International Standards and Conformity Assessment for all electrical, electronic and related technologies

May 2013

 

Securing Internet transactions

Standardization of lightweight cryptography: ISO/IEC 29192

Janice Blondeau

As more and more PCs, mobile phones and PDAs (personal digital assistants) go online increased security is necessary for the compact devices which provide their Internet connections. These compact devices, such as RFID (Radio Frequency IDentification) (1) and sensors with wireless communication functions, have limited information processing resources. They require low power-consumption, low-cost technology to encrypt data and to authenticate actions.

Need for low-power, low-cost secure encryption

The IEC and ISO (the International Organization for Standardization) have developed and adopted a four-part standard ISO/IEC 29192 on lightweight cryptography which helps to overcome these issues.

What is lightweight cryptography?

Cryptography today combines mathematics, computer science, and electrical engineering. Lightweight cryptography is tailored for specific applications that limit implementation area, programme code size, or power consumption. However, lightweight doesn’t mean weaker cryptography.

 

During the development of ISO/IEC 29192 by JTC (Joint Technical Committee) 1/SC(Subcommittee) 27: IT security techniques many different proposals were tabled for the precise definition of lightweight cryptography, and as to which mechanisms should be deemed suitable for standardisation. All mechanisms standardised in ISO/IEC 29192 provide a minimum security level of at least 80bits which is adequate to provide at least a few years of security, if the design of the underlying security system is sound.

Structure of the standard

ISO/IEC 29192 Information technology - Security techniques - Lightweight cryptography consists of four parts. Part 1 provides definitions of lightweight cryptography, describes the concept, and also defines a model by which hardware oriented mechanisms can be compared. Part 2 is dedicated to block ciphers, Part 3 to stream ciphers, and Part 4 to mechanisms using asymmetric techniques. Recently work has started on developing Part 5 which is dedicated to hash functions, but is not yet available to the public.

Lightweight block ciphers

A block cypher encrypts text by cryptographic key and algorithm applied to a block of data at once as a group rather than to one bit at a time. Block ciphers are the workhorses of cryptography, mainly due to their relative efficiency and ability to be used for a wide range of different applications. They require fewer resources (memory, silicon) to provide similar security services, keeping the implementation overhead, and therefore the cost, low. ISO/IEC 29192-2 offers two choices of lightweight block ciphers: Present and CLEFIA.

Lightweight stream ciphers

A stream cypher encrypts text with a cryptographic key and algorithm bit-by-bit using a pseudo random bit string (or key stream), associated with a secret key. Stream ciphers can offer high encryption speeds, especially when implemented correctly in hardware. ISO/IEC 29192-3 offers two choices of lightweight stream ciphers: Trivium and Enocoro.

Lightweight mechanisms using asymmetric techniques

Lightweight asymmetric techniques, including authentication and key agreement protocols are standardised in Part 4. Although protocols can be constructed with lightweight mechanisms and dedicated protocols from other ISO/IEC standards, the mechanisms described in Part 4 offer attractive options when using asymmetric techniques as described. Asymmetric cryptography does not always offer appropriate lightweight versions. ISO/IEC 29192-4 offers three mechanisms: cryptoGPS, ALIKE and IBS.

Lightweight hash functions

A hash function maps strings of bits to fixed-length strings of bits, satisfying the following two properties: (1) it is computationally infeasible to find for a given output, an input which maps to this output; and (2) it is computationally infeasible to find for a given input, a second input which maps to the same output. ISO/IEC 29192-5 is now under development.

Factors to keep in mind when deciding on an appropriate mechanism

All mechanisms in ISO/IEC 29192 can provide adequate security if implemented correctly, allowing the engineer to focus on the engineering task at hand. The Standard makes a distinction between mechanisms optimised for hardware and mechanisms optimised for software. The final choice of an encryption mechanism may depend upon the amount of information to be transmitted, the required speed, the particular application and the available hardware.

 

Notes

  1. (1) Radio frequency identification tag with wireless communication capability 


 

  • Cryptography combines mathematics, computer science and electrical engineering.
  • ISO/IEC 29192 on lightweight cryptography looks at three different cipher mechanisms.
  • Compact online devices require low-cost, low-energy consumption, high-security cryptography.

 

 

Find out more