Motorola Security Chips
Major Variola (ret)
mv at cdc.gov
Mon Sep 29 15:39:28 PDT 2003
At 03:58 PM 9/29/03 -0400, Tyler Durden wrote:
>These seem to be actual chips. Anyone know of companies selling Crypto
apps
>for Network processors?
What do you mean "crypto apps"? In some cases you can get support for
the
crypto hardware in a version of say VxWorks etc which makes it easier.
Perhaps you can get
as much as full IPSec since RTOS companies often sell IP stacks too.
Particularly important when say your SOHO OEM customer doesn't have
massive
resources or expertise. "Buy our chips, we'll get WindRiver to give you
price break,
all you do is recompile with #define NUMPORTS set to the number of
RJ-45s on
the thing"
Core or edge, baby? NPU is a marketroid term.
What's called a "network processor" might range from an Intel IXP w/
hardware AES
(and everything else including mbuf ops), that can do line-rate SONET,
for a few hundred $;
or an IDT 100 Mhz MIPS with a
DES core and ethernet i/f glued on for $10 for your 10Mbps home router.
All of them come with some kind of software
and/or partnerships with software/OS vendors --hard to sell silicon
without that. At least, drivers for
common OS.
The hardware vendor's problem is this: You have all these transistors to
do something with.
May as well add crypto to netstuff, just like
graphics ops got added to gamestuff. Transistors are free and
integrating functions might give you an edge over
the competition for a while. When was the last time you shopped for a
floating-point co-processor?
Eventually innovation becomes a "checkbox" item. Eventually chips will
come with cup-holders and power-mirrors.
If so, which is deemed more secure by
>Cypherpunks...software apps on network processors or outboard chips?
(Am I
>correct in assuming that a crypto app on a network processor is not any
>easier to view or examine that a crypto ASIC?)
You add hardware accelerators on chips with other functions
to increase crypto-app *performance*. Rarely, you/NSA buy it because
its immutable,
so you avoid certain problems. (Problems mostly solved by integrated
ROMs for
your CPU.) Mostly you buy for performance.
*Any* black box is less trustworthy
than code you can read; however,
have you read your OS or compiler recently?
Before you claim that others have,
Have you realized that trust isn't transitive yet?
And are you sure your "generic" black-box CPU
(that runs your ever-so-carefully hand-inspected code)
hasn't any interesting tricks hidden inside? F00F!
If you want complete transparency, use a soft CPU core on an
FPGA so nothing (but the FPGA fabric) is opaque. As a
paran^H^H^H^Hcypherpunk, you might design your
system to use a few FPGAs (purchased from different vendors
as anonymously as possible) identically configured and have them vote.
Don't have them vote using Diebold machinery, though :-)
>Motorola Locks Down Chips
>
>--------------------------------------------------------------------------------
>
>Motorola Inc. (NYSE: MOT - message board) has become the latest vendor
to
>integrate security into its microprocessors, continuing the trend of
putting
>encryption acceleration on-chip.
...
>Naturally, processor companies believe they can further speed things up
--
>and save OEMs a bit of money -- by merging the co-processors into their
own
>chips. Broadcom Corp. (Nasdaq: BRCM - message board), Integrated Device
>Technology Inc. (IDT) (Nasdaq: IDTI - message board), and PMC-Sierra
Inc.
>(Nasdaq: PMCS - message board) are adding security to their
microprocessors;
>and Agere Systems Inc. (NYSE: AGR.A) and Intel Corp. (Nasdaq: INTC -
message
>board) have done the same with some of their network processors (see
Vendors
>Add Security to MIPS Chips and Intel Moves on Security ).
More information about the cypherpunks-legacy
mailing list