Lightweight Cryptography for Embedded Systems in the IoT

Until a few years ago, the security of embedded systems was seldom a priority for vendors or consumers. Embedded systems were typically not attached to public networks, and tampering with them was arduous and required specialized software skills. The threat level against them was low to non-existent.

But now that embedded systems and processors are key components in the Internet of Things, the threat level has risen sharply. Design engineers and security professionals are paying closer attention to the issue of security and cryptography for embedded systems.

Vulnerabilities of Embedded Systems
Embedded systems are vulnerable to assault for a number of reasons, the chief ones being their connectivity, accessibility and low availability of resources to support security and authentication.

It is estimated that by 2020, there will be 28 billion embedded systems connected to the internet. With greater connectivity comes an increased risk of being attacked. Every communication node becomes a potential weakness. Failure of any one embedded system can create cascading events that, in extreme cases, can bring down entire networks – say, a bank’s ATM machines or a power grid.

Further, devices with embedded systems are often physically easy to access. Products like laser printers, refrigerators, gas and electric meters, insulin pumps, surveillance cameras and door locks are almost never located behind gates or barriers. This makes it convenient for a hacker to see the results of their actions unfold in real time and adjust their attack in the field.

Although embedded systems are easy targets of attack, their security lags far behind that of, say, PCs and servers. Embedded system security is at about the same stage that PC security was in the 1990s, when the Internet was starting to become commercialized. That said, as embedded systems have grown more complex and integral to the IoT, vendors are now scrambling to strengthen security.

Cryptography Suited to Low-Resource Embedded Systems
One of the hurdles to effective encryption is the limited resources available in embedded systems. While devices with adequate power supplies and computing resources, like PCs, can run security protocols rapidly, embedded processors, which have far less power and processing capacity, take longer. Because of the systems’ small processing capabilities, some cryptography researchers have proposed hardening them with ECC protocols.

Our benchmarking and recent publications show that ECC has several drawbacks in securing low-resource devices like embedded systems. For example, the 8- or 16-bit processors typically used in embedded systems do not have the resources to run ECC for authentication, identification and data protection in short timeframes.

SecureRF’s cryptographic solutions for embedded systems are based on Group Theoretic Cryptography. They run up to 63 times faster than ECC while using less than 1% of the power ECC requires, and are quantum-resistant. Our WalnutDSA algorithm, a lightweight digital signature signature authentication scheme, is among those that have been presented at NIST workshops as it develops cryptographic standards for constrained devices.

To request our IoT Security Workbench, please click the button below.