As artificial intelligence and high-performance computing (AI/HPC) reshape industries, the need for robust, scalable, and secure connectivity has never been greater. Built from tightly integrated CPUs, GPUs, and SmartNICs, today’s compute clusters demand high-throughput, low-latency networks that can scale from die-to-die to multi-rack deployments.

Why Network Security Matters More Than Ever

AI/HPC clusters process vast amounts of sensitive data, making network security a top priority. Effective solutions must deliver access control, data confidentiality, and threat detection, without sacrificing performance or scalability. Protocols like MACsec and IPsec have long protected data in transit, but new use cases are pushing the limits of these technologies.

MACsec and IPsec: Proven, But Ready for Evolution

MACsec and IPsec are trusted standards for securing Ethernet and IP traffic, respectively. Their use of AES-GCM enables terabit-per-second throughput, but feature scaling to the demands of modern AI/HPC clusters exposes limitations in flexibility and domain isolation. The industry is now looking to the Ultra Ethernet Consortium (UEC) for answers.

Ultra Ethernet Consortium: Purpose-Built for AI/HPC

UEC’s new specification introduces a high-performance Ethernet stack tailored for AI/HPC, with a Transport Security Sub-layer (TSS) that draws on the strengths of IPsec and Google’s PSP. UEC is designed for scale-out networks, enabling secure, efficient data delivery directly to application memory, minus the overhead of legacy protocols.

Looking Ahead: Integrating Security at Terabit Speeds

As SmartNICs and DPUs evolve to support 800G and 1.6T Ethernet, integrating UEC TSS will be key to protecting AI/HPC workloads at scale. IPsec remains to be used for RoCEv2, an industry-wide transport protocol as well as for securing virtual networks and management traffic. MACsec will continue to secure DCI and long-haul links. The future of network security is purpose-built, high-speed, and ready for the next wave of innovation.

Additional Resources:

Webinar: Network Security at Terabit-per-second Rates with MACsec, IPsec and UEC
Ask the Experts Video: MACsec at Terabit Line Rates
SemiEngineering.com: Network Security For AI/HPC: From MACsec/IPsec Towards Ultra Ethernet

As Ethernet scales to Terabit speeds, the need for robust, low-latency, and power-efficient security solutions becomes paramount. Traditional security architectures based on acceleration struggle to keep pace with these performance demands, creating a critical need for MACsec/IPsec solutions that can be integrated into Ethernet ports and operate at full line-rate across multiport and multi-rate environments.

Introducing the Rambus MACsec-IP-364 (+363) Engine

The Rambus Multi-Channel Engine MACsec-IP-364 (+363) is purpose-built to meet the demands of next-generation Ethernet. It delivers full line-rate MACsec and optional IPsec support for 1.6T and 3.2T Ethernet ports, offering a highly scalable and configurable solution for securing high-speed data traffic.

Key Capabilities

• Full Line-Rate Throughput: Supports 1.6T in 3nm and 3.2T in 3/2nm technologies, with low-power 800G operation in 5nm.
• Segmented Data Bus Architecture: Enables multiple packet processing per clock cycle, achieving breakthrough throughput.
• Flexible Integration: Supports channelized and port-based data paths, with options for buffering, flow control, and IEEE 1588 timestamping.
• High-speed Cryptography: FIPS-ready cryptographic engine supporting AES-ECB, AES-CTR, AES-GCM/GMAC transformations.
• MACsec and IPsec Support: Fully compliant with IEEE 802.1AE-2018, with optional IPsec ESP transport/tunnel modes.

Designed for Versatility

The MACsec-IP-364 (+363) engine is ideal for a wide range of applications, including:

• Optical PHYs
• Switch/router ASICs
• NPUs and Smart NICs
• 5G SoCs
• AI infrastructure with network-attached capabilities

Its multi-channel architecture supports up to 64 ports, with pooled classification and transformation resources that optimize multiport designs. The companion MACsec-IP-363 classifier enables autonomous MACsec processing or can be paired with external classifiers for customized deployments.

