By 2025, it is predicted that there can be as many as 100 billion connected IoT devices or network of everyday objects as well as sensors that will be infused with intelligence and computing capability. These devices shall comprise of personal devices such as smart watches, digital glasses and fitness monitoring products, food items, home appliances, plant control systems, equipment monitoring and maintenance sensors and industrial robots.
The rapid growth in IOT devices, however will offer new opportunities for hacking, identity theft, disruption, and other malicious activities affecting the people, infrastructures and economy. Some incidents have already happened, an internet-connected fridge was used as a botnet to send spam to tens of thousands of Internet users,. Jeep Cherokee was sensationally remote-controlled by hackers in 2015. FDA issued an alert about a connected hospital medicine pump that could be compromised and have its dosage changed.
Many of these devices are mission critical, such as powering major national infrastructure — the risk and realisation that these devices aren’t secured properly is leading some cyber security experts to predict that there is a large-scale disaster waiting to happen. And the problem is only getting worse. By some estimates, on average there are 127 new devices connected to the internet every second.
The absence of encryption, coupled with an inability to patch vulnerabilities as they occur, is a major shortcoming of many Internet of Things devices available in today’s market, according to Ian Lyte, security consultant at Protection Group International (PGI), who prepared the challenge. “If you have something that can’t be upgraded and a vulnerability is found, if you have an internet-connected device at home or in a car, that can’t be updated, once that vulnerability has been found, there is nothing you can do,” Lyte said.
Dukes said “lightweight” cryptography would be needed to secure smartphones and other devices that don’t have the processing capability of traditional devices. That could entail creating cryptographic tools and protocols that require less energy or less software code to execute.
New IoT chips speed encryption, dramatically reduce power consumption and memory requirements
Researchers at MIT have announced the creation of a new chip designed for IoT devices that is dedicated solely to public key encryption tasks. The new chip shifts computation work away from encryption software, which often has a high power consumption cost. By handling encryption and decryption of public keys via hardware, the chips can execute tasks 500 times faster, all while reducing power consumption by 99.75% and using 1/10th of the memory.
While encryption-specific chips like the one designed by the MIT team are not new, a big part of this one is. Previous chips of this type could only use one type of elliptic curve, thus restricting their usefulness. Unlike those older types, the new chips can use any elliptic curve. ECC’s biggest benefit is that it can offer more security with smaller keys, which means faster data transmission and lower storage requirements. As internet-connected devices proliferate, so do the needs for faster, low-energy encryption, which is exactly where ECC shines.
One of the core components of ECC is modular arithmetic, and specifically modular multiplication (multiplication is the first step in public-key encryption). The MIT chip has a circuit solely dedicated to modular multiplication, and it’s huge: Most modular multipliers can handle 16- or 32-bit values at a maximum, and MIT’s can handle 256. That 256-bit max allows MIT’s chip to handle larger calculations without relying on additional circuits, reducing energy requirements and increasing speed. The new chips are larger than previous versions because they have separated different kinds of mathematical processing onto different circuits, showing that application-specific hardware has vast advantages over software or general-purpose chips for certain applications.
MIT researchers develop lightweight device implementing quantum-resistant encryption scheme
Today’s most promising quantum-resistant encryption scheme is called “lattice-based cryptography,” which hides information in extremely complicated mathematical structures. To date, no known quantum algorithm can break through its defenses. But these schemes are way too computationally intense for IoT devices, which can only spare enough energy for simple data processing.
In a paper presented at the recent International Solid-State Circuits Conference, MIT researchers describe a novel circuit architecture and statistical optimization tricks that can be used to efficiently compute lattice-based cryptography. The 2-millimeter-squared chips the team developed are efficient enough for integration into any current IoT device.
The architecture is customizable to accommodate the multiple lattice-based schemes currently being studied in preparation for the day that quantum computers come online. “That might be a few decades from now, but figuring out if these techniques are really secure takes a long time,” says first author Utsav Banerjee, a graduate student in electrical engineering and computer science. “It may seem early, but earlier is always better.”
Moreover, the researchers say, the circuit is the first of its kind to meet standards for lattice-based cryptography set by the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce that finds and writes regulations for today’s encryption schemes.
