Cryptography experts at the National Institute of Standards and Technology (NIST) are launching an effort to protect the data created by the inestimable number of tiny networked-devices, such as those in the internet of things (IoT), which will need a new class of cryptographic defenses against cyberattacks.
Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device, according to a release. Many of the sensors, actuators and other micro-machines that will function as “eyes, ears and hands” in IoT networks will work on little electrical power and use circuitry far more limited than the chips found in even the simplest cell phone. Similar small electronics exist in the keyless entry fobs to newer-model cars and the radio frequency identification (RFID) tags used to locate boxes in vast warehouses — as well as deliver them.
These gadgets are inexpensive to make and their compact size allows them to fit nearly anywhere, but common encryption methods demand more electronic resources than they contain, NIST said.
To overcome this challenge, NIST is looking for workable solutions to the problem of securing data in this constrained environment. As a first step, NIST is soliciting assistance in developing requirements and guidelines for these solutions. The Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process is the first draft of this request, written with the software development community in mind and aimed at ensuring that the formal request — to be released later this spring — will yield the sort of encryption algorithms that seasoned developers agree will support improved security.
The draft document is available on the NIST website. A Federal Register Notice will soon announce a public comment period so that the community can weigh in on the draft submission guidelines.
The ultimate goal is to develop lightweight encryption standards that benefit the entire marketplace. According to NIST computer scientist Kerry McKay, effective standards must bring a well-defined solution that applies to a wide class of situations — and that made the wording of the request tricky.
“The IoT is exploding, but there are tons of devices that have nothing for security,” McKay said. “There’s such a diversity of devices and use cases that it’s hard to nail them all down. There are certain classes of attacks to consider, lots of variations. Our thinking had to be broad for that reason.”
Many of the manufacturers who create these small devices agree that the time is right for establishing effective standards, NIST said.
“As industries adopt authentication apps for things like flu-shot syringes and baby formula, it’s important that there is agreement on security practices,” said Matt Robshaw, a technical fellow at Impinj, a company that develops RAIN RFID technology used to keep track of these kinds of objects. “It’s a good time to begin to establish guidance about which of these techniques will be most appropriate.”
To ensure they were headed in the right direction, McKay and the team members spent four years consulting with industry groups ranging from smart power grid experts to auto manufacturers. Their advice led the team to stipulate that submitted algorithms must have been published previously and been analyzed (though not necessarily adopted) by a third party.
“We feel it’s a fair request because people have been working on crypto for constrained environments for several years now,” McKay said. “We want to see things that the world has looked at already.”
These solutions typically use symmetric cryptography — the less resource-intensive form, in which both the sender and recipient have an advance copy of a digital key that can encrypt and decrypt messages. The NIST team specifies that these algorithms should provide one useful tool in symmetric crypto applications: authenticated encryption with associated data, or AEAD, which allows a recipient to check the integrity of both the encrypted and unencrypted information in a message. They also require that if a hash function is used to create a digital fingerprint of the data, the function should share resources with the AEAD to reduce the cost of implementation.
McKay said that while the AEAD and hash tools should cover nearly everything that a developer would want to do with symmetric cryptography, she and the team are eager to hear public comments on whether the draft’s requirements are sufficient.
“We will be relying on community feedback to determine what other use cases we should include in subsequent editions of the pub,” she said. “We want the entire lightweight crypto standards development process to be open and transparent, with the public involved at every step.”
NIST said after the Federal Register notice appears, it will be accepting comments on the draft for 45 days, and will consider these comments before releasing the formal submissions guideline document. Following its release, NIST anticipates a six-month submission window for lightweight cryptographic algorithms.