Seamless Integration and Support

Rambus provides a comprehensive integration package, including:

• Silicon IP and Driver Development Kit
• Hardware and programming manuals
• IP-XACT register descriptions
• UVM verification test bench and test vectors
• Setup, simulation, and synthesis scripts

This ensures a smooth path from evaluation to deployment, backed by world-class support from Rambus MACsec experts.

Securing Tomorrow’s Data Center

As Ethernet continues its march toward Terabit speeds, security must evolve in lockstep. The Rambus MACsec-IP-364 (+363) engine delivers the performance, flexibility, and scalability needed to secure the next generation of data center infrastructure—without compromising on latency, power, or throughput.

Learn more here.

Join us for the webinar, “Network Security at Terabit-per-second Rates with MACsec, IPsec and UEC“ on September 17, 2025 at 9:00am PT.

Over the next five years, all security protocols and public key cryptography will undergo a comprehensive overhaul to ensure quantum safety. This represents the most significant change in these domains since the advent of public key cryptography.

Quantum Safe Cryptography

With rapid advances in quantum computers, which have the potential to break public key cryptography, the scenario of “harvest now, decrypt later” becomes more and more plausible. So, authorities, academics and businesses operating in the security and cryptography field have started to design, test and standardize new cryptographic algorithms which should be resistant to a quantum computer attack.

These new quantum-safe or “post quantum” algorithms are now set to become mandatory by 2030, either completely replacing “classic” algorithms or working alongside them in a “hybrid” mode.

The switch to quantum-safe algorithms requires significant changes to security protocols like IPsec and TLS.
Quantum Safe IPsec Toolkit 1.1 supported standards and RFCs:

Rambus is at the forefront of the transition to quantum-safe security, and we have introduced a new software product: Quantum Safe IPsec Toolkit.  Already at version 1.1 Quantum Safe IPsec Toolkit is the first-to-market IPsec implementation which supports both ML-KEM and ML-DSA, based on latest standards and RFCs.

NIST standards:

• ML-KEM FIPS 203 (based on Kyber)
• ML-DSA FIPS 204 (based on Dilithium)

IPsec/IKEv2 quantum-safe features, RFCs and drafts:

• RFC 9242: Intermediate Exchange in IKEv2
• RFC 9370: Multiple Key Exchanges in IKEv2
• ML-KEM for IKE negotiation based on draft-kampanakis-ml-kem-ikev2
• ML-DSA in certificates based on RFC draft-ietf-lamps-dilithium-certificates
• ML-DSA in IKEv2 signature authentication, based on RFC 7427.
• ML-DSA in IKEv2 raw public key authentication, based on RFC 7670.

Performance Focus

Quantum-safe IPsec is only half the story of the Quantum Safe IPsec Toolkit, the other half is its performance and scalability. We have built upon the extensive experience of IPsec Toolkit and increased our focus on performance making Quantum Safe IPsec Toolkit the fastest IKE implementation available on the market. We have increased overall performance by up to 20% when compared to last IPsec Toolkit release 10.

Quantum safe cryptography brings overall slightly better performance than ‘classic’ algorithms with ML-KEM outperforming ‘classic’ DH groups while ML-DSA is on par with RSA. You can see in the graph below that ML-KEM-768 is faster than the fastest ECP group, DH group 19 (ECP 256), and ML-DSA-65 certificate authentication has similar performance with RSA2048 certificates.

• Test HW environment: Intel Core i7-4790K 4.0 GHz 8 core, direct 10Gbps connection
• Additional test parameters: IKEv2, PSK, Diffie-Hellman group 19 (ECP-256), AES128-GCM (AES-NI) and SHA 256
• Product: Quantum Safe IPsec Toolkit 1.1

The graph above shows the performance of a selection of the new quantum-safe configurations and a few commonly used classic ones, operating both stand-alone and in hybrid mode. The data shows number of SAs per second, negotiated and installed in the Linux kernel data plane. SA stand for Security Association also known as “states” in Linux. The OS for this test is Debian Linux 12 “Bookworm” with current long term kernel versions.

Learn more about Quantum Safe IPsec Toolkit here.

The discussion focused on the challenges of securing AI systems, drawing parallels with FPGA systems. The discussion focuses on the immense value that an AI inference model holds and how hardware-level security solutions are key to protecting it from potential adversaries.

The discussion also touched on the emerging threat of quantum computers, which could compromise public key cryptography. To counter these threats, Rambus offers a broad portfolio of security IP to protect AI silicon.

The interview concluded with a rather meta discussion on the potential of AI being used to attack AI systems, highlighting further the need for robust security measures.

Expert

• Scott Best, Senior Director of Security Products, Rambus

Key Takeaways

1. Securing Inference Models: Securing AI systems revolves around the protection of the inference model, which holds all the information the AI model was trained against. This model can be a potential target for adversaries or competitors, making it crucial to secure it whether it’s sitting in memory (data at rest) or being pulled into a chip (data in use).
2. Hardware-Based AI Security: AI security needs to take place at the hardware level, and it’s up to chip manufacturers to implement a secure solution. This means securing data privacy and authenticity and making sure that these security measures do not hinder the system’s performance.
3. Quantum Threats to Security: The advent of powerful quantum computers poses a threat to current public key cryptography. Systems being built today that are expected to be in the field for 5-10 years or more need to consider implementing quantum safe cryptography to ensure the privacy and authenticity of their data.
4. Rambus Security IP: Rambus offers a broad portfolio of security IP that enables hardware-based security for AI silicon, as well as Root of Trust IP for data at rest protection, Inline Memory Encryption IP for data in use protection, and Quantum Safe Cryptography solutions to protect devices and data in the quantum era.
5. AI-Driven Security Attacks: It’s possible that adversaries could potentially use AI to attack AI, particularly in power analysis side channel attacks where AI could be trained to find a small signal within a lot of noise. This highlights the need for robust security measures in AI systems.

Key Quote

In AI systems, there’s an inference model produced by a training system, and that inference model is then loaded into an AI chip, and that AI chip then executes that inference model. These inference models contain years of value to companies who created the training system and associated training data. If you’re an adversary or a competitor that wants to see what the “secret sauce” of a particular company is, then the inference model is of great interest.

Related Content

• Products: Rambus Security IP
• Blog: Post-quantum Cryptography (PQC): New Algorithms for a New Era
• Whitepaper: RT-600 Root of Trust Series: A New Generation of Security Anchored in Hardware

MACsec (Media Access Control Security) is a security protocol that provides authentication, confidentiality, and integrity for data on Ethernet links. As cars become more and more connected, and cybersecurity threats evolve, MACsec provides an effective solution to address the security challenges faced by automotive Ethernet networks.

In-vehicle networks are vulnerable to a number of threats such as eavesdropping, denial-of-service attacks, man-in-the middle attacks, and unauthorized access. In contrast to regular networks, an in-vehicle network requires the unwanted behavior of the network to be detectable, and handled according to both automotive safety and cybersecurity requirements.

Targeting silicon architectures of automotive Ethernet MCUs, switches and sensor SoCs, Rambus developed the dedicated automotive-grade MACsec-IP-361 as a plug-and-play block for integration into an Ethernet hardware stack. Both system and line sides support the industry standard MII/GMII interfaces for 10/100/1000M rates and respective XGMII interfaces for higher rates. The ASIL-B Ready MACsec-IP-361 contains all necessary safety measures without a need for external safety measures.

For more details on how MACsec works, how it handles the security aspects of communications between zonal gateways in cars, and how Rambus MACsec IP can be employed for use cases spanning multiple speed grade and integration deployments, download our new white paper Securing Automotive Ethernet with MACsec Silicon IP.

