Sun Microsystems’ cofounder Scott McNealy’s quote from January, 1999 (was that really 14 years ago?) was more right than we imagined—or hoped. Online bank accounts get hacked; Twitter gives away user information; customer databases go missing; traffic cameras record our comings and goings; and any number of smaller breaches of our presumed privacy occur every day. In the online world we’ve learned to assume that some sort of electronic record will be kept of our actions, if only because we’re so often reminded of it.
Did you know that Google encrypts your search queries? But it’s not to protect your privacy—it’s to protect theirs. Google makes money (albeit indirectly) on the data it gleans from searches, and it doesn’t want competitors eavesdropping on that data.
Record-keeping and privacy are two different things, however. Just because some agency somewhere records the bits and bytes transferred from my IP address, that doesn’t necessarily mean they know anything about me. But protecting that data is a start, and a number of companies are working hard on that.
Chief among them is Freescale, the big-chip company that knows a thing or two about communications and networking chips. And the company has just launched a small family of encryption chips that make it easier to plug in encryption wherever you want it.
Say hello to my little friends, the ’C291, ’C292, and ’C293. They’re three related encryption processors that are software-compatible with one another, but with varying degrees of crypto muscle. All three are also pin-compatible, so you can up- and downgrade your crypto credentials as the need arises.
Freescale doesn’t come right out and say it, but the new ’C29x chips are aimed directly at the Nitrox products from competitor Cavium. Nitrox is the incumbent player here, so Freescale has a tall order ahead of it. On the other hand, the new ’C29x devices look to be quite a bit faster, and quite a bit cheaper, than Cavium’s current offerings. That’s a compelling combination for a device that most people treat as a commodity.
Without dedicated encryption processors, most people do crypto in software on their main microprocessor. That’s fine, but public-key encryption or elliptic-curve cryptography are hard—they’re meant to be—and therefore time-consuming on a general-purpose processor. Your average x86 Core i7 or PowerPC device just isn’t very well suited to cracking (or generating) encryption keys. Toss in a hundred dollars’ worth of dedicated crypto chip, however, and things go much more smoothly.
Each chip in the ’C29x family can be used in either of two ways. As a lookaside coprocessor, the chip sits on the PCIe bus and gets handed crypto tasks by the main processor. This makes for a neat and tidy offload when you’re already doing software crypto on the main CPU but want to toss it over to the new chip instead. In this mode, the ’C29x doesn’t require any memory of its own, just a PCIe connection to the main processor. Piece of cake.
In the other configuration, the ’C29x takes a more active role and can actually be the front-line communications processor instead of, or in addition to, a “real” communications processor. Here, Ethernet channels feed directly into the ’C29x for preprocessing before being handed off to another communications processor (if any) for further processing. In this mode, the ’C29x needs its own local memory as well as some NVRAM for key storage. The chip boots securely, verifying that it is, in fact, loading trusted code and keys. Freescale even designed the chip to deliberately muddle its own power consumption in order to thwart attacks that try to infer key length based on power usage. Sneaky stuff.
Power consumption for all three chips is in the single-digit range, hitting perhaps 10W for the fastest ’C293 chip at full boil. Throughput ranges from 8K to 32K 2048-bit RSA keys/second, according to Freescale. Being secure has never been so easy. Or so important.
Good Deeds Done Dirt Cheap
Think you’re a good engineer, programmer, or developer? How well could you describe a schematic, flowchart, or source code listing to a colleague?
Recording for the Blind and Dyslexic (RFB&D) is looking for engineers to read textbooks aloud for disabled engineering students. I started volunteering for this group almost 15 years ago, after spotting a small one-paragraph description at the bottom of a newspaper article. If you’ve got a few hours per month to help a fellow engineer, I heartily recommend it. Contact RFB&D (www.rfbd.org or www.LearningAlly.org) and they’ll set you up in a soundproofed recording booth where you’ll read college-level engineering texts while a fellow volunteer records you. Don’t worry; you get infinite do-overs if you flub your lines. Reading source code is pretty straightforward, but describing electrical schematics takes a bit of practice. If electronics engineering isn’t your thing, you can help out with other subjects. I was especially in awe of a woman in our group who read chemistry books, including complex chemical diagrams. That’s quite a skill. Anyway, go check it out.