Home » IoT Embedded Systems » Focus » Squeezing Cryptographic IP into Tight Spaces

Squeezing Cryptographic IP into Tight Spaces

Like Aladdin’s lamp, securing the IOT and wearable devices requires a big punch in a little space.

By Joe Desposito and John Blyler, Senior Editors

Though limited in computing power, microcontrollers (µCs) continue to play a major role in the Internet of Things (IoT). But some jobs, like running full-blown cryptographic IP, are challenging if not impossible for µC-based devices to do in a meaningful way. Since ditching security is not an option for engineers designing embedded devices for the IoT, companies have come up with crypto IP that provides sufficient security for these devices while not adversely impacting overall system performance.

Some call it lightweight cryptography, others say cryptography for resource constrained or resource sensitive embedded devices. But essentially they’re referring to a more efficient cryptographic approach with regards to the typical constraints found in the hardware used in such applications as IoT. Those that readily come to mind are: limited computational power–typically an 8-/16-/32-bit microcontroller; limited power source–typically a battery or harvested power; and limited memory.

Lightweight cryptography and its offshoots are well-suited for such constrained devices, as this technique attempts to balance tradeoffs in three key areas: cryptographic strength, low resource requirements and performance. Several companies have developed this small footprint cryptographic IP for IoT and also machine-to-machine (M2M) applications. For example, Intel Labs is working on 8-bit ASE nano-security for wearable devices.  A representative example is Mocana with its NanoCrypto cryptographic engine.

Cryptography in 30 KB or Less

Built for resource-constrained embedded systems, Mocana’s NanoCrypto cryptographic engine has a tiny 30 KB memory footprint.  For designers who want or need an even smaller footprint, parts of the engine can be turned off. Alternatively, if more resources are available, designers can add more functionality. NanoCrypto supports over 35 operating systems and RTOS’s, so designers can add sophisticated cryptographic security features to almost any type of device or application. The smaller versions of the IP can even be used in environments without any OS at all. Written entirely in C, with assembly optimizations, NanoCrypto is available for a host of popular hardware platforms, with ARM the dominant player due to its low power use.

James Blaisdell, CTO and co-founder of Mocana says, “Our product is very tiny but when you talk about the Internet of Things, that implies that the device has to be connected to the Internet, which means you’ll need a full TCP/IP stack and a web server or some kind of web socket interface, since these devices typically need to call a cloud service. Additionally, machine to machine devices need an identity and have to be able to talk to other devices to create a network effect. For a basic consumer appliance device, I think you’re going to need around 256 KB of RAM and about 1 MB of flash.”

A crypto module is part of the solution, but not the entire solution (see the graphic). For the Internet of Things the device needs to have an identity and be able to protect that identity. There’s also a private key that must be protected. “You need to be able to update and change the identity, keep it current in a sense,” says Blaisdell. “Just like a driver’s license, an ID can expire, so you need ways to be able to renew the device’s identity. We provide all those tool boxes to do that in a safe, secure manner. With the Internet of Things, there’s not a single answer for security.”

Developers can choose from a rich selection of cryptographic technologies, including RSA and elliptic curve, symmetric algorithms like 3DES and AES, message authentication, hashing and pseudorandom number generation. In addition, FIPS 140-2 level 1 government certified NanoCrypto binaries are available for many popular platforms. For more information, visit the NanoCrypto website.

Device designers using Mocana’s NanoCrypto engine can choose the components needed for a particular project, with the goal of securing all aspects of a connected device.

Device designers using Mocana’s NanoCrypto engine can choose the components needed for a particular project, with the goal of securing all aspects of a connected device.

James Blaisdell

James Blaisdell is the CTO and co-founder of Mocana


Great information delivered straight to your inbox

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *