Uncle Sam wants to strip the IoS out of IoT with light crypto
NIST weighs up algorithms for small devices – and an architecture for massive systems
The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms suitable for systems at both ends of that spectrum – the very great and the very small.
At the tiny end, Internet of Things (IoT) gadgets include everything from implanted medical devices and keyless car fobs to wearable devices and smart cities systems. The number of IoT devices in use is enormous and growing rapidly. They often collect and store sensitive information, but are security-challenged by their limited size and low-power processors.
The lightweight cryptography algorithms for IoT need to be powerful enough to offer high security and efficient enough to do so with limited electronic resources. They have been examined by experts for years to check for flaws.
After years of testing and winnowing down dozens of contenders, NIST announced on Tuesday it has tapped Ascon – a package of seven algorithms for authenticated encryption and related operations – as the choice to safeguard data collected by IoT devices.
That might help take the Internet-of-S#!t out of IoT: better data security and authentication is always welcome.
- NIST dreams of cellular networks free from 5G vendor lock in, supply chain pain
- NIST says you better dump weak SHA-1 ... by 2030
- US military goes zero-trust on software and government gets busy
- NIST thinks US public should weigh in on CHIPS Act programs
"The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation," NIST computer scientist Kerry McKay said in a statement.
"These algorithms should cover most devices that have these sorts of resource constraints."
It took NIST a while to get here. Following a years-long development program, it asked for cryptography solutions in 2018, receiving 57 submissions. Cryptographers pulled apart and searched for weaknesses in the algorithms before choosing ten finalists and then getting down to one to rule them all.
Criteria ranged from providing security to the algorithm's performance to speed, size, and power consumption.
Ascon was developed in 2014 by cryptographers from Graz University of Technology in Austria, Infineon Technologies, Lamarr Security Research, and Radboud University in the Netherlands.
Some or all seven of the components of the Ascon family will become NIST's published lightweight cryptography standard later this year, with each variant offering device designers options for different tasks.
AEAD and hashing
McKay said two algorithms – authenticated encryption with associated data (AEAD) and hashing – are among the most important for lightweight cryptography.
AEAD ensures a message remains confidential but allows other information like message headers or a device's IP address to be included but not encrypted. It also ensures the protected data is authentic and wasn't changed in transit.
With hashing, a short digital fingerprint of a message is created, letting the recipient determine if the message was changed. They also can see whether a software update is appropriate, or if it has been downloaded and installed correctly.
The big end of computing: HPC
The announcement came a day after NIST started taking public comment on a draft publication outlining the architecture and security needs for zone-based high-performance computing (HPC) systems.
NIST has been putting a focus on cyber security for HPC systems for at least a year. With zone-based HPC, systems are divvied up into four zones – with such functions as data storage and access.
As with IoT devices but at the opposite end of the scale, the size of HPC systems makes them challenging to secure, according to NIST. Among the obstacles faced it cited "their size; performance requirements; diverse and complex hardware, software, and applications; varying security requirements; the nature of shared resources; and the continuing evolution of HPC systems."
The draft Special Publication (SP) 800-223 outlines a zone-based reference architecture and security posture for zone-based HPC systems. NIST is taking comments on SP 800-223 until April 7. ®