US NIST releases the best encryption method for protecting IoT data
Small Internet of Things (IoT) devices are becoming increasingly popular and been used in wearable technology, smart home applications. However, they are still used to store and process sensitive personal data such as health data, financial data and more.
The world is moving toward using small devices for many tasks, from detection to recognition to machine control and because these small devices have limited resources, they need security in a compact implementation.
The National Institute of Standards and Technology (NIST) announced that ASCON won a bid for a lightweight cryptography program seeking the best algorithm to secure small Internet of Things (IoT) devices with limited hardware resources.
However, implementing a data encryption standard is critical to protecting people's data. However, the weak chips in these devices require an algorithm that can provide strong encryption with very little computing power. These algorithms should cover most resource-constrained devices.
ASCON was selected as the best among 57 proposals submitted to NIST, security analysis rounds of leading cryptographers, implementation and benchmarking results and feedback from workshops. The entire program lasted four years and began in 2019.
According to NIST, all ten finalists demonstrated exceptional performance that exceeded set standards without safety issues, making the final selection very difficult.
ASCON was finally chosen as the winner because it is flexible, energy efficient, fast, low hardware and has low short circuit cost. NIST found that the algorithm has stood the test of time because it was developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research and Radboud University and won the CAESAR cryptographic competition for lightweight encryption for the class of 2019.
ASCON Encryption and Decryption Modes (NIST) has two main features.
1. ASCON highlighted the features are AEAD (Authenticated Encryption with Associated Data) and hashing.
2. Authenticated Encryption with Associated Data (AEAD) is a hash mode that ensures the confidentiality and authenticity of transmitted or stored data by combining symmetric encryption and message authentication code (NAC) to prevent unauthorised access or tampering.
Hashing is a data integrity mechanism that creates a chain of unique inputs (hash) which allow two data exchange points to confirm that no encrypted message has been compromised
NIST still recommends AES for AEAD for compression, but these are not suitable for smaller and weaker devices. Despite the lightweight nature of the ASCON, NIST says the system is powerful enough to offer some resistance to attacks by powerful quantum computers at its constant 128-bit speed.
NIST is tackling post-quantum cryptography as a separate challenge with a separate program to develop quantum-proof standards, and the effort has already produced preliminary results.
However, this is not the intent or purpose of this standard. Lightweight cryptographic algorithms should only be used to protect short-term secrets.