Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

NIST initiates first call for lightweight cryptography to protect IoT devices

The U.S. Commerce Department’s National Institute of
Standards and Technology (NIST) recently
kicked off an effort to strengthen the cryptographic defense of internet of
things (IoT) networked devices against cyberattacks and protect the data
created by those innumerable devices.

Within IoT networks, sensors, actuators and other
micromachines that function as eyes, ears and hands of the network work on
scant electrical power and use circuitry far more limited than the chips found
in even the simplest cell phone. These small electronics include keyless entry
fobs to cars and the Radio Frequency Identification (RFID) tags used to locate
boxes in vast warehouses.

These gadgets are inexpensive to make and will fit nearly
anywhere, but common encryption methods to secure them may demand more
electronic resources than they possess. As such, NIST is launching an effort to
create security solutions to this constraint.

NIST’s lightweight cryptography initiative aims to develop
cryptographic algorithm standards that can work within the confines of a simple
electronic device. The ultimate goal is to develop lightweight encryption
standards that benefit the entire marketplace.

As an initial step, NIST issued the Draft
Submission Requirements and Evaluation Criteria for the Lightweight Cryptography
Standardization Process
as the first draft of its request to seek assistance
from the software development community in developing requirements and
guidelines for lightweight cryptography solutions.

According to the NIST document, lightweight cryptography is
a subfield of cryptography that aims to provide solutions tailored for
resource-constrained devices. There has been a significant amount of work done
by the academic community related to lightweight cryptography; this includes
efficient implementations of conventional cryptography standards, and the
design and analysis of new lightweight primitives and protocols.

 “The IoT is
exploding, but there are tons of devices that have nothing for security,” said NIST
computer scientist Dr Kerry McKay.

According to Dr McKay, effective standards must bring a
well-defined solution that applies to a wide class of situations—and that made
the wording of the request tricky.

“There’s such a diversity of devices and use cases that it’s
hard to nail them all down. Our thinking had to be broad for that reason.”

To ensure they were getting off to the right start, Dr McKay
and the team members spent four years consulting with industry groups ranging
from smart power grid experts to auto manufacturers.

This has led the team to stipulate that submitted algorithms
must have been published previously and been analysed by a third party. These
solutions typically use symmetric cryptography
in which both the sender and recipient have an advance copy of a digital key
that can encrypt and decrypt messages.

The NIST team specifies that these algorithms should provide
authenticated encryption with
associated data (AEAD) in symmetric crypto applications as it allows a
recipient to check the integrity of both the encrypted and unencrypted
information in a message. It is also stipulated that if a hash function is used to create
a digital fingerprint of the data, the function should share resources with the
AEAD to reduce the cost of implementation.

Dr McKay said that while the AEAD and hash tools should
cover nearly everything that a developer would want to do with symmetric
cryptography, she and the team are looking forward to comments from the public
on whether the draft’s requirements are sufficient.

“We want the entire lightweight crypto standards development
process to be open and transparent, with the public involved at every step, she
said.

A Federal Register Notice will soon announce a public
comment period so that the community can weigh in on the draft submission
guidelines. After the issue of the Federal Register notice, NIST will be
accepting comments on the draft for 45 days, and will consider these
comments before releasing the formal submissions guideline document. Following
its release, NIST anticipates a 6-month submission window for lightweight
cryptographic algorithms.

NIST will then form an internal selection panel composed of
NIST researchers to analyse the submissions and all of its analysis results
will be made publicly available. The initial phase of evaluation will consist
of approximately 12 months of public review of the submitted algorithms.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit www.ibm.com