My company plans to integrate IoT-based devices into an enterprise system. What are the best IoT encryption tools...
to secure data passing through these devices?
Internet of things (IoT) devices are resource-constrained. Proprietary protocols are embedded in the firmware. Memory sizes are small. Bandwidths are limited. Execution time is brief. Power is short lived. Batteries often (and inconveniently) need to be recharged. In some cases, there is no internal power, as in passive radio frequency ID (RFID) tags that draw power from nearby readers fitted with batteries. These constraints place limits on how the devices can be encrypted.
Your best options are lightweight encryption tools that can handle resource constraints. It is not possible to implement full encryption tools on IoT devices because these tools require larger memory size, larger program code size, uninterrupted power and longer execution time on laptops, client workstations and servers.
Which lightweight encryption tools your company should use depends on the specific type of IoT device. A tool well suited for one device type may not work properly for another device type.
Device-specific lightweight cryptography standards take a different approach than the NIST's general purpose cryptography standards that work on any laptops and desktops.
Several lightweight cryptography standards are described in ISO/IEC 29192. These include block ciphers, like PRESENT and CLEFIA, which are the lightweight versions of the Advanced Encryption Standard. There are also hardware-oriented stream ciphers, like Enocoro, that focus on chip size and energy consumption; hash functions, such as PHOTON, which concentrate on data integrity; and message authentication codes for validating and authenticating communications between devices.
Another example of a lightweight cryptography mechanism for IoT data is an elliptic curve-based authentication scheme, which has been implemented on RFID readers to authenticate passive RFID tags.
When evaluating lightweight encryption tools, your company should consider the tradeoffs between security and resource utilization. This includes the maximum number of cycles an encryption tool can undergo during an execution versus how low latency can be achieved.
Learn about how symmetric and asymmetric encryption algorithms differ
Find out if destroying encryption keys is a security best practice
Read more on the best email encryption products for enterprises
Dig Deeper on Disk and file encryption tools
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading