First Look: Via’s C5J X86 Esther core takes on home network security

By Bernard Cole
iApplianceWeb
(05/20/04, 06:46:52 AM PT)

San Jose, Ca. – At the Embedded Processor Forum here VIA Technologies, Inc., took the wraps off its’ C5J “Esther” X86 core which takes on-chip hardware security and e-commerce transaction protection about as far as it can go.

It is targeted at small, mobile consumer electronics devices and notebook PCs that will populate the new wirelessly and Internet-connected "digital home," a concept that has become the mantra of many in the PC and CE markets, including Intel, Motorola, ARM, Sony, Toshiba and others.  

Fabricated with IBM’s advanced 90nm SOI process, engineers at Via's Centaur subsidiary have taken advantage of the additional logic density to build a secure processor that targets smart digital devices. It takes the company a giant step forward in its effort to extend the  reach of x86 architecture further into the consumer electronics, embedded and mobile fields than current processor performance and thermal limitations allow.  

"It's great to see a CPU vendor provide hardware support for the most important needs of crypto," said Phil Zimmermann, creator of PGP 1.0. "It's always been hard to find a good entropy source for random number generation on an unmanned server, a fast AES implementation for on-the-fly disk encryption, and hardware support for fast public key operations for a server to handle a high traffic workload from remote users. I wish all CPU vendors would do this." 

A fanless, secure X86 CPU core

According to Glenn Henry, president of Via’s Centaur Technology subsidiary, the new core provides a significant boost in processor speed within the same thermal bracket as current VIA processors, and reducing maximum power consumption to a mere 3.5W at 1GHz. He presented details on the new core at the EPF here. 

Designed to be coupled with a range of feature rich chipsets from VIA, he said the C5J Esther core will be pivotal in moving its X86-derived cores into the heart of many small footprint consumer and wireless device applications that require high compression video streaming and data encryption/decryption, from miniature, fanless devices.  

Other than competitors such as Transmeta Corp., most players in these new connected computing segments in consumer electronics and mobile iA applications – including Intel Corp. – have abandoned the original x86 architecture and opted for alternatives such as ARM and MIPS to go after many of these new connected computing applications.  

"Our approach to processor design was to allow small, fanless devices to carry out the most demanding security operations while simultaneously processing today's increasingly sophisticated digital entertainment applications," said Henry." The new architecture of the C5J Esther core will allow us to ramp up processor speeds to 2GHz and above within the same thermal design points as previous cores, opening up new markets for our processors and extending the reach of the x86 architecture into new device categories." 

Because the importance of security and content protection is taking on greater importance in many consumer entertainment and mobile appliance device markets as technologies such as WiFi and WLAN take hold, the company has focused a substantial amount of silicon area to implementing as much hardware protection as is possible.  

Henry said the C5J Esther core extends the VIA PadLock Hardware Security Suite to include execution (NX) protection, Montgomery Multiplier support for RSA encryption and secure Hash (SHA-1 and SHA-256) algorithms in addition to the VIA PadLock RNG and VIA PadLock ACE that are featured in the current VIA C5P Nehemiah processor core. These hardware-based building blocks, he said, carry out operations within security programs and help to improve overall system performance.

Execution Protection and RSA Crypto 

One of the things company engineers focused attention on was Execution (NX) protection, because it prevents malicious code associated with worms or viruses from executing and propagating from memory. Execution (NX) protection is an important new hardware-based feature that will be supported in the Microsoft Windows XP Service Pack 2. 

“The VIA C5J Esther core's NX feature marks memory with an attribute that indicates that code should not be executed from that memory,” said Henry, ”helping to prevent damage or propagation of malicious code within x86 devices.”  

Because it is one of the most widely used public key cryptography systems around, he said company engineers also focused on efficient ways to either implement the RSA algorithm in hardware, or enhancing its performance when done in software.  

“The major challenge facing public-key cryptography is that it requires large amounts of processing power,” said Henry,” posing a critical problem for low power consumer electronics and embedded devices that cannot afford to halt in the middle of a video stream or transaction while it does the heavy lifting required by security programs.” 

To deal with such issues, he said, in the C5J Esther core, company engineers included a dedicated x86 instruction that performs Montgomery Multiplication, an operation used to speed-up RSA cryptography, reducing the workload on the processor and helping to improve overall system performance during e-commerce transactions. 

Secure Hash Algorithms play a big role in cryptography to provide digital signatures that enable the recipient to verify the authenticity of the origin of the message. So, the C5P core developers, he said, incorporated two Secure Hash functions (SHA-1 and SHA-256) that assist in the creation and verification of digital signatures through algorithms that are embedded in the processor die. 

According to Peter Gutmann of the University of Aukland, and author of 'CryptoLib,' the inclusion of hardware acceleration for SHA-1 hashing and large-integer operations for public-key cryptography is an effective way to implement security protocols such as IPsec, SSL/TLS, and SSH, since they eliminate the often heavy CPU overhead normally imposed by the crypto portions of these protocols. 

"This removes the need to use the expensive external crypto-processors that are often required to achieve acceptable performance under load," he said.

Henry said IBM’s 90 nm process was chosen to implement the new design because it includes such advanced features such as copper interconnects, silicon-on-insulator (SOI) and and low-k dielectric insulation. Via/Centaur felt these features were key to reducing power consumption to within the same thermal envelope as their current CPUs, but at the same time allow processor speeds of 2GHz and beyond.  

“IBM's 90nm manufacturing process provides greater scope for power saving and performance enhancements by decreasing the internal distances traveled by electronic signals within the processor,” said Henry. The low-k dielectric technique, introduced by IBM, delivers boosts in computing speed and performance of up to a 30 percent. Added to this, he said, was IBM's SOI CMOS process which limits transistor leakage, further increasing performance by an estimated 20-35% while reducing power consumption. 

For more information on the new core go to www.via.com.tw.