WEBVTT

1
00:00:00.060 --> 00:00:01.350
In this lesson,

2
00:00:01.350 --> 00:00:04.860
we will learn about Performance Considerations.

3
00:00:04.860 --> 00:00:08.070
Performance considerations balance the need

4
00:00:08.070 --> 00:00:09.690
for strong security

5
00:00:09.690 --> 00:00:14.040
with the efficiency and speed of cryptographic processes.

6
00:00:14.040 --> 00:00:15.930
Hardware acceleration is a

7
00:00:15.930 --> 00:00:18.630
primary performance consideration.

8
00:00:18.630 --> 00:00:22.830
Hardware acceleration uses specialized hardware components,

9
00:00:22.830 --> 00:00:25.470
such as cryptographic processors,

10
00:00:25.470 --> 00:00:27.090
or dedicated chips

11
00:00:27.090 --> 00:00:30.570
to perform encryption and decryption operations

12
00:00:30.570 --> 00:00:34.200
faster and more efficiently than would be possible

13
00:00:34.200 --> 00:00:35.910
with software alone.

14
00:00:35.910 --> 00:00:39.000
Let's learn more about hardware acceleration,

15
00:00:39.000 --> 00:00:42.300
then we'll conduct a quick demonstration.

16
00:00:42.300 --> 00:00:45.240
Hardware acceleration plays a critical role

17
00:00:45.240 --> 00:00:47.460
in balancing strong security

18
00:00:47.460 --> 00:00:49.170
with the need for efficient

19
00:00:49.170 --> 00:00:52.230
and speedy cryptographic processes.

20
00:00:52.230 --> 00:00:56.700
Hardware acceleration uses specialized hardware components

21
00:00:56.700 --> 00:00:58.950
like cryptographic processors,

22
00:00:58.950 --> 00:01:03.210
dedicated chips, and specialized hardware modules

23
00:01:03.210 --> 00:01:06.780
to perform encryption and decryption tasks

24
00:01:06.780 --> 00:01:10.800
much faster than standard software-based methods.

25
00:01:10.800 --> 00:01:13.920
Hardware acceleration component examples

26
00:01:13.920 --> 00:01:16.800
include hardware security modules,

27
00:01:16.800 --> 00:01:19.350
which manage cryptographic keys

28
00:01:19.350 --> 00:01:22.830
and perform encryption directly within the hardware,

29
00:01:22.830 --> 00:01:25.230
and trusted platform modules,

30
00:01:25.230 --> 00:01:29.010
which provide secure encryption, authentication,

31
00:01:29.010 --> 00:01:31.830
and key storage on computers.

32
00:01:31.830 --> 00:01:35.010
Graphic processing units, or GPUs,

33
00:01:35.010 --> 00:01:37.860
are also used for cryptographic tasks

34
00:01:37.860 --> 00:01:41.520
due to their parallel processing capabilities.

35
00:01:41.520 --> 00:01:45.090
Finally, network cards with built-in encryption,

36
00:01:45.090 --> 00:01:47.850
like Intel QuickAssist Technology,

37
00:01:47.850 --> 00:01:52.170
accelerate cryptographic functions at the network level.

38
00:01:52.170 --> 00:01:55.440
Each of these components are designed specifically

39
00:01:55.440 --> 00:01:58.620
to handle certain cryptographic algorithms,

40
00:01:58.620 --> 00:02:03.210
allowing them to carry out these operations more efficiently

41
00:02:03.210 --> 00:02:07.500
and reduce the load on general purpose CPUs.

42
00:02:07.500 --> 00:02:10.380
By offloading the cryptographic workload

43
00:02:10.380 --> 00:02:12.420
to these specialized chips,

44
00:02:12.420 --> 00:02:15.240
hardware acceleration significantly boosts

45
00:02:15.240 --> 00:02:17.670
overall system performance.

46
00:02:17.670 --> 00:02:19.650
So to get a better feel

47
00:02:19.650 --> 00:02:23.130
for how helpful hardware acceleration can be,

48
00:02:23.130 --> 00:02:25.950
imagine you are at a busy grocery store

49
00:02:25.950 --> 00:02:29.700
with a single cashier handling all the customers.

50
00:02:29.700 --> 00:02:30.990
The line moves slowly

51
00:02:30.990 --> 00:02:34.260
because the cashier has to scan each item,

52
00:02:34.260 --> 00:02:38.460
process payments, and bag groceries all on their own.

