The National Institute of Standards and Technology (NIST) has selected a group of cryptographic Algorithms called Ascon as the lightweight cryptography standard to protect data flowing through IoT devices.
Following a multi-year effort that included security code reviews, NIST announced the Ascon family of algorithms will soon be the standard to protect data created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators.
The Ascon algorithms, developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research and Radboud University, are designed for miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.
According to NIST, these tiny devices need “lightweight cryptography” — protection that uses the limited amount of electronic resources they possess
The Ascon family was selected in 2019 as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition, a sign that Ascon had withstood years of examination by cryptographers, NIST said in a note announcing the choice.
“The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation,” said NIST computer scientist Kerry McKay. “These algorithms should cover most devices that have these sorts of resource constraints.”
The standards body expects Ascon to power two of the most important tasks in lightweight cryptography: authenticated encryption with associated data (AEAD) and hashing.
The Hub for Industrial Cybersecurity - Join us in Atlanta
The Institute made it clear that the new algorithms are not intended to be used for post-quantum encryption.
“One of the Ascon variants offers a measure of resistance to the sort of attack a powerful quantum computer might mount. However, that’s not the main goal here,” McKay said. “Post-quantum encryption is primarily important for long-term secrets that need to be protected for years. Generally, lightweight cryptography is important for more ephemeral secrets.”
