Can IoT transmissions be securely encrypted?
- By Patrick Marshall
- Mar 14, 2018
While the internet of things has been booming -- with internet-connected sensors being built into refrigerators and bridges, surveillance cameras and smart TVs -- some researchers have issued dire warnings about the vulnerabilities of IoT-enabled devices. One of the most critical concerns is the inability of such tiny devices that are short on computing resources to effectively encrypt data.
In November 2015, in fact, a team of mathematicians announced that it took them only 8 hours to crack the widely used IoT encryption solution offered by the Algebraic Eraser. More robust public-key encryption would provide the security IoT needs, but IoT devices don’t have the computing power required to run software-driven public-key encryption protocols.
MIT researchers may have just solved the problem. A team led by graduate student Utsav Banerjee announced that it has created a tiny chip suitable for inclusion in IoT devices that is purpose-built to perform public-key encryption. According to the researchers, their chip uses only 1/400 as much power as software execution of the protocols would require. It also does the job 500 times faster than software execution.
The same team had earlier created chips that could handle the elliptic-curve type of encryption used in most public-key encryption systems. The problem with those first efforts was that the chips could only work with a single family of elliptic curves. The new chip announced last month can handle any elliptic curve.
"Cryptographers are coming up with curves with different properties, and they use different primes," Banerjee said in a statement. "There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well."
The researchers also hard-wired the datagram transport layer security protocol, which is used to format and transmit the encrypted data. Executing the protocol via hard-wiring dramatically cuts the amount of memory required for execution.
At least as important, the new chip can be powered down when not in use, a critical capability in IoT devices that run on batteries.
Patrick Marshall is a freelance technology writer for GCN.