The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms suitable for those systems.

NIST, after years of testing and winnowing down dozens of contenders, said on Tuesday it has chosen a collection of lightweight cryptography algorithms to secure data generated by the rapidly growing number of small Internet of Things (IoT) devices.

The agency tapped Ascon, a package of seven algorithms for authenticated encryption and related operations, from among 57 contenders as the choice to safeguard data collected by IoT devices. That might help take the Internet-of-S#!t out of IoT.

Those gadgets include everything from implanted medical devices and keyless car fobs to wearable devices and smart cities systems, which all collect and store sensitive information but are security-challenged by their limited size and low-power processors.

The lightweight cryptography algorithms need to be powerful enough to offer high security and efficient enough to do so with limited electronic resources. they have been examined by experts for years to check for flaws.

"The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation," NIST computer scientist Kerry McKay said in a statement.

"These algorithms should cover most devices that have these sorts of resource constraints."

It took NIST a while to get here. Following a years-long development program, it asked for cryptography solutions in 2018, receiving 57 submissions. Cryptographers pulled apart and searched for weaknesses in the algorithms before choosing 10 finalists and then getting down to one to rule them all.

Criteria ranged from providing security to the algorithm's performance to speed, size, and power consumption.

Ascon was developed in 2014 by cryptographers from Graz University of Technology in Austria, Infineon Technologies, Lamarr Security Research, and Radboud University in the Netherlands.

Some or all seven of the parts of the Ascon family will become NIST's published lightweight cryptography standard later this year, with each variant offering device designers options for different tasks.

AEAD and hashing

McKay said two algorithms - authenticated encryption with associated data (AEAD) and hashing - are among the most important for lightweight cryptography.

AEAD ensures a message remains confidential but lets other information like message headers or a device's IP address to be included but not encrypted. It also ensures the protected data is authentic and wasn't changed in transit.

With hashing, a short digital fingerprint of a message is created, letting the recipient determine if the message was changed. They also can see whether a software update is appropriate, or if it has been downloaded and installed correctly.

A fresh look at HPC

The announcement came a day after NIST started taking public comment on a draft publication outlining the architecture and security needs for zone-based high-performance computing (HPC) systems that security experts have been talking about for months.

As with IoT devices, the size of HPC systems makes them challenging to secure, according to NIST. The draft Special Publication (SP) 800-223 outlines a zone-based reference architecture and security posture for zone-based HPC systems.

NIST has been putting a focus on cybersecurity for HPC systems for at least a year. With zone-based HPC, systems divvied up into four zones with such functions as data storage and access.

Partly fueling the new architecture is the difficultly in securing HPC systems, which NIST said in the request for comment is "due to their size; performance requirements; diverse and complex hardware, software, and applications; varying security requirements; the nature of shared resources; and the continuing evolution of HPC systems."

NIST is taking comments on SP 800-223 until April 7. ®

https://www.theregister.com//2023/02/09/nist_iot_hpc_algorithms/