The National Institute of Standards and Technology (NIST) has selected a group of cryptographic algorithms called Ascon as the lightweight cryptography standard to protect data flowing through IoT devices.
Following a multi-year effort that included security code reviews, NIST announced the Ascon family of algorithms will soon be the standard to protect data created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators.
The Ascon algorithms, developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research and Radboud University, are designed for miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.
According to NIST, these tiny devices need “lightweight cryptography” — protection that uses the limited amount of electronic resources they possess
The Ascon family was selected in 2019 as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition, a sign that Ascon had withstood years of examination by cryptographers, NIST said in a note announcing the choice.
“The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation,” said NIST computer scientist Kerry McKay. “These algorithms should cover most devices that have these sorts of resource constraints.”
The standards body expects Ascon to power two of the most important tasks in lightweight cryptography: authenticated encryption with associated data (AEAD) and hashing.
The Institute made it clear that the new algorithms are not intended to be used for post-quantum encryption.
“One of the Ascon variants offers a measure of resistance to the sort of attack a powerful quantum computer might mount. However, that’s not the main goal here,” McKay said. “Post-quantum encryption is primarily important for long-term secrets that need to be protected for years. Generally, lightweight cryptography is important for more ephemeral secrets.”
Related: Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?
Related: CISA: Critical Infrastructure Must Prep for Post-Quantum Cryptography
Related: NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC
Related: NIST Announces Post Quantum Encryption Competition Winners
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
- Spera Banks $10 Million to Tackle Identity and Access Sprawl
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- Tesla Hacked Twice at Pwn2Own Exploit Contest
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
