to the design’s specific use case.
With standards-compliant, plug-and-play DesignWare IDE Security Modules, designers can take advantage of:
While security for data center applications is multi-faceted, protecting data over the high-speed interfaces is a very important aspect. For example, network firewalls offer a security mechanism; however, firewalls on their own are not enough for strong protection and can also become bottlenecks that hamper data center performance. In the IDE Security Modules, the AES-GCM cryptographic algorithm provides the assurance that no one has seen or modified the data as it travels across the interfaces in a multitenant server. What’s more, the Security Modules also assure the low latency needed to keep up with performance demands of HPC and cloud applications.
Synopsys brings to the table expertise in security IP as well as interface technologies, with a track record of delivering quality, low-risk solutions. In addition to DesignWare IP, our portfolio for cloud applications includes:
In summary, designing HPC SoCs with PCIe 5.0 and CXL 2.0 interfaces provides a way to not only keep up with the performance demands of cloud applications, but also to meet the security needs of the sensitive data managed by these applications. Achieve faster time-to-tapeout and lower design risk for HPC SoCs with DesignWare IDE Security Modules.
Catch up on other HPC and cloud computing news by reading these recent blog posts:
In the era of Smart Everything—where devices are getting smarter and everything is connected—Synopsys technology is at the heart of innovations that are changing the way we live. Read on to get the latest look at trends in semiconductor chip design, verification, IP integration, and software security and quality. Learn about the ins and outs of electronic design automation from our industry-leading experts and how silicon and software are powering the automotive, artificial intelligence, 5G, cloud and IoT markets.