Securing the Internet of Things in the Age of Quantum Computing

As industrial applications drive the next major growth phase of the Internet of Things (IoT), there are growing concerns about how the data that flows through its ecosystems is created, validated, protected, transported, shared, and analyzed. Cryptography is the foundation for addressing these issues, but many vendors concentrate on building market share by paring costs rather than implementing security. As a result, many IoT devices are inadequately protected from hacking, which threatens the security of the IoT ecosystem and other networks to which it connects.

Internet security, privacy, and authentication are not new issues, but IoT presents unique security challenges.

First, many IoT devices have limited processing power and memory, yet robust cryptography involves substantial computational power and needs memory to store temporary or permanent encryption keys.

One solution is to give every IoT device a unique and unclonable identifier by deriving it from the microscopic physical differences between silicon chips caused by manufacturing process variations across a wafer. Such an identifier can substitute for stored encryption keys, saving memory.

IoT devices with unique identifiers can communicate securely with cloud-based servers that carry out data analysis and decision-making within IoT ecosystems. However, it is critical that devices and servers can authenticate that they are communicating with legitimate members of their ecosystem. This is usually handled using digital signatures and public key infrastructure.

A central server protects the IoT network. Credit: Dr. Charles Grover

Digital signatures can also protect against denial-of-service (DoS) attacks, in which malicious actors prevent devices from working properly by creating a fake server to intercept signals sent by the device or by overloading the server using fake devices to issue fake requests. Since IoT networks contain many devices, they are vulnerable to DoS attacks.

IoT devices may be widely distributed and vulnerable to physical attacks. These can include side-channel attacks, which try to analyze how a security algorithm is performed to learn secret information about encryption keys. For example, a timing attack may try to exploit the fact that a key-generation algorithm may take varying amounts of time to run depending upon the key value generated. Perhaps it takes longer to write a 1 into memory than a 0, so analyzing how long it takes to store a key provides insights about the relative population of 0s and 1s within it. Power analysis is another option. If it takes more energy to write a 1 into memory than a 0, this may yield secret information.

IoT fragmentation makes securing an ecosystem tougher. The silicon vendor building the chips must have access to and manage the information that needs to be embedded in each to enable it to find and access the intended IoT network. The device maker that uses these chips must ensure that it's properly implementing cryptographic tasks. IoT hub manufacturers and integrators must provide software for managing, collating, and parsing the data obtained by devices. These providers may also be responsible for managing authentication.

Many parties have access to an IoT ecosystem and the data flowing through it, but none take overall responsibility for security. Hiring third-party specialists to do that will not work if the scope of the task they are given isn't clearly defined.

Much work is being driven by concerns that upcoming quantum computers may undermine or invalidate today's approaches. These post-quantum cryptography (PQC) strategies may also have valuable properties for enabling IoT security.

In the quantum computing era, it's a challenge to handle encryption keys and digital signatures that are long enough to offer good security on devices with limited memory, power, and communications resources.

Digital signatures are vital for authentication between devices and servers. America's National Institute of Standards and Technology (NIST) is exploring technologies to replace today's approaches to digital signatures. A comparison with ECDSA, a standard approach used today, reveals the issue: To transmit a signature with 128 bits of security, ECDSA must send a public key of 256 bits and a signature of around 576 bits. The most compact PQC digital-signature strategy remaining in the NIST analysis uses an 896-byte public key and a 690-byte signature. In other words, the PQC implementation of a digital signature needs about 15 times more bandwidth than ECDSA, as well as more computation and more memory to store cryptographic keys.

Other PQC digital-signature schemes may emerge that use the same bandwidth as ECDSA. If not, IoT devices will have to rely on other ways to authenticate with servers, such as greater use of key-encapsulation mechanisms and pre-shared keys. NIST is also looking for PQC algorithms that are inherently less subject to physical attacks than those used today.

IoT security practitioners need to be aware of standardization processes and work out which PQC strategies will work within the constrained resources of IoT devices. NIST is exploring how robust the new algorithms will be to side-channel attacks and the issues relating to the bandwidth requirements of digital signatures in a post-quantum computing world. Today's signature schemes are too unwieldy, but ongoing work should help secure the IoT in the upcoming age of quantum computing.