Monday, July 10, 2017

Post quantum security becomes an issue for IoT

By Nick Flaherty

It is ironic that just as the world of the Internet of Things (IoT) is adding encryption security to devices that the technology is changing.

While engines for 256bit long AES encryption is now being added to controllers, the development of quantum computers is raising fears that this encryption technology could be more easily broken.

So now the industry is looking at ‘post-quantum’ or ‘quantum resistant’ security techniques. These are new types of encryption that use signatures rather than random numbers and 256bit primes numbers. Many of these new techniques are power hungry so we are back to the same challenges for IoT designs with developers looking at different ways to secure the system.

For example, SecureRF’s Group Theoretic Cryptography methods are the world’s first linear-in-time algorithm for low-power, and no-power devices. The quantum-resistant, one-way functions are based on a Group Theoretic Cryptography technique called E-Multiplication. It is the foundation for several cryptographic constructions including a Public Key Agreement (asymmetric) and Secret Key (symmetric) methods, a Digital Signature method, a cryptographic Hash method, a pseudo-random number generator, and even a block cipher.

It is suited for securing wireless sensors, NFC and RFID tags, mobile payment devices, micro-controllers, and machine to machine (M2M) applications found in the Smart Grid and building automation markets. It supports a wide range of cryptographic functions including identification, authentication, and data protection.

The authentication enables validation between devices to confirm identity. Message authentication codes and digital signatures can be used to ensure data integrity against modification or forging. This cryptographic function is used in anti-counterfeiting applications.

The data protection element secures the entire data stream that is being carried, including the commands and information.

· It also supports data protection that employs the process of obscuring information to make it unreadable without special knowledge. Encrypting the data, with a key management protocol, allows trusted users to read the data.

Unlike classic cryptographic protocols such as RSA and ECC, the security of these Group Theoretic protocols is not based on any problem known to be susceptible to a quantum computing attack, which makes them viable candidates for post-quantum asymmetric cryptography.

Group Theoretic Cryptography is used in products and solutions developed by SecureRF, is available as a Security Tool Kit in several programming languages, as a core for FPGAs and ASICs, and in Verilog or VHDL for direct integration to an existing device.

There’s a lot more detail in the white papers, technical presentations and patents.

Related stories:

No comments:


South West Innovation News - news from across the region for oneof the world's hottest tech clusters