On April 18th, 2018, the National Institute of Standards and Technology (NIST) began an effort to develop a little-explored cryptographic concept. The concept is called “lightweight cryptography”, and its purpose according to NIST is “to develop cryptographic algorithm standards that can work within the confines of a simple electronic device.” NIST made their announcement in response to the burgeoning development of the Internet of Things (IoT), a network of sensors, monitors, cameras, and devices working together to create smart infrastructure. Several existing, upcoming, and necessary technological advancements including autonomous vehicles, smart energy grids, and more depend on the IoT to communicate between themselves and function properly. Without the IoT, none of these systems could carry out the numerous, simultaneous communications necessary for their existence.
According to NIST, the small and simple nature of the millions of electronic devices making up the IoT makes them unequipped to process current cryptographic algorithms. Lightweight cryptography would demand far fewer resources from the devices and take less time to complete their essential processes. Using costly heavy-weight solutions for every small device in the IoT would also make the cost of devices impractical for the organizations implementing solutions. For these reasons, lightweight cryptography would function better to secure the sensitive data transmissions occurring every second on the IoT.
Because simple-device solutions usually rely on symmetric cryptography, a version of cryptography in which senders and recipients of messages have the same digital key to encrypt and decrypt messages, NIST specifies that their lightweight cryptographic algorithms must use “authenticated encryption with associated data,” or AEAD. AEAD means that the recipient of a message can use authentication to verify the integrity of both the encrypted and unencrypted information within the message. This ensures that messages are coming from who they say they are, and that the content of the message has not been altered in transit.
The 2018 announcement came along with a request for help from the cryptographic community. NIST released a request form called Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process. The purpose of this exercise, a “crypto algorithm bake-off” if you will, is to seek submissions from leading cryptographers and industry experts in order to visualize and plan the implementation of lightweight cryptography within the IoT. According to the NIST website, their goal is to “produce the sort of encryption algorithms that developers agree will help.” The submission period is now closed, and the candidate algorithms are available for review on the NIST website. The chosen top respondents to the draft are currently participating in workshops to further develop their plans for the new algorithms. These talks are scheduled to continue through the end of 2019, at which point more information will be released to the public.
Lightweight cryptography is approaching on the horizon of cryptographic solutions. As the IoT expands and projects such as self-driving vehicles or the smart city develop around it, lightweight cryptography will likely become an integral part of daily urban life. To keep up to date on this important initiative in IoT data security, be sure to check back with Futurex for the latest news and developments.