One limitation of these fault-injection attacks is that the lasers employed use the infrared spectrum, which is transparent to silicon but absorbed by the ordinary metal used for circuit-interconnect and power distribution. For that reason, fault-injection attacks typically assault a circuit from the back, substrate-side of the chip, where there is typically no metallization. Scott Best will present a reliable, low-cost anti-tamper technique that adds fault-injection shielding metal to the reverse-side of a chip. The proposed techniques utilize modern packaging technology that is fully compatible with and non-disruptive to all semiconductor wafer-processing foundries.

Also at the conference, Rambus will be highlighting two new products aimed at serving the mission-critical requirements of defense applications. The first is the Root of Trust RT-1660, a fully programmable, FIPS 140-2 and FIPS 140-3 compliant root-of-security core offering security by design for U.S. Defense applications. The RT-1660 protects against a wide range of hardware and software attacks with state-of-the-art anti-tamper security techniques. The RT-1660 offers superior tamper resistance through the implementation of Differential Power Analysis (DPA) countermeasures and advanced fault injection attack (FIA) protections.

In addition, Rambus will showcase a new Inline Memory Encryption (IME) Engine. The IME Engine protects critical data with just-in-time encryption, decryption and authentication for all memory read and write requests between a host processor and its attached DRAM memory. This new Rambus product offering was developed and marketed as the “Immunity IME” by Idaho Scientific, a long-term technology partner with Rambus in the U.S. Defense community.

We also continued to meet increased demand for a hardware-based security paradigm across multiple verticals, including the IoT and automotive markets. To help protect IoT devices, Kyocera selected the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator, while NextChip chose the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to secure its Apache6 automotive processor. As high-profile security exploits, breaches, and counterfeit silicon multiply in 2022, we will see an increasing emphasis placed on a hardware-based security paradigm in both the IoT and automotive spaces. To be sure, we expect a proliferation of dedicated silicon that is specifically designed to protect sensitive cryptographic functions and data. This model is the most effective way to secure data when at rest (processed or stored in a device) and when in motion (communicated between connected devices). 

Let’s take a more in-depth look at how Rambus continues to make data faster and safer in 2022 and beyond.  

Faster Speeds for Higher Bandwidth

HBM3

In the summer of 2021, we announced our HBM3-ready memory interface subsystem comprising a fully integrated PHY and digital controller. Supporting breakthrough data rates of up to 8.4 Gbps, the solution delivers over a terabyte per second of bandwidth—more than double that of high-end HBM2E memory subsystems. According to Soo Kyoum Kim, associate VP, Memory Semiconductors at IDC, the memory bandwidth requirements of AI/ML training are “insatiable,” with leading-edge training models now surpassing billions of parameters. As Kim emphasizes, the Rambus HBM3-ready memory subsystem “raises the bar” for performance enabling state-of-the-art AI/ML and HPC applications.

According to Joel Hruska of ExtremeTech, early HBM3 hardware should be capable of ~1.4x more bandwidth than current HBM2E. However, as the standard evolves, that figure will rise to ~1.075TB/s of memory bandwidth per stack, with maximum I/O transfer rates of up to 8.4Gbps. 

“These figures are per stack and many GPUs use HBM with 2-4 stacks, so total bandwidth provided by a four-stack HBM3 solution at 665GB/s is ~2.7TB/s,” he adds. It should be noted that Both AMD (Genoa) and Intel (Sapphire Rapids) are expected to begin shipping their respective HBM-equipped server processors in 2022. 

DDR5

In late 2021, we confirmed the sampling of our 5600 MT/s 2nd-generation RCD chip with major DDR5 memory module (RDIMM) suppliers. The new level of performance represents a 17% increase in data rate over the first-generation 4800 MT/s Rambus DDR5 RCD. With DDR5 memory, more intelligence is built into the DIMMs, enabling up to double the data rate and four times the capacity of DDR4 DIMMs, while at the same time reducing power and increasing memory efficiency. 