Joining Banerjee on the paper are Anantha Chandrakasan, dean of MIT’s School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science, and Abhishek Pathak of the Indian Institute of Technology.
In the mid-1990s, MIT Professor Peter Shor developed a quantum algorithm that can essentially break through all modern cryptography schemes. Since then, NIST has been trying to find the most secure postquantum encryption schemes. This happens in phases; each phase winnows down a list of the most secure and practical schemes. Two weeks ago, the agency entered its second phase for postquantum cryptography, with lattice-based schemes making up half of its list.
In the new study, the researchers first implemented on commercial microprocessors several NIST lattice-based cryptography schemes from the agency’s first phase. This revealed two bottlenecks for efficiency and performance: generating random numbers and data storage.
Generating random numbers is the most important part of all cryptography schemes, because those numbers are used to generate secure encryption keys that can’t be predicted. That’s calculated through a two-part process called “sampling.” Sampling first generates pseudorandom numbers from a known, finite set of values that have an equal probability of being selected.
Then, a “postprocessing” step converts those pseudorandom numbers into a different probability distribution with a specified standard deviation — a limit for how much the values can vary from one another — that randomizes the numbers further. Basically, the random numbers must satisfy carefully chosen statistical parameters. This difficult mathematical problem consumes about 80 percent of all computation energy needed for lattice-based cryptography.
After analyzing all available methods for sampling, the researchers found that one method, called SHA-3, can generate many pseudorandom numbers two or three times more efficiently than all others. They tweaked SHA-3 to handle lattice-based cryptography sampling. On top of this, they applied some mathematical tricks to make pseudorandom sampling, and the postprocessing conversion to new distributions, faster and more efficient.
They run this technique using energy-efficient custom hardware that takes up only 9 percent of the surface area of their chip. In the end, this makes the process of sampling two orders of magnitude more efficient than traditional methods.
Splitting the data
On the hardware side, the researchers made innovations in data flow. Lattice-based cryptography processes data in vectors, which are tables of a few hundred or thousand numbers. Storing and moving those data requires physical memory components that take up around 80 percent of the hardware area of a circuit. Traditionally, the data are stored on a single two-or four-port random access memory (RAM) device. Multiport devices enable the high data throughput required for encryption schemes, but they take up a lot of space.
For their circuit design, the researchers modified a technique called “number theoretic transform” (NTT), which functions similarly to the Fourier transform mathematical technique that decomposes a signal into the multiple frequencies that make it up. The modified NTT splits vector data and allocates portions across four single-port RAM devices. Each vector can still be accessed in its entirety for sampling as if it were stored on a single multiport device. The benefit is the four single-port REM devices occupy about a third less total area than one multiport device.
“We basically modified how the vector is physically mapped in the memory and modified the data flow, so this new mapping can be incorporated into the sampling process. Using these architecture tricks, we reduced the energy consumption and occupied area, while maintaining the desired throughput,” Banerjee says.
The circuit also incorporates a small instruction memory component that can be programmed with custom instructions to handle different sampling techniques — such as specific probability distributions and standard deviations — and different vector sizes and operations. This is especially helpful, as lattice-based cryptography schemes will most likely change slightly in the coming years and decades.
Adjustable parameters can also be used to optimize efficiency and security. The more complex the computation, the lower the efficiency, and vice versa. In their paper, the researchers detail how to navigate these tradeoffs with their adjustable parameters. Next, the researchers plan to tweak the chip to run all the lattice-based cryptography schemes listed in NIST’s second phase.
The work was supported by Texas Instruments and the TSMC University Shuttle Program
World’s most efficient AES crypto processing technology for IoT devices developed
Researchers at Tohoku University and NEC Corporation have discovered a new technique for compressing the computations of encryption and decryption operations known as Galois field arithmetic operations. The group, from the Research Institute of Electrical Communication, has thus succeeded in developing the world’s most efficient Advanced Encryption Standard (AES) cryptographic processing circuit, whose energy consumption is reduced by more than 50 percent of the current level.
With this achievement, it has become possible to include encryption technology in information and communication technology devices with tight energy constraints, greatly enhancing the safety of the next-generation Internet of Things.
