The National Institute of Standards and Technology is soliciting nominations for lightweight cryptographic algorithms that could become standards for securing the Internet of Things.
Because of the proliferation of networked and Internet-addressable devices there is a growing demand for encryption tailored for constrained environments in which current cryptographic standards do not perform well or are impractical. These include small devices such as RFID tags, industrial controllers, medical devices, sensor nodes, and smart cards, as well as systems such as the energy grid and industrial control networks. In short, the entire IoT. As these devices become more integrated into our daily lives they present serious security and privacy challenges that have not been systematically addressed.
NIST defines lightweight cryptography as a subfield of cryptography designed for use in resource-constrained devices. Current cryptographic standards approved by NIST, and which are used widely across government and industry, are optimized for desktop computers and servers. In smaller devices in which memory, computing power and bandwidth are minimized, resources often are inadequate to provide security with current standards without overtaxing capacity. There has been substantial academic work done in this area, but the results have not been standardized for wide adoption.
“NIST has decided to create a portfolio of lightweight cryptographic algorithms, designed for limited use in applications and environments where cryptographic operations are performed by constrained devices that are unable to use existing NIST standards,” the agency announced.
No points for originality
NIST established its Lightweight Cryptographic Project in 2013 and held workshops in 2015 and 2016. Public comments were solicited on criteria for new standards earlier this year. The request for nominations was published Aug. 27.
The goal is not to develop new schemes or algorithms, but to leverage existing work and encourage its adoption by creating recognized standards. The submission of algorithms that are not already well understood is discouraged. Submissions are expected to include third-party analysis of their design or to leverage existing standards and well-analyzed components in their design. What the standardization process is intended to add is an industry and government-recognized imprimatur as a technology that can be implemented across systems with confidence.
All submissions will be published for public review and any selected as standards will be in the public domain to encourage their adoption by royalty-free use.
Basic requirements for the proposed standards were created with public input. Evaluation criteria include:
• Side channel and fault attack resistance
• Cost metrics (e.g., area, memory, energy consumption)
• Performance
• Analysis by third parties or use of components in existing standards
• Suitability for hardware and software implementation
Complete requirements for submission and evaluation criteria are available online.
Open process
The NIST cryptographic standards-making process is open evaluation. Candidates are made available for the scientific, academic and lay communities to study, probe and break, so that only the strong will survive.
“Although NIST will be performing its own analyses of the submitted algorithms, NIST strongly encourages public evaluation and publication of the results,” the agency says.
It will probably be at least two years before any standards candidates are selected. The deadline for submitting nominations is Feb. 25 and there will be up to 12 months of public review in the first round of candidate selection. There will be a second 9-to-twelve month round of evaluations to select the finalists.
NIST is a non-regulatory agency and designation of a standard will not mandate the use of any lightweight cryptography algorithms. But standardization is expected to encourage the adoption of secure, practical and vetted crypto throughout industrial control systems, critical infrastructure and the Internet of Things.
Algorithms and most accompanying documentation can be submitted by mail or email, but because of legal requirements, intellectual property statements must be submitted by U.S. Mail. The email address for submissions and for questions is lightweight-crypto@nist.gov. The mailing address is Dr. Kerry McKay, Information Technology Laboratory, Attention: Lightweight Cryptographic Algorithm Submissions, 100 Bureau Drive—Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.