NIST starts down road toward IoT encryption

The National Institute of Standards and Technology wants comments on the best way to design criteria to evaluate new encryption standards for small computing devices.

MORE INFO

NIST lays groundwork for encrypting IoT devices

The National Institute of Standards and Technology wants feedback on draft requirements for standardizing lightweight cryptography for internet-of-things devices. Read more.

NIST  will eventually ask researchers and cryptographers for algorithms that could be used to encrypt data on small, "constrained devices," such as sensors, RFID tags, industrial controllers and smart cards that are being incorporated into automobiles, internet-of-things devices, the smart grid and distributed control systems.

But first the agency needs to establish the requirements and evaluation criteria that will guide the review of the algorithms.

In a May 14 Federal Register notice, NIST says its current encryption standards were designed for "general purpose computing platforms" like personal computers and tablets and have not been optimized for smaller devices that have access to less power.

"The shift from desktop computers to small devices brings a wide range of new security and privacy concerns," the notice reads. "It is challenging to apply conventional cryptographic standards to small devices, because the tradeoff between security, performance and resource requirements was optimized for desktop and server environments, and this makes the standards difficult or impossible to implement in resource-constrained devices."

Comments will be accepted for 45 days. Once the evaluation criteria are established, NIST will put out a call for public submissions of encryption algorithms from security experts, cryptographers, academia and government. The algorithms will be subject to a year of public review and an additional 10 to 11 months of analysis by NIST officials before being considered for standardization.

This article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


inside gcn

  • high performance computing (Gorodenkoff/Shutterstock.com)

    Does AI require high-end infrastructure?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group