This technique see the AES encryption algorithm represented as a calculation based on a special numbering system called a Galois field. The research group has transformed the input numerical representation and is now able to perform multiple computations in one go. Using this method, the number of required circuit elements can be reduced significantly.
National ICT Australia’s Secure microkernel
Professor Gernot Heiser, head of NICTA’s Embedded, Real-Time and Operating Systems (ERTOS) Research Program, and his team have managed to create a microkernel comprising around 10,000 lines of code that has been designed from the ground up for security.
NICTA researchers have focused on three key elements that allow embedded systems to be made more secure and reliable:
- Reducing the amount of operating system code (the kernel) that has unrestricted access to the system’s hardware
- Creating a mathematical model that allows the operating system code to be proven to be reliable; and
- Developing a method of measuring and confirming the time taken for the system to perform its required tasks
It has been mathematically proven to be completely secure, and a recent field demonstration showed why this was important as researchers hacked into and crashed an off-the-shelf Quadcopter drone – but proved unable to compromise a similar device running an eaL4-based controller.
Development work is also being undertaken on a second mathematical model that can calculate and confirm the time taken by embedded systems to perform certain tasks. This becomes critical in realtime systems where an inability to complete a task in a given time could have serious repercussions.
For example, a pacemaker unable to process incoming signals could miss a human heartbeat, or a fly-by wire aircraft system could be unable to react quickly enough to pilot commands. The model calculates the maximum time the system could possibly take to perform a task. Designers and programmers can then ensure that this measure is within operational requirements.
“Software alone isn’t the best option and the only reliable way we have to maintain security is to use hardware security systems,” said Steve Hanna, Senior Principal at Infineon Technologies, and “By hardware, I’m talking about hardware security chips, which are included in your passports, in your credit cards, in your commercial grade PCs, and in other applications as well.”
These chips are designed to resist very determined attackers and they don’t run commercial operating systems. This means you couldn’t take an attack toolkit that was developed for Windows and use that to break in to the security chip. No, it’s a very specialized operating system, a specialized environment, that’s built into that chip, all designed from scratch with security as a top priority.
Computer scientists at the University of California, San Diego, have developed a tool that allows hardware designers and system builders to test security- a first for the field. The tool, based on the team’s research on Gate-level Information Flow Tracking, or GLIFT, tags critical pieces in a hardware’s security system and tracks them. The tool leverages this technology to detect security-specific properties within a hardware system. For example, the tool can make sure that a cryptographic key does not leak outside a chip’s cryptographic core.
There are two main threats in hardware security. The first is confidentiality. In some types of hardware, one can determine a device’s cryptographic key based on the amount of time it takes to encrypt information. The tool can detect these so-called timing channels that can compromise a device’s security. The second threat is integrity, where a critical subsystem within a device can be affected by non-critical ones. For example, a car’s brakes can be affected by its CD player. The tool can detect these integrity violations as well. “The stakes in hardware security are high”, said Ryan Kastner, a professor of computer science at the Jacobs School of Engineering at UC San Diego.
SensorHound to support USAF to monitor sensitive assets
SensorHound has secured a contract from the US Air Force (USAF) to explore technological solutions to monitor and track high-value and sensitive assets. SensorHound offers the Beagle pilot-stage cybersecurity environmental condition monitoring and location-tracking device, which can be deployed to safeguard high-value and sensitive assets.
SensorHound provides lightweight software solutions to detect malicious intrusions and monitor firmware health in Internet of Things (IoT) devices like asset trackers and smart thermostats. The company, headquartered at Purdue Research Foundation’s Purdue Research Park of West Lafayette, also provides products to securely and reliably connect IoT devices to the cloud servers. These solutions help IoT device manufacturers and operators to significantly reduce their time to market and cost of ownership.
SensorHound co-founder and CEO Vinai Sundaram said: “The Beagle solution is purpose-built for high-value assets addressing key requirements of high cybersecurity, long-lasting and remote configurability. “Beagle uses SensorHound’s core solution to monitor device firmware failures and intrusions in the field.”
Headquartered at Purdue Research Foundation’s Purdue Research Park in West Lafayette, Indiana, US, the cybersecurity start-up is a provider of software solutions that are used for the detection of malicious intrusions and monitoring firmware health in internet of things (IoT) devices such as asset trackers and smart thermostats
References and Resources also include: