NIST Issues First Call for ‘Lightweight Cryptography’ to Protect Small Electronics

Cryptography experts at the National Institute of Standards and Technology (NIST) are kicking off an effort to protect the data created by innumerable tiny networked devices such as those in the “internet of things” (IoT), which will need a new class of cryptographic defenses against cyberattacks.

Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone. Similar small electronics exist in the keyless entry fobs to newer-model cars and the Radio Frequency Identification (RFID) tags used to locate boxes in vast warehouses.

All of these gadgets are inexpensive to make and will fit nearly anywhere, but common encryption methods may demand more electronic resources than they possess.

Today, NIST is launching an effort to create worthy solutions to the problem of securing data in this sort of constrained environment. As an initial step, it seeks assistance in developing requirements and guidelines for these solutions. The Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process is the first draft of this request, written with the software development community in mind and aimed at ensuring that the formal request—slated for release later this spring—will produce the sort of encryption algorithms that developers agree will help.

The draft document is available now on the NIST website. A Federal Register Notice will soon announce a public comment period so that the community can weigh in on the draft submission guidelines.

The ultimate goal is to develop lightweight encryption standards that benefit the entire marketplace. According to NIST computer scientist Kerry McKay, effective standards must bring a well-defined solution that applies to a wide class of situations—and that made the wording of the request tricky.

“The IoT is exploding, but there are tons of devices that have nothing for security,” McKay said. “There’s such a diversity of devices and use cases that it’s hard to nail them all down. There are certain classes of attacks to consider, lots of variations. Our thinking had to be broad for that reason.”

Many of the manufacturers who create these small devices say that the time is right for establishing effective standards.

“As industries adopt authentication apps for things like flu-shot syringes and baby formula, it’s important that there is agreement on security practices,” said Matt Robshaw, a technical fellow at Impinj, a company that develops RAIN RFID technology used to keep track of these kinds of objects. “It’s a good time to begin to establish guidance about which of these techniques will be most appropriate.”

To ensure they were getting off to the right start, McKay and the team members spent four years consulting with industry groups ranging from smart power grid experts to auto manufacturers. Their advice led the team to stipulate that submitted algorithms must have been published previously and been analyzed (though not necessarily adopted) by a third party.

“We feel it’s a fair request because people have been working on crypto for constrained environments for several years now,” McKay said. “We want to see things that the world has looked at already.”

These solutions typically use symmetric cryptography—the less resource-intensive form, in which both the sender and recipient have an advance copy of a digital key that can encrypt and decrypt messages. The NIST team specifies that these algorithms should provide one useful tool in symmetric crypto applications: authenticated encryption with associated data, or AEAD, which allows a recipient to check the integrity of both the encrypted and unencrypted information in a message. They also stipulate that if a hash function is used to create a digital fingerprint of the data, the function should share resources with the AEAD to reduce the cost of implementation.

McKay said that while the AEAD and hash tools should cover nearly everything that a developer would want to do with symmetric cryptography, she and the team are looking forward to comments from the public on whether the draft’s requirements are sufficient.

“We will be relying on community feedback to determine what other use cases we should include in subsequent editions of the pub,” she said. “We want the entire lightweight crypto standards development process to be open and transparent, with the public involved at every step.”

After the Federal Register notice appears, NIST will be accepting comments on the draft for 45 days, and will consider these comments before releasing the formal submissions guideline document. Following its release, NIST anticipates a 6-month submission window for lightweight cryptographic algorithms.