Cryptography Innovations for the Enterprise
Cryptography is believed by many to be a mature field of study. Still there are many exciting innovations under development. This article will discuss three next generation technologies. The emergence of cloud-based applications and storage has underscored the need for a security mechanism that won’t burden the utility of the services. The emerging Internet of Things (IoT) requires Light Weight Cryptographic (LWC) solutions that are appropriate for securing computationally constrained platforms. Finally, changes in the threat landscape for secure communication systems always need to be considered. An emerging threat is due to developments in the field of quantum computing. Since the development of Shor’s algorithm, the demise of public key ciphers has been predicted for almost 3 decades.
Homomorphic encryption was first described by the inventors of RSA in 1978 . The first plausible fully homomorphic encryption scheme was presented by Gentry in 2009 . Simply stated, homomorphic encryption allows operations to be performed on encrypted data with the result also remaining encrypted. Therefore, input data and results of the operations all remain inaccessible except to authorized entities.
The popularity of cloud services will continue if security risks can be abated. Currently secure information that is posted to the cloud must be unencrypted before it is used to perform any operations or services. For example, describes an application in the field of epidemiology. Huge databases of genomics data exist. This data is very sensitive, personal information. “Human DNA and RNA sequences are biometric identifiers like a fingerprint.” Medical advances have allowed all manner of disease predisposition to be identified for individuals, families and other populations. If this data could be shared with privacy and still be analyzed securely for trends and other statistics, perhaps medical breakthroughs would result.
Passing data between security domains is also an issue that can potentially be solved using homomorphic encryption. This is referred to as the Cross-Domain-Solutions or CDS problem. Payloads can be encrypted for transport over networks, but routing and other header information needs to be accessible to achieve transport. This sensitive information is either left in the clear or trusted routers and gateways are employed. Homomorphic encryption can allow untrusted routers and gateways to determine intermediate destinations without decrypting the header material.
Homomorphic encryption is not quite ready for practical applications due to its computational complexity and overhead. Large keys for a given level of security and cipher text expansion to support “bootstrapping” make many of these methods complex and slow. Organizations such as DARPA are funding targeted efforts to improve the performance of the technology. As part of its Data Protection in Virtual Environments (DPRIVE, Feb 2020) effort, DARPA has initiated a project to develop an ASIC based Fully Homomorphic Encryption accelerator. So, although practical homomorphic encryption may be an elusive goal, research is making rapid progress.
Symmetric Key Ciphers
Symmetric key ciphers form the basis of most secure communication systems. However current algorithm standards such as AES require more computing resources than are available in connected, constrained environments. Applications such as RFID tags, sensors, smart meters, wireless monitoring systems, and other Internet of Things (IoT) components require encryption solutions with low memory, computational, size and power requirements.
The National Institute of Standards and Technology (NIST) has begun a competition to collect, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments. The goal is to identify one or more winning solutions by 2021. Currently the Round 2 candidates have been published with the expectation that Round 3 candidates will be named by December 2020.
Public Key Ciphers
All components of a secure system need to be assessed periodically against changes in the threat landscape. Potential vulnerabilities need to be identified, analyzed and, if necessary, mitigated. Shor’s algorithm was published in 1994 . This is a quantum computing algorithm that can perform discrete logarithms and integer factorization in polynomial time and can therefore compromise many popular public key algorithms such as RSA, ElGamal or ECC . The possibility that a practical quantum computer could be developed within the next few decades now makes this an emerging threat. Although it is unlikely that a quantum computer with enough capability to execute the full Shor’s algorithm will be available in the near term, quantum computing research has been making steady progress. In addition, since the impact to the security of digital communications on the Internet and elsewhere would be severe, action to mitigate the threat is required.
To this end, the NIST Post-Quantum Public Key Cryptography Standardization Project was launched on December 20, 2016.In 2016, NIST began the competition with publication of the evaluation criteria, including security and performance requirements, for quantum-resistant public key encryption, digital signature, and key exchange algorithms. Proposal submission and evaluation began in 2017. Evaluation is proceeding in rounds, with each round selecting submissions that will proceed to the next round for continued evaluation. Currently the competition has completed the third of four rounds. NIST is targeting 2024 at the latest to release the standards .
As our society becomes ever more reliant on digital communications, the security of these networks and the applications that use them will continue to increase in importance. Compromises to online commerce, electronic voting, business, government and personal communications, etc. could be a threat to our way of life. New vulnerabilities are discovered by our adversaries every day. The evolving threat landscape requires a flow of new security solutions with no end in sight.
About the Author
Mike Kurdziel is a Fellow and Engineering Director for the Chief Engineering Systems and Technology (CEST) Group for the Communication Systems segment – Tactical Communications sector of L3Harris Technologies. He is recognized as a published industry authority in the Type 3 and Type 4 Information Assurance field and various Cyber Security technologies. Dr. Kurdziel has been a member of L3Harris Technologies’ Communication Systems Segment technical staff since 1992. He holds Bachelor of Science (1986), Master of Science (1988) and Doctor of Philosophy (2001) Degrees in Electrical Engineering from the State University of New York at Buffalo. He holds seventeen patents and has authored/coauthored over 30 publications all dealing with military communications applications. He has been a licensed “Professional Engineer” (License No. 069432) in the State of New York since 1992 and is PMP certified by the Professional Management Institute (PMI). Lastly, Mike proudly serves as an adjunct faculty member at the Rochester Institute of Technology in Rochester, NY where he teaches Introduction to Cryptography and Applied Cryptography courses.