53
00:02:38.460 --> 00:02:40.410
Now, picture the store bringing in

54
00:02:40.410 --> 00:02:44.490
several other staff members to help the line move faster.

55
00:02:44.490 --> 00:02:48.330
One person scans the items, another handles payments,

56
00:02:48.330 --> 00:02:50.550
and a third bags the groceries.

57
00:02:50.550 --> 00:02:52.560
Suddenly, the checkout process

58
00:02:52.560 --> 00:02:55.500
becomes much faster and more efficient.

59
00:02:55.500 --> 00:02:59.370
This is like hardware acceleration in cryptography.

60
00:02:59.370 --> 00:03:02.970
Instead of relying on one general purpose component,

61
00:03:02.970 --> 00:03:05.520
like the cashier, to do everything,

62
00:03:05.520 --> 00:03:09.180
specialized hardware acts like the additional staff

63
00:03:09.180 --> 00:03:11.850
and takes on specific tasks.

64
00:03:11.850 --> 00:03:15.990
These components are optimized for speed and efficiency,

65
00:03:15.990 --> 00:03:19.800
allowing the system to handle encryption and decryption

66
00:03:19.800 --> 00:03:24.210
much faster, without overwhelming a single resource.

67
00:03:24.210 --> 00:03:28.020
Just as dividing tasks among specialized workers

68
00:03:28.020 --> 00:03:30.030
speeds up the checkout line,

69
00:03:30.030 --> 00:03:32.580
hardware acceleration boost the speed

70
00:03:32.580 --> 00:03:34.710
of cryptographic operations,

71
00:03:34.710 --> 00:03:38.640
making sensitives more efficient and responsive.

72
00:03:38.640 --> 00:03:41.370
This approach is especially valuable

73
00:03:41.370 --> 00:03:45.780
in environments where both speed and security are essential,

74
00:03:45.780 --> 00:03:49.320
such as high frequency trading platforms.

75
00:03:49.320 --> 00:03:52.980
In such scenarios, every millisecond counts,

76
00:03:52.980 --> 00:03:55.410
and hardware acceleration ensures

77
00:03:55.410 --> 00:03:59.790
that complex encryption tasks are executed rapidly

78
00:03:59.790 --> 00:04:04.140
without compromising the security of the transactions.

79
00:04:04.140 --> 00:04:06.840
By enhancing the speed of encryption,

80
00:04:06.840 --> 00:04:10.650
hardware acceleration helps maintain the high performance

81
00:04:10.650 --> 00:04:13.740
needed in these critical applications,

82
00:04:13.740 --> 00:04:16.230
allowing secure data processing

83
00:04:16.230 --> 00:04:19.110
without slowing down the system.

84
00:04:19.110 --> 00:04:21.630
In addition to trading platforms,

85
00:04:21.630 --> 00:04:26.010
hardware acceleration is also used in other applications,

86
00:04:26.010 --> 00:04:31.010
like virtual private networks and SSL/TLS protocols,

87
00:04:31.200 --> 00:04:34.320
to enhance performance and security.

88
00:04:34.320 --> 00:04:36.919
Secure sockets layer, or SSL,

89
00:04:36.919 --> 00:04:40.200
and TLS, or transport layer security,

90
00:04:40.200 --> 00:04:44.100
are protocols that establish secure communication channels

91
00:04:44.100 --> 00:04:47.040
between devices over the internet,

92
00:04:47.040 --> 00:04:49.620
such as when you visit a website

93
00:04:49.620 --> 00:04:52.920
or access a secure online service.

94
00:04:52.920 --> 00:04:56.430
These protocols rely heavily on encryption

95
00:04:56.430 --> 00:04:59.310
to protect the data being transmitted,

96
00:04:59.310 --> 00:05:03.660
ensuring that it remains private and tamper-proof.

97
00:05:03.660 --> 00:05:08.660
The encryption and decryption tasks involved in SSL and TLS

98
00:05:08.665 --> 00:05:11.760
are computationally intensive,

99
00:05:11.760 --> 00:05:15.090
especially when handling large volumes of data

100
00:05:15.090 --> 00:05:18.360
or many simultaneous connections.

101
00:05:18.360 --> 00:05:21.300
Hardware acceleration helps offload

102
00:05:21.300 --> 00:05:23.580
these cryptographic operations

103
00:05:23.580 --> 00:05:26.250
to specialized hardware components,

104
00:05:26.250 --> 00:05:30.810
such as cryptographic processors and dedicated chips,

105
00:05:30.810 --> 00:05:32.700
which can perform these tasks

106
00:05:32.700 --> 00:05:36.330
much faster than general purpose CPUs.

107
00:05:36.330 --> 00:05:38.640
This reduces the time required

108
00:05:38.640 --> 00:05:40.830
to establish secure connections

109
00:05:40.830 --> 00:05:43.050
and process encrypted data,

110
00:05:43.050 --> 00:05:46.680
making the overall system more efficient

111
00:05:46.680 --> 00:05:48.473
by using hardware acceleration.

112
00:05:48.473 --> 00:05:53.473
SSL and TLS can maintain high levels of security

113
00:05:53.483 --> 00:05:56.730
without slowing down network performance,

114
00:05:56.730 --> 00:05:59.370
ensuring that the encryption process

115
00:05:59.370 --> 00:06:01.770
does not become a bottleneck.

116
00:06:01.770 --> 00:06:03.990
This is particularly important

117
00:06:03.990 --> 00:06:06.300
in environments with high traffic,

118
00:06:06.300 --> 00:06:09.030
such as web servers, data centers,

119
00:06:09.030 --> 00:06:11.640
and online financial services,

120
00:06:11.640 --> 00:06:15.510
where fast and secure communication is essential.

121
00:06:15.510 --> 00:06:18.330
Let's do a quick demo to show the impact

122
00:06:18.330 --> 00:06:22.770
of hardware acceleration on cryptographic performance.

123
00:06:22.770 --> 00:06:27.770
I am on a Kali Linux machine with OpenSSL installed.

124
00:06:27.810 --> 00:06:31.320
OpenSSL includes a built-in speed test

125
00:06:31.320 --> 00:06:35.310
to measure the performance of cryptographic algorithms.

126
00:06:35.310 --> 00:06:38.430
This demonstration will show us the impact

127
00:06:38.430 --> 00:06:41.550
of removing hardware acceleration.

128
00:06:41.550 --> 00:06:45.300
We will start by running the OpenSSL speed test

129
00:06:45.300 --> 00:06:48.780
with hardware acceleration enabled by default.

130
00:06:48.780 --> 00:06:52.593
We'll do this with the following OpenSSL command.

131
00:06:57.990 --> 00:07:01.650
It'll take approximately 18 to 20 seconds

132
00:07:01.650 --> 00:07:04.260
for this command to execute.

133
00:07:04.260 --> 00:07:07.410
It is measuring the performance of AES

134
00:07:07.410 --> 00:07:12.410
with a 256-bit key in Cipher Block Chaining, or CBC, mode.

135
00:07:14.250 --> 00:07:18.600
The output is showing us the number of operations per second

136
00:07:18.600 --> 00:07:21.600
that are completed with different block sizes.

137
00:07:21.600 --> 00:07:24.690
You can see that we have 16-byte blocks,

138
00:07:24.690 --> 00:07:27.630
64-byte blocks, et cetera,

139
00:07:27.630 --> 00:07:30.990
and each one of the numbers that is provided here

140
00:07:30.990 --> 00:07:32.100
as the result

141
00:07:32.100 --> 00:07:35.610
are in thousands of bytes per second processed.

142
00:07:35.610 --> 00:07:38.310
Let's just take a look at the overall length

143
00:07:38.310 --> 00:07:41.160
of each one of these results.

144
00:07:41.160 --> 00:07:43.470
In the 16-byte block,

145
00:07:43.470 --> 00:07:48.000
we can see that the output we receive is seven digits long.

146
00:07:48.000 --> 00:07:50.700
That's true for each one of these blocks,

147
00:07:50.700 --> 00:07:52.560
meaning that we're processing,

148
00:07:52.560 --> 00:07:57.180
let's say in the 16384 byte block size,

149
00:07:57.180 --> 00:08:02.180
1,410,088 thousands of bytes per second

150
00:08:03.510 --> 00:08:05.280
that have been processed.

151
00:08:05.280 --> 00:08:09.090
Okay, now let's remove hardware acceleration

152
00:08:09.090 --> 00:08:14.040
with the following export OPENSSL command.

153
00:08:14.040 --> 00:08:16.920
Now that hardware acceleration is removed,

154
00:08:16.920 --> 00:08:19.710
we're going to rerun that speed test

155
00:08:19.710 --> 00:08:22.500
that we ran the very first time.

156
00:08:22.500 --> 00:08:25.140
Again, what we're going to find is it takes

157
00:08:25.140 --> 00:08:30.140
approximately 18 to 20 seconds for this command to execute.

158
00:08:30.990 --> 00:08:34.110
At the end, what we expect to see

159
00:08:34.110 --> 00:08:36.660
with hardware acceleration removed

160
00:08:36.660 --> 00:08:40.050
is that the output numbers that we receive at the bottom

161
00:08:40.050 --> 00:08:44.400
are much lower than the original test that we ran,

162
00:08:44.400 --> 00:08:47.340
and we can do that by just looking at the length

163
00:08:47.340 --> 00:08:49.290
of each one of these outputs.

164
00:08:49.290 --> 00:08:53.070
Instead of the outputs being in the millions,

165
00:08:53.070 --> 00:08:57.450
we're now at 271,180

166
00:08:57.450 --> 00:08:59.640
for the 16-byte block,

167
00:08:59.640 --> 00:09:04.640
all the way to 283,262

168
00:09:04.860 --> 00:09:08.700
in the 16384 byte block.

169
00:09:08.700 --> 00:09:12.480
So as you can see, the number of bytes per second

170
00:09:12.480 --> 00:09:13.950
that have been processed

171
00:09:13.950 --> 00:09:16.620
is no longer in the millions

172
00:09:16.620 --> 00:09:18.690
for each one of these block sizes.

173
00:09:18.690 --> 00:09:21.240
It's now in the hundreds of thousands

174
00:09:21.240 --> 00:09:23.370
for each one of these block sizes,

175
00:09:23.370 --> 00:09:26.190
showing a significant decrease

176
00:09:26.190 --> 00:09:30.000
in the number of bytes per second that are processed

177
00:09:30.000 --> 00:09:33.270
when hardware acceleration is removed.

178
00:09:33.270 --> 00:09:37.170
So remember, performance considerations

179
00:09:37.170 --> 00:09:40.020
balance the need for strong security

180
00:09:40.020 --> 00:09:44.310
with the speed and efficiency of cryptographic processes.

181
00:09:44.310 --> 00:09:47.400
Hardware acceleration plays a key role

182
00:09:47.400 --> 00:09:49.470
in enhancing these processes

183
00:09:49.470 --> 00:09:51.960
by using specialized components,

184
00:09:51.960 --> 00:09:56.310
such as cryptographic processors and dedicated chips,

185
00:09:56.310 --> 00:09:59.130
to perform the encryption and decryption

186
00:09:59.130 --> 00:10:02.520
much faster than software could alone.

187
00:10:02.520 --> 00:10:04.440
These hardware components,

188
00:10:04.440 --> 00:10:09.000
like hardware security modules and trusted platform modules,

189
00:10:09.000 --> 00:10:10.740
are specifically designed

190
00:10:10.740 --> 00:10:13.920
to handle certain cryptographic algorithms,

191
00:10:13.920 --> 00:10:17.550
reducing the load on general purpose CPUs

192
00:10:17.550 --> 00:10:20.820
and boosting overall system performance.

193
00:10:20.820 --> 00:10:24.030
This approach is particularly valuable

194
00:10:24.030 --> 00:10:28.440
in environments where both speed and security are critical,

195
00:10:28.440 --> 00:10:33.440
as it ensures that encryption tasks are executed rapidly

196
00:10:33.660 --> 00:10:36.330
without compromising security.

197
00:10:36.330 --> 00:10:39.030
By offloading cryptographic workloads

198
00:10:39.030 --> 00:10:40.920
to specialized hardware,

199
00:10:40.920 --> 00:10:43.080
hardware acceleration enables

200
00:10:43.080 --> 00:10:46.080
secure and efficient data processing

201
00:10:46.080 --> 00:10:48.450
in high-demand applications,

202
00:10:48.450 --> 00:10:53.450
like virtual private networks and SSL or TLS protocols,

203
00:10:54.150 --> 00:10:56.640
maintaining excellent performance,

204
00:10:56.640 --> 00:10:58.833
even under heavy loads.