SoylentNews is people
SoylentNews
Submission Preview
Merge: janrinok (02/09 18:42 GMT)
Tiny IoT Devices are Getting Their Own Special Encryption Algorithms
████ # This file was generated bot-o-matically! Edit at your own risk. ████
Tiny IoT devices are getting their own special encryption algorithms [zdnet.com]:
The US Department of Commerce's technical standards organization NIST has nominated the Ascon group of cryptographic algorithms for protecting small devices and information transmitted to and from IoT devices.
NIST will later this year publish the "lightweight cryptography" standard after picking the Ascon family for the task.
Also: What is the IoT? Everything you need to know about the Internet of Things right now [zdnet.com]
It selected the algorithms to protect a vast array of devices, sensors, and actuators. The algorithms are also designed for implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.
Security
- Flipper Zero: Geeky toy or serious security tool? [zdnet.com]
- How to find and remove spyware from your phone [zdnet.com]
- The best VPN services: How do the top 5 compare? [zdnet.com]
- How to find out if you are involved in a data breach -- and what to do next [zdnet.com]
- The 5 best browsers for privacy: Secure web browsing [zdnet.com]
Many of these devices operate with low power that the "lightweight cryptography" needs to account for when protecting information on and transmitting from them.
"The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation," said NIST computer scientist Kerry McKay in an announcement [nist.gov].
"These algorithms should cover most devices that have these sorts of resource constraints."
NIST selected Ascon in 2019 as the primary candidate for lightweight authenticated encryption, so it's had lots of time to put it through tests. Ascon was developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamar Security Research, and Radbound University.
McKay noted there are seven variants in the Ascon family. Two very important ones are authenticated encryption with associated data (AEAD) and hashing.
AEAD allows a message to be encrypted while leaving the header of a message and a device's IP address in plaintext. NIST points out that AEAD can be used in vehicle-to-vehicle communications. It can also prevent spoofing messages exchanged with radio frequency identification (RFID) tags. Meanwhile, hashing could be used to check if a software update is valid and has been downloaded correctly.
NIST last July announced four candidates [zdnet.com] for post-quantum resistant encryption algorithms. However, within a month, one of the algorithms was undermined by researchers who were awarded $50,000 via Microsoft's bug bounty [microsoft.com]. The algorithms are meant to protect data encrypted today that in future could be cracked by a powerful enough quantum computer.
Also: What is quantum computing? Everything you need to know about the strange world of quantum computers [zdnet.com]
McKay notes that post-quantum encryption is most important for "long-term secrets that need to be protected for years" whereas lightweight cryptography is more important for "ephemeral secrets".
Innovation The drone wranglers: How the most authentic Old West town in the US is delivering the future of flight [zdnet.com] This 3D printing system converts waste sawdust into stunning wooden lamps and guitars [zdnet.com] Flying cars are here and available to preorder [zdnet.com] The best affordable EVs and how the federal tax credit can save you $7,500 [zdnet.com]
- The drone wranglers: How the most authentic Old West town in the US is delivering the future of flight [zdnet.com]
- This 3D printing system converts waste sawdust into stunning wooden lamps and guitars [zdnet.com]
- Flying cars are here and available to preorder [zdnet.com]
- The best affordable EVs and how the federal tax credit can save you $7,500 [zdnet.com]
US NIST Unveils Winning Encryption Algorithm for IoT Data Protection
The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources [bleepingcomputer.com]:
Small IoT devices are becoming increasingly popular and omnipresent, used in wearable tech, "smart home" applications, etc. However, they are still used to store and handle sensitive personal information, such as health data, financial details, and more.
That said, implementing a standard for encrypting data is crucial in securing people's data. However, the weak chips inside these devices call for an algorithm that can deliver robust encryption at very little computational power.
"The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation," stated Kerry McKay [nist.gov], a computer scientist at NIST.
[...] ASCON was eventually picked as the winner for being flexible, encompassing seven families, energy efficient, speedy on weak hardware, and having low overhead for short messages.
NIST also considered that the algorithm had withstood the test of time, having been developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University, and winning the CAESAR cryptographic competition's "lightweight encryption" category in 2019.
More info at the algorithm's Website [tugraz.at] and the technical paper [nist.gov] submitted to NIST in May 2021.
Related:
- NIST Drafts Revised Guidelines for Digital Identification in Federal Systems [soylentnews.org]
- NIST Calls Time on SHA-1, Sets 2030 Deadline [soylentnews.org]
