Embedded Cryptography For Internet Of Things Security
As Internet of Things (IoT) devices are optimized for lower power consumption and affordability, most of them have poor computing resources. As consequence, these devices are more vulnerable to hacking attacks. The good news is there are several options for using cryptography to make it difficult for hackers to gain access to IoT devices of your smart connected home.
Cheap IoT devices that have little protection or no protection at all can be hacked to flood websites with high traffic and shut the servers down. As “things” are increasingly getting connected to the “internet”, chances are that hackers may have the water or electricity shut off, security system disabled, and even worse – they can cause loss of human life by attacking medical devices.
So, what is the solution? Well, the answer is, “Authentication and Encryption using embedded cryptography”. Now we shall discuss these methods of securing IoT devices from cyber attacks.
For the IoT, authentication works in both directions. An IoT device ensures that it is interacting with an authorized gateway and cloud service, and the cloud service (remote server), in turn, verifies it is working with an authentic IoT node. Only when both the sender and the receiver are sure that they’re dealing with “real” client/server, they proceed further and exchange confidential information. This authentication is done by using a hashing algorithm and shared secret keys to generate a tag known as a message authentication code (MAC). This MAC address is compared with a locally stored address.
Now, it’s clear that effectiveness of the authentication process depends on the strength of the MAC, and the MAC address itself depends on the strength of the hashing algorithm, the length of the key used, and whether the key is shared secretly and stored securely. The current state-of-the-art hashing algorithm for cryptographic purposes is SHA-256 with 256-bit keys. That means if the key is unknown, it will take 2^256 attempts to crack it.
The generated key must be shared over a secure channel to prohibit hackers from cracking it by sniffing the packets. The key can also be shared over an insecure channel using Diffie–Hellman key exchange method. Another important task is to store the key securely. It’s highly recommended not to store the key in the same place along with other application data.