The Internet of Things comes with a broad range of domain-specific problems that are exacerbated by generally low-security safeguards. In an attempt to combat and alleviate some of these problems, MIT has recently published a paper describing a public-key encryption chip designed to work naturally within the constraints that IoT devices are subject to.
The publication, titled “Energy-Efficient Encryption for the Internet of Things” that describes a chip that enables public-key cryptography while simultaneously reducing power-consumption by 99.75 percent. This feat is admirable, as public-key encryption generally relies on energy and memory resources to be able to use the algorithms in a software encryption protocol. For an IoT device, this becomes very expensive in terms of energy and memory resources, especially when dealing with swaths of sensors and other devices, and has been a major part of why most IoT devices are inherently so insecure.
Here is a look at a few features in this new public-key encryption chip that make it especially primed for IoT applications.
Elliptic Curve Encryption for Faster, More Efficient Public-Key Generation
Elliptic Curve Encryption (ECC) is a method of public-key cryptography that was developed in 1985. ECC has the advantage of requiring smaller keys and overall being less resource intensive than other forms of public-key cryptography, while still maintaining the same level of security. This means that a 256-bit elliptic curve public key would be similar to a 3072-bit RSA public key.
The key generator is described by a curve with the equation:
y2 = x3 + ax + b
Image courtesy of Steemit.
The size of this curve correlates to the level of security.
By comparison, a public key is generated using the equation:
Q = d * P
Encryption of a message (m) is achieved using cipher texts:
C1 = k * P
C2 = M + k*Q
where k is randomly selected from [1-(n-1)]
Finally, messages are decrypted using the equation:
M = C2 - d * C1
The chip being developed by MIT uses a hardwired implementation of ECC, taking advantage of its low resource requirements. What is especially interesting is that the chip also can be used with any shape or size of elliptic curve, adding longevity in the device for other, or future, implementations of ECC. For IoT security, this is especially useful since swapping out outdated components would also be a hindrance in maintaining security.
Combined with the ECC algorithm is the hardwiring of certain operations involved with key generation/encryption/decryption. Generally speaking, hardware-based logic tends to be faster than software implemented versions (think FPGAs where logic is implemented physically).
The MIT team selectively implemented circuitry to carry out the intensive mathematics involved in ECC, including the modular multiplier. For ECC, the modular multiplier must be able to handle large numbers and so, by building a 256-bit multiplier circuit, it only requires one circuit to perform this operation (and subsequently and can also handle any smaller operations, as well).
In another deviation from the norm, the team also built a separate inversion circuit to handle the inversion component of ECC. Typically, the multiplier can also act as the inverter—but, by separating the two, power consumption was reduced by nearly half.
Finally, they bring the concept together in the Datagram and Security Layer, which handles the eventual formatting and transmission of data. The protocol for these layers is also hardwired into the chip, further reducing energy requirements and increasing speed.
What the team has achieved is a low powered, fast encryption chip using a novel combination of speedy public-key encryption methods (ECC) and hardwiring the logic and protocols. It solves some of the problems with implementing IoT security, namely issues with power and memory resources.