The Debate Over How to Encrypt the Internet of Things

#News(IoTStack) [ via IoTGroup ]

But real-world data suggests that many of those ubiquitous tiny gadgets can run versions of traditional, time-tested encryption schemes.
A team from the Swiss IoT encryption firm Teserakt argues that there’s no need to reinvent the wheel when the real solution is simply holding IoT manufacturers to higher standards.
But traditional cryptography, particularly the stalwart Advanced Encryption Standard, often works just fine in IoT devices, says Antony Vennard, Teserakt’s chief engineer.
The researchers have even observed a number of situations where security-conscious manufactures found ways to incorporate it, like in the embedded systems of cars.
“Where it could get confusing is where people aren’t sure what level of security they need.” Antony Vennard, Teserakt
It’s important to talk about the actual utility of lightweight encryption now, because it takes years for the cryptography community to develop and vet a new encryption scheme to ensure that it’s safe to use.
And once those standards are in place, it takes even more time to gain real-world experience implementing the scheme to catch mistakes.
In February, for example, Google debuted a method for encrypting most low-end Android devices regardless of how piddly their processors.
Rather than a novel encryption scheme, it relied on clever implementations of AES and other existing cryptographic methods to reduce the chance of introducing a fundamental flaw.
But Johns Hopkins cryptographer Matthew Green points out that the lengths Google had to go to to achieve it may actually indicate a need for lightweight cryptography, rather than showing that it’s worth sticking with AES.
Though it may be possible to implement traditional encryption more widely than the IoT industry currently believes, Vennard admits that there are situations where lightweight encryption would be useful.

Read More..
AutoTextExtraction by Working BoT using SmartNews 1.02810764966 Build 26 Aug 2019