NIST Looks to Secure the IoT
Among the most vulnerable points in networks ranging from home offices to the proposed Internet of Everything are radio frequency, or RF, links that will be used to tie together potentially billions of devices.
RF links on drones are particularly vulnerable to hacking, and as more devices are connected to form an Internet of Things/Sensors, much attention is being focused on how to secure the vulnerable points in a growing network of networks.
Coming up with new ways to secure the IoT is among the topics at an upcoming workshop being sponsored by the National Institutes of Standards and Technology. NIST's Lightweight Cryptography Workshop scheduled for July 20-21 at the Commerce Department agency's headquarters in Gaithersburg, Md., recognizes that most cryptographic algorithms were designed for server environments. Hence, the agency notes, "many of these algorithms cannot be implemented in the devices used by these applications."
Moreover, trying to modify existing crypto algorithms for sensors, devices and other components of a future networks or the IoT won't work. "When current algorithms can be engineered to fit into the limited resources of constrained environments, their performance is typically not acceptable," workshop organizers note.
Hence, the NIST workshop will seek to establish security and resource requirements—power, processing and bandwidth—for a future network of connected sensors as well as terrestrial and airborne devices. The other goal is to come up with a list of basic crypto specs that could serve as industry standards in applications ranging from sensor networks and distributed control systems to the smart power grid and the IoT.
Such standardization efforts are also an indication that much of the marketing hype surrounding the IoT may be giving way to the hard work of establishing security and other frameworks upon which to build platforms. (It should also be noted that constructs like IoT and the Internet of Everything have also attracted billions of dollars of corporate investment from networking companies looking to sell more switches and semiconductor makers searching for ways to sell more chips.)
New ways of securing the IoT are the specific focus of a handful of papers to be presented at the NIST workshop. Among them are several proposals for integrating block ciphers into IoT security. A block cipher is a method of encrypting text in which a cryptographic key and algorithm are applied to a block of data.
All proposals are designed to be "lightweight" so they can be implemented on wireless networks relying on RF links, including RFID links that are expected to play a key role in tying together sensors, devices and the data they generate.
Another approach to be presented at the workshop called an "algebraic erasure" is described by its developer, SecureRF (Shelton, Conn.) as a low-power, public-key crypto method that targets IoT applications.
SecureRF touts its approach as outperforming existing commercial security approaches as a way to "provide identification, authentication and encryption security for low power devices found on the Internet of Things." It also will report that algebraic erasure outperformed a current method called Elliptic Curve Cryptography in terms of speed and power consumption.
Interestingly, one paper to be presented at the NIST workshop will argue that, despite the constant cat-and-mouse game between IT security departments and hackers, current cryptographic standards are "sufficient" for networking software.