• Richard Blech

Strong Cryptosystems Needed for Resource-Constrained IoT



You don’t have to look too far to find small network-connected devices feeding vast amounts of telemetry data into public cloud infrastructure. Data created from these IoT and industrial IoT devices become the eyes and ears of an organization. These invaluable data sources are analyzed to improve processes, understand consumer dynamics, monitor healthcare elements, manage industrial systems, and more.


IoT is represented by more than just the devices. It encompasses an ecosystem that includes software, networks, data, and analytics, all of which can be vulnerable to hacker groups and state-sponsored bad actors. Analysts tell us we’re headed toward a world with over 75 billion IoT devices by 2025. But as the opportunities abound, the ever-present need for security stands out as a significant barrier to growth.


IoT and Industrial IoT are deployed by the public and private sector, with cybersecurity threats increasing with the exponential growth. As you might imagine, the federal government is concerned about the security of these devices. IoT is deployed within government systems, as well as the critical infrastructure the U.S. population relies upon, like water supply, energy grid, and other facilities. To that end, the IoT Cybersecurity Improvement Act of 2020 was initiated. This bill requires NIST and the Office of Management and Budget (OMB) to take steps to increase cybersecurity for IoT devices. NIST released guidance on defining federal IoT cybersecurity requirements through four documents. The goal is to ensure IoT integration into the security and privacy controls of federal information systems.


Building strong encryption into resource-constrained devices

IoT are typically small devices, many with sensors collecting and sending data back to a cloud or data center. IoT applications are as diverse as your imagination. Examples range from humidity sensors in food processing, pharmaceuticals, and agricultural equipment, to IoT-enabled pressure sensors within vehicles, medical, industrial, consumer and building devices. IoT accelerometers are found in cameras, airplanes, rockets, and in healthcare devices, and IoT-based gas sensors detect noxious and harmful gases and natural gas leaks. The applications and use cases are seemingly endless.

The common factors they share are their small size and constrained form factor. Enabling encryption is a challenge on these devices that have low CPU, bandwidth, memory and battery capabilities, as encryption can consume what little resources are available. However, quantum-safe encryption, meaning a symmetric key length greater than 256-bit, doesn’t have to be embedded directly into hardware. It can be installed on Secure Digital (SD) cards. Strong encryption can be enabled on smartphones, smartwatches, tablets, cars and trucks, home appliances and medical devices, by app developers and device manufacturers integrating the cryptosystem within their data center or cloud-hosted services. This allows them to widely deploy lightweight, yet quantum-safe encryption in the cloud, across the network, and onto IoT devices.


Strong encryption can be deployed in front of legacy industrial IoT/ICS, where information technology (IT) and operational technology (OT) merge. Manufacturers and industrial organizations still rely upon many legacy systems, like supervisory control and data acquisition, (SCADA) and programmable logic controllers (PLCs). On legacy analog PLC devices using serial cables or Ethernet ports to egress data, encryption can be deployed as a bump-in-the-wire, or proxy. This increases security, confidentiality, and reliable communications, without altering or impacting their performance. In addition to strong encryption, access to these devices must be protected by multiple levels of authentication, and usage needs to be controlled with authorization. This can be enabled when the IoT devices are enrolled or subscribed using their CPU ID, or other uniquely identifiable elements. These security practices lock down protections, and are critical to eliminating weak links within the network.


All IoT devices are connected to a network. This means, if hackers gain access into a device, they can install malware, and laterally move across the network to other computers, systems and data. These devices generate small amounts of data. An IoT-enabled sensor might send 10 bytes of temperature data from an HVAC system to the cloud. Resource-constrained IoT devices need strong, yet lightweight encryption with header-less capabilities for zero encumbrance and nano-second performance. This requires specialized encryption. AES 128-bit and 256-bit simply can’t do this, because they add headers and overhead, not to mention their initialization and latency impediments.


The cryptosystem for resource-constrained IoT

Ensuring systems, applications and data are protected from internal and external threats requires the continual and methodical use of sophisticated cybersecurity tools with strong encryption, efficient and secure methods for exchanging keys, and advanced human and device authentication. In response, XSOC CORP’s has developed an extensible, adaptive, and quantum-safe cryptosystem and encryption key transport system that helps protect against today's advanced threats, while future-proofing the protection of all data against cyberattacks.

Cryptography for lightweight IoT has been a compromise between being light in resource consumption, and robust in terms of crypto-strength. However, new technology developed by XSOC has overcome these barriers. The FIPS 140-2 validated XSOC cryptosystem provides lightweight cryptography, with a minimum of 512-bit quantum-safe strength, that can be expanded to 51,200-bit encryption. In addition to encryption, we integrated multifactor authentication, to provide multilayered protection against attackers using stolen identities to gain access to a network and its resources. To accelerate performance for data transfers, for both constrained devices and broadband, we developed our own encrypted network protocol.


Symmetrical key stream ciphers are less demanding on resource limited IoT devices than asymmetric block ciphers. SOCKET meets the system resource and scalability demands of today’s newest IoT devices, as well as legacy systems with IIoT for data confidentiality and integrity required for securing critical OT/ICS infrastructure. SOCKET secures requests between services or connected devices, without incurring a single-point-of-failure. SOCKET is purpose-built for exchanging, distributing and facilitating the movement of encryption keys generated by a symmetric encryption engine or algorithm, between senders and receivers. EBP, XSOC CORP’s encrypted network protocol, enables highly optimized data transmission and communications for sending, transferring, migrating and streaming very small to extremely large data packets across internal or external networks to on-premise and cloud storage repositories.


IoT continues to proliferate throughout the world, extending Internet connectivity into the physical devices we use every day. While security was often a peripheral concern during the early meteoric spread of IoT and Industrial IoT devices, it’s a different story today, as these network-connected devices are now highly vulnerable. Fortunately, there is new technology capable of securing resource-constrained IoT, to provide the strong protections necessary for public and private sector organizations.