According to Shane Rau, research vice president, Computing Semiconductors at IDC, advanced workloads are driving the increased demand for greater memory bandwidth. 

“It [is therefore] essential that DDR5 ecosystem players like Rambus continue to raise the bar on performance to meet the rapidly rising needs of data center applications,” says Rau. 

As we noted in our introduction, Rambus memory interface chips will enable next-generation DDR5-based servers to achieve new levels of performance. These new servers are slated to hit data centers in 2022 and beyond, with RDIMMs running at 4800 MT/s. This number represents a 33% increase in data rate over top-end 3200 MT/s DDR4 RDIMMs in current high-performance servers. 

CXL Memory Interconnect Initiative

In the closing months of 2021, we announced our CXL Memory Interconnect Initiative to develop semiconductor solutions for advanced data center architectures that maximize performance, improve efficiency, and reduce system cost. Compute Express Link (CXL) is an open industry standard interconnect delivering high-bandwidth, low-latency connectivity between dedicated compute, memory, I/O and storage elements within the data center to allow the provision of the optimal mix of each for a given workload.  

CXL memory expansion and pooling chips are key components for both traditional and disaggregated architectures. To support the continuing growth and specialization in server workloads, data centers are moving to disaggregated architectures composed from shared and scalable pools of computing and memory resources. CXL is a critical enabler of these next-generation disaggregated server architectures.

According to Matt Jones, general manager of IP cores at Rambus, CXL interconnects are quite versatile due to their high-bandwidth, low-latency characteristics—and can therefore be used to interconnect various hosts and resources in the system. 

“We see the device evolving here into one that supports multiple hosts on the upstream side and being able to share efficiently a pool of memory on the downstream side so that you can assign multiple hosts to efficiently share that memory,” Jones tells The Next Platform. “The key building blocks are here from an IP standpoint that tie back to the acquisitions we made on the PHY and the controller on both sides.”

Securing Silicon to Protect Data 

Kyocera Selects Rambus Root of Trust for IoT Security

In early 2022, Rambus announced that Kyocera Evolution Series MFPs will offer data security meeting Federal Information Processing Standards (FIPS) 140-2 Cryptographic Module Validation Program (CMVP) standards using the Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator IP. Specifically, the FIPS-certified Kyocera Evolution Series MFPs utilize the Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator as part of a system security architecture that provides the most robust and up-to-date protection for customers.

According to Neeraj Paliwal, general manager of security IP at Rambus, secure by design is a fundamental property of solutions from industry leaders like Kyocera. By building on Rambus FIPS CMVP-certified IP solutions, chip and system providers can better navigate the certification process and accelerate the development of secure solutions.  

This is increasingly important in 2022 and beyond. Because data centers have transformed into virtual fortresses (both in the physical and digital domains), adversaries have turned their focus to more vulnerable edge and end points. 

NextChip Selects Rambus Security IP to Secure Apache6 Automotive Processor

In January 2022, NextChip selected the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to provide hardware-level security for its next-generation Apache6 automotive processor. The Apache6 ADAS SoC combines CPU, GPU, ISP, and NPU processors to enable advanced automotive vision and domain/zone controller applications such as AVP. 

The Rambus RT-640 Root of Trust provides security services and protection of data processed by the Apache6 SoC. The RT-640 is a powerful security co-processor featuring automotive grade embedded security software, high-performance cryptographic accelerators for AES, HMAC, SHA-2, and more. In addition, dedicated safety integrity mechanisms ensure correct operations and extensive error handling and the advanced anti-tamper features of the RT-640 protect chips from side-channel and fault injection (FI) attacks. Meanwhile, the Rambus MACsec-IP-160 encrypts and protects data at speeds up to 100 Gbps over Ethernet in-car networks. 

According to CTO NextChip Hweihn Chung, the company is raising the bar for reliable, compact, and affordable ADAS solutions with the Apache6. 

“With Rambus security IP solutions, Apache6 offers state-of-the-art protection of mission-critical data while meeting full ASIL-B compliance,” he adds. 

Conclusion

Rambus continues to make data faster and safer with the launch of key products, industry initiatives, and strategic partnerships. In 2022 and beyond, we are addressing the insatiable demand for more bandwidth in the data center to support new AI/ML applications with our 8.4 Gbps HBM3-Ready Memory Subsystem, DDR5 5600 MT/s 2nd-generation RCD chip, and CXL Memory Interconnect Initiative. 

On the security side, we continue to meet increased demand for a hardware-based security paradigm across multiple verticals, including the IoT and automotive markets. Recent examples include Kyocera selecting the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator for its IoT silicon, and NextChip choosing the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to secure its Apache6 automotive processors. As high-profile security exploits, breaches, and counterfeit silicon multiply in 2022, we will see an increasing emphasis placed on a hardware-based security paradigm in both the IoT and automotive spaces. To be sure, we expect a proliferation of dedicated silicon that is specifically designed to protect sensitive cryptographic functions and data.

That’s why Kyocera selected the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust, and AES-IP-38 AES Accelerator to secure their multi-function products. Kyocera is passionate about protecting their customers’ business data. They even published an ebook to explain how companies can secure these vital digital assets. FIPS certification is the gold standard for security solutions signaling that Kyocera solutions provide customers with the highest level of data protection.

What about for other kinds of IoT devices? Well, there’s good news. Rambus has a full family of FIPS-certified, powerful but lightweight, Root of Trust solutions. These support secure boot, manage secure firmware upgrades, administer keys and provide cryptographic services with models appropriate for nearly every kind of IoT device. Our broad line of crypto accelerators and protocol engines encrypt and protect data moving over the network. So whatever IoT devices your chip design addresses, Rambus can help provide the highest level of security for your product.

NextChip has emerged as a leading innovator in automotive AI vision with their Apache family of automotive processors. Their Apache6 automotive processor, now in development, combines advanced CPU, GPU, ISP and NPU processing engines to enable demanding automotive vision and ADAS applications such as automated valet parking (AVP).

AVP allows the driver to leave the vehicle at a drop-off area of a parking garage. The vehicle establishes digital contact with the parking garage, and the route to a free parking spot is computed. The vehicle then proceeds autonomously to the parking spot.

Keep on reading.
Primer: Autonomous vehicles explained.

As the Apache6 will be responsible for the autonomous functioning of ADAS-enabled automobiles, its operation must be protected from cyberattacks and tampering. Successful attacks could lead to property damage, injury or loss of life. NextChip has selected Rambus Security IP to protect its new state-of-the-art Apache6 SoC.

The Rambus RT-640 Root of Trust was chosen to safeguard the Apache6’s operations by providing security services including secure boot and secure firmware update. The RT-640 Root of Trust is specifically tailored as an embedded hardware security module (HSM) for automotive ADAS applications requiring ASIL-B level reliability. It protects data with high-performance cryptographic accelerators (AES, HMAC, SHA-2, etc.), and protects the hardware with state-of-the-art anti-tamper technology.

In addition, NextChip selected the Rambus MACsec-IP-160 protocol engine to encrypt and protect the data communicated over the in-vehicle network between the Apache6 processor and other processors, sensors and actuators. Increasingly, high-speed Ethernet is displacing legacy network protocols in vehicles, and as in the data center world, Rambus MACsec protocol engines are the go-to solution for protecting these links.

Interested in reading more? Explore more of our security solutions for automotive:
– Automotive Security: Protecting vehicle electronic systems
– Rambus CryptoManager Root of Trust Cores Certified ASIL-B/D Ready for Enhanced Security in Automotive Applications