Skip to content
CryptoHub is 2024 Data Protection Solution of the Year!
Learn More
  • There are no suggestions because the search field is empty.
Check out the CryptoHub press release.
Learn More

How Will Lightweight Cryptography Impact You?

In This Article:

Introduction

On April 18th, 2018, the National Institute of Standards and Technology (NIST) began an effort to develop a little-explored cryptographic concept.
 
The concept is called “lightweight cryptography,” and according to NIST, its purpose is “to develop cryptographic algorithm standards that can work within the confines of a simple electronic device.”
 
NIST made its announcement in response to the burgeoning development of the Internet of Things (IoT), a network of sensors, monitors, cameras, and devices working together to create smart infrastructure.
 
Several existing, upcoming, and necessary technological advancements including autonomous vehicles, smart energy grids, and more depend on the IoT to communicate between themselves and function properly.
 
Without the IoT, none of these systems could carry out the numerous, simultaneous communications necessary for their existence.

What is lightweight cryptography?

Lightweight cryptography, also known as lightweight encryption, is a form of encryption designed for resource-constrained devices. It uses less memory, fewer computing resources, and less power to provide secure solutions for limited network resources.

While AES and SHA are very good together at the interface of computing, they are unable to cope with an IoT environment where they consume excess computing capacity.

In recent years, numerous lightweight cryptographic primitive devices have been developed and used to support limited resource requirements. Both international and NIST organizations have outlined several methods that are possible for lightweight cryptography and useful for IoT/RFID devices.

Lightweight cryptography use cases

  • Great for securing IoT devices
  • Protect wireless sensor networks
  • Lower complexity, same security level

Why do we need lightweight cryptography?

Lightweight cryptography requires less RAM, fewer computing resources, and less power supply to resolve the data security challenges of IoT sensor networks.

In general, lightweight cryptography is simpler and more efficient than typical cryptography at securing connected devices.

The benefits of lightweight cryptography

According to NIST, the millions of electronic devices making up the IoT are small and simple, making them unequipped to process current cryptographic algorithms. Lightweight cryptography would demand far fewer resources from the devices and take less time to complete their essential processes.

Using costly, heavy-weight solutions for every small device in the IoT would also make the cost of devices impractical for the organizations implementing solutions.

For these reasons, lightweight cryptography would better secure the sensitive data transmissions occurring every second on the IoT.

Simple device solutions usually rely on symmetric cryptography, a version of cryptography in which senders and recipients of messages have the same digital key to encrypt and decrypt messages. NIST specifies that lightweight cryptographic algorithms must use “authenticated encryption with associated data,” or AEAD.

AEAD means that the recipient of a message can use authentication to verify the integrity of the encrypted and unencrypted information within the message. This ensures that messages come from who they say they are and that the content of the message has not been altered in transit.

Next steps and implementation

In 2023, NIST announced the selection 'Lightweight Cryptography' algorithms to protect small devices. The group of cryptographic algorithms called Ascon.

According to the NIST website, the chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators.

They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.

Devices like these need “lightweight cryptography” — protection that uses the limited amount of electronic resources they possess.

Lightweight cryptography is approaching on the horizon of cryptographic solutions.

As the IoT expands and projects such as self-driving vehicles or the smart city develop around it, lightweight cryptography will likely become an integral part of daily urban life.

To keep up to date on this important initiative in IoT data security, be sure to check back with Futurex for the latest news and developments.

Where does Futurex factor in?

Whether it’s symmetric key cryptography or asymmetric encryption, Futurex’s solution suite is ideally suited to lightweight cryptography. We have the resources for hardware implementation and software implementation, on-premises and in the cloud.

Our line of hardware security modules (HSMs) support the widest array of encryption algorithms, lightweight cryptographic primitives, and cryptographic interfaces.

Not only do organizations gain access to symmetric key cryptography (which underlies lightweight cryptography), but they gain access to virtually every data encryption functionality needed to secure communication systems.

The consistency of Futurex systems makes it feasible to standardize lightweight cryptographic algorithms for future asymmetric encryption.

Futurex also offers key management servers to manage the encryption keys used in lightweight cryptographic systems.

No matter the key size, key length, or key schedule required. In addition to fulfilling lightweight cryptography use cases, our key management solutions form the basis for public key cryptography in the form of PKI and CA.

Lightweight cryptography for resource-constrained devices requires considering keys and management functions within the actual applications.

Requirements for lightweight cryptography

The following factors must be taken into account to create light cryptographic systems. In some cases, a device may be implemented with a certain dimension.

Power has a special importance with RFID and energy harvesting devices, while power consumption has an impact on batteries-operated devices.

High throughput of electronic equipment is required for the processing of big-format data like cameras or vibration sensors while low delay is essential in real-time for control of the vehicle system / control system.

Trends in Lightweight Cryptography

The journey of lightweight cryptography began in 2004 with an innovative project in Europe. Recently, this initiative has been revitalized through the M2MO-IoT processes. The efforts of ISO/IEC JTC1/SC 27 culminated in the development of the IEC 29192 standard, which serves as a crucial foundation for lightweight cryptography.

In 2013, the esteemed National Institute of Standards and Technology (NIST) took a significant step forward by initiating a project dedicated to lightweight cryptography. 

By 2017, NIST publicly announced a call for applications seeking lighter cryptographic algorithms, recognizing the increasing demand for secure solutions, especially in resource-constrained environments such as IoT devices.

The ISO/IEC 29192 standard, released in 2007, is regarded as a key precursor to advancements in lightweight cryptography. It provides essential guidelines and specifications that enable the implementation of lightweight cryptographic algorithms designed for devices with limited resources.

In 2018, NIST officially launched the standardization process for lightweight cryptography, inviting contributions from the global cryptographic community. This collaborative initiative aimed to identify and standardize efficient cryptographic algorithms suited for constrained environments like IoT devices. 

By February 2023, NIST announced the selection of Ascon as the leading algorithm in their lightweight cryptography program. Ascon is specifically designed to protect the data generated and transmitted by IoT devices and other compact electronics, including implanted medical devices and keyless entry fobs.

The ISO/IEC JTC1/SC 27 continues to enhance the IEC 29192 standard for lightweight cryptography, offering comprehensive guidelines for implementing suitable cryptographic algorithms. 

This ongoing effort greatly supports the global adoption of secure IoT solutions, paving the way for a more connected and secure future.

Security threats for IoT, Countermeasures Based on Encryption

IoT systems pose significant vulnerabilities to traditional IT systems, as they can collect data and send it to cyber attackers. However, IoT can also improve the productivity of production plants by analyzing and automating production processes in real time.

Incorrect sensor data processing may result in the production of false data. IoT systems using real-world data are also susceptible to cyberattacks. Hence, countermeasures against encryption attacks are gaining more significance.

Lightweight encryption is one such technique, offering a minimal footprint and low computational complexity.

Lightweight encryption extends cryptography to resource-constrained devices, and international standards compilations are currently underway. Authenticated encryption has received considerable attention lately.

Is AES lightweight cryptography? Yes.

AES is the standard in symmetric encryption and is considered a lightweight encryption protocol.


Sources: 
https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices

Updated January 2025
, , , ,
Share: