Motorola builds security into network chips

Motorola Inc. is building security engines into processors made for network gear in homes and small and medium-size businesses, the company announced Monday.

By integrating user authentication and data encryption into the new MPC885 PowerQUICC I and MPC8272 PowerQUICC II processor families, the Schaumburg, Illinois, company said it will allow equipment vendors to both boost the performance and lower the cost of their gear. The chips are designed for a variety of devices including VPN (virtual private network) routers, residential gateways, and wireless access points.

Security functions generally work faster on hardware than when carried out through software on a general-purpose processor.

"Software encryption will eat your lunch," said Geoff Waters, applications engineer for security at Motorola. Real throughput on a 100Mbps connection can fall to about 1Mbps when software-based encryption is turned on, he said.

Motorola already sells coprocessors for security that sit alongside a device's network processor, Waters said. Building these functions into the network processor allows for quicker system design and lower cost, because the vendors don't have to buy another chip and design it into the system, he said.

Motorola plans eventually to build security acceleration into its high-end PowerQUICC III line of network processors, used in larger network infrastructure gear. Equipment for the customer premise is a good place to start with integrated encryption and authentication, because the closer to the edge your traffic is secured, the less vulnerability you have, Waters said.

Motorola built into the new chip lines security engines that are based on the company's S1 family of security coprocessors. They can accelerate user authentication and encryption based on IPSec (Internet Protocol Security), SSL (Secure Sockets Layer) and other protocols. The chips are equipped for multiple modes of communication, including Ethernet, ATM (Asynchronous Transfer Mode) and USB (Universal Serial Bus).

Built-in security hardware can boost performance by cutting out the extra trips that data needs to take if the user is authenticated and the content encrypted on a co-processor, Waters said.

The MPC885 PowerQUICC I processors should range in price from just under $9 to just under $19 depending on processor speed. The MPC8272 PowerQUICC II chip family should range from just under $19 to about $32. They are less expensive than their predecessors, which didn't have the security functions, according to Motorola. By contrast, a separate security co-processor with similar capabilities to those found in the MPC8272 family would cost a system maker approximately $15 on top of the cost of the main chip, Waters said.

With semiconductors making up about 15 percent to 20 percent of the bill of materials on a typical low-end router, cost breaks like that should lead to good price reductions on the end products, said IDC analyst Sean Lavey, in Mountain View, California. With continuing cuts in the cost of VPN gear, use of the technology eventually will move beyond the well-heeled corporate customers that are driving the market now, he added.

Motorola expects initial samples of both families of processors in the fourth quarter, with general sampling in the first quarter of 2004 and volume quantities available in the second quarter of next year.