From Silicon To Software

 

Keeping Hyperscale Data Centers Safe from Security Threats

hyperscale data center

By Dana Neustadter, Sr. Staff Product Marketing Manager, Solutions Group

Whether you’re streaming a movie, tracking your health and fitness on a wearable device, or managing your investment portfolio online, you’re relying on the cloud to store and manage your data. Today’s data centers—and, in particular, hyperscale data centers—are managing petabytes (and beyond) of information. This volume is expected to grow exponentially as demand increases for internet of things (IoT) applications, online collaboration, video streaming, augmented reality (AR) and virtual reality (VR) applications, and cloud storage.

How can we ensure the security of massive volumes of data as it moves between end devices and the cloud?

In the case of a streamed show, it may not be a big deal if a malicious actor intercepts the data. But when it comes to the growing amounts of sensitive personal data managed in the cloud, such as health or financial information, the stakes are a lot higher. As more businesses incorporate cloud computing applications in their day-to-day operations (particularly with the increase in work-from-home arrangements during the pandemic), they, too, can be vulnerable, especially if the breached information involves content like intellectual property, product roadmaps, or operational details. And governments also can risk exploitation and national security threats if their sensitive data gets into the wrong hands.

If you’re designing chips for data center applications, you can keep cloud data safe by safeguarding the high-speed interfaces on which the data travels.

Enabling Confidentiality and Integrity in High-Speed Interfaces

High-speed interfaces like PCI Express® (PCIe®) 5.0 and Compute Express Link™ (CXL™) 2.0 deliver the high throughput and low latency needed to support the real-time demands of cloud applications. As data traverses the interfaces from device to data center servers, it can be corrupted, replaced, modified, or stolen by malicious actors. Attackers might aim to profit from secrets learned, interfere with the operations of a targeted company, or obstruct a government agency, for example.

Both PCIe 5.0 and CXL 2.0 are integrated with integrity and data encryption (IDE) functions that enhance the level of security available from each. For PCIe 5.0, the IDE functions provide confidentiality, integrity, and replay protection for transaction layer packets (TLPs). According to PCI-SIG, the cryptographic mechanisms are aligned to current industry best practices and can be extended as security requirements evolve. The security model considers threats from physical attacks on links. In CXL 2.0, the CXL Consortium has added link-level IDE to provide confidentiality, integrity, and replay protection for data transiting the CXL link.

Synopsys recently announced the industry’s first embedded security modules for protecting data in high-performance computing (HPC) systems-on-chip (SoCs) that use the PCIe 5.0 or CXL 2.0 protocols. DesignWare® IDE Security Modules provide a robust security solution that makes it faster and easier for designers to protect against data tampering and physical attacks on links while complying with the latest versions of these protocols. The Security Modules are designed and validated with DesignWare Controller IP to accelerate SoC integration while providing the configurability needed to adjust to the design’s specific use case.

With standards-compliant, plug-and-play DesignWare IDE Security Modules, designers can take advantage of:

  • Flexible controller data bus widths and the same clock configurations as the controllers for seamless integration
  • Efficient encryption, decryption, and authentication for TLPs for PCIe and flow control units (FLITs) for CXL based on 256-bit AES-GCM encryption
  • Configurable widths for cipher and hash algorithms for area-optimized solutions
  • Efficient, on-the-fly key refresh for seamless changes of keys in the systems

While security for data center applications is multi-faceted, protecting data over the high-speed interfaces is a very important aspect. For example, network firewalls offer a security mechanism; however, firewalls on their own are not enough for strong protection and can also become bottlenecks that hamper data center performance. In the IDE Security Modules, the AES-GCM cryptographic algorithm provides the assurance that no one has seen or modified the data as it travels across the interfaces in a multitenant server. What’s more, the Security Modules also assure the low latency needed to keep up with performance demands of HPC and cloud applications.

Expertise and Technologies for Safe Cloud Computing

Synopsys brings to the table expertise in security IP as well as interface technologies, with a track record of delivering quality, low-risk solutions. In addition to DesignWare IP, our portfolio for cloud applications includes:

In summary, designing HPC SoCs with PCIe 5.0 and CXL 2.0 interfaces provides a way to not only keep up with the performance demands of cloud applications, but also to meet the security needs of the sensitive data managed by these applications. Achieve faster time-to-tapeout and lower design risk for HPC SoCs with DesignWare IDE Security Modules.

In Case You Missed It

Catch up on other HPC and cloud computing news by reading these recent blog posts: