Modern storage fabrics move enormous volumes of sensitive data across high-speed networks and distributed systems. Protecting this data requires more than simple encryption. storage pipelines must also prevent replay, relocation and silent modification of encrypted payloads as they traverse complex infrastructure. Traditional encryption methods primarily focus on confidentiality and often lack built-in mechanisms to guarantee integrity and authenticity.
As storage bandwidth continues to scale, relying on software encryption alone forces systems to scale CPU resources proportionally, increasing both infrastructure cost and operational complexity. Modern storage environments therefore require security mechanisms that operate directly within the data path delivering confidentiality, integrity and authentication without compromising throughput or determinism.
Security Threats in Modern Storage Pipelines
In distributed storage fabrics spanning edge nodes, cloud environments and data centers, vulnerabilities in encryption mechanisms can pose significant risks to data reliability and system trust.
Limitations of Traditional AES Modes
| Evaluation Criteria | ECB | CBC | CTR | GCM |
|---|---|---|---|---|
| Encryption Method | Independent blocks | Cipher block chaining | Counter-based stream | Counter mode + authentication |
| Pattern Protection | Weak | Moderate | Strong | Strong |
| Authentication | Not supported | Not supported | Not supported | Built-in authentication tag |
| Error Impact | Single block | Propagates to next block | Single block | Detected by tag verification |
| Parallel Processing | Supported | Sequential dependency | Highly parallelizable | Parallel encryption + authentication |
| Hardware Suitability | Simple but insecure | Limited pipeline efficiency | Good for pipelines | Ideal for high-speed hardware |
| Security Guarantees | Confidentiality only | Confidentiality only | Confidentiality only | Confidentiality + Integrity + Authenticity |
Traditional encryption modes such as AES-ECB, AES-CBC and AES-CTR primarily ensure confidentiality but lack built-in mechanisms for integrity verification and authentication.
Security Risks in Storage Pipelines
| Threat | Description | Impact on Storage Systems |
|---|---|---|
| Replay Attacks | Previously captured encrypted blocks are reintroduced | Outdated or malicious data may be restored |
| Relocation Attacks | Valid ciphertext written to incorrect storage address | Data appears valid but belongs to a different context |
| Data Tampering | Ciphertext modified in transit or storage | Altered data may be accepted without detection |
| Silent Corruption | Integrity violations detected too late | Corruption propagates across storage layers |
Inline AES-GCM Engine in the iW-Fibre SmartNIC
The iW-Fibre SmartNIC integrates an inline AES-GCM engine within the FPGA fabric to perform authenticated encryption directly in the data path, ensuring both confidentiality and integrity of storage and network payloads.
AES-GCM Encryption Engine iW Fibre SmartNIC FPGA
- The AES-GCM engine operates on plaintext data along with timestamp, address, counter values and a secret key, producing ciphertext blocks and an authentication tag.
- The timestamp, address and counter are combined to form counter blocks, creating a unique nonce for each encryption operation.
- Each counter block is processed by the AES core operating in Counter (CTR) mode to generate a keystream, which is XORed with the corresponding plaintext block to produce ciphertext. as counter blocks are independent, multiple AES core operate in parallel, enabling high-throughput execution within the FPGA.
- The generated ciphertext blocks are simultaneously passed to the GHASH module, which performs Galois Field multiplication and XOR operations to compute an authentication value.
- In parallel, a tag mask is generated by encrypting the initial counter block derived from the timestamp and address using AES. The final authentication tag is then obtained by combining the GHASH output with the tag mask.
The following diagram illustrates how this AES-GCM engine is integrated within the iW-Fibre SmartNIC data path.
Architecture of inline AES-GCM encryption in the iW-Fibre SmartNIC.
Within the FPGA data path of the iW-Fibre SmartNIC, data from the host application is transmitted through the driver to the FPGA via the PCIe DMA engine. Encryption keys are provisioned through the key management module, while incoming data is buffered to maintain a steady flow into the AES-GCM processing pipeline. The AES-GCM engine then performs inline encryption and authentication, after which the packet processing engine prepares the data for transmission through the Ethernet interface, enabling secure, line-rate delivery without host CPU involvement.
Comparison of CPU-based encryption and FPGA inline AES-GCM on the iW-Fibre SmartNIC
| Software-Based Encryption | SmartNIC Inline AES-GCM |
|---|---|
| Executed on host CPU | Fully offloaded to FPGA |
| Competes with application workloads | Dedicated hardware data path |
| Latency affected by interrupts and context switching | Deterministic pipeline latency |
| Scaling requires additional CPU resources | Hardware-parallel scalability |
| Limited protection against replay/relocation | Nonce-bound replay and relocation protection |
Inline AES-GCM enables secure, high-performance storage across cloud storage fabrics, edge storage nodes, NVMe-over-Fabrics deployments, AI/ML data pipelines and enterprise IP-protection environments where deterministic encryption and strong integrity guarantees are critical.
By integrating AES-GCM directly into the FPGA data path, the iW-Fibre SmartNIC ensures that storage security scales with bandwidth rather than CPU resources. The result is a storage pipeline where confidentiality, integrity and performance are enforced directly in hardware delivering predictable security for next-generation data infrastructures.
For platform evaluation or additional information, contact mktg@iwave-global.com
