NIST lays groundwork for encrypting IoT devices — GCN
As internet-of-things devices infuse IT systems controlling health care equipment, power grids, manufacturing processes and home security, they require a way to defend against cyberattacks. Most cryptographic systems, however, were designed for desktop PCs and servers and are therefore unsuitable for very small devices that have more limited computational resources.
The National Institute of Standards and Technology’s lightweight cryptography initiative aims to develop standards that can work within the confines of a simple electronic device. On April 18, the agency issued a call to software developers for help in crafting requirements and guidelines for technology to secure data in constrained environments.
“The IoT is exploding, but there are tons of devices that have nothing for security,” NIST computer scientist Kerry McKay said in an April 18 blog post. “There’s such a diversity of devices and use cases that it’s hard to nail them all down. There are certain classes of attacks to consider, lots of variations. Our thinking had to be broad for that reason.”
“Draft Submission Requirements and Evaluation Criteria for Lightweight Cryptography Standardization Process” lays out the submission requirements and evaluation process for