Securing data from prying eyes has been an important part of the development of the Internet. For example, hiding information such as credit cards numbers or login information transmitted across a network helps provide a sense of safety to the end user, a sense of definitiveness to the merchant, and a sense of security to the credit card processing company. Various data obfuscation techniques have been developed that help mitigate the risk of the hidden information being revealed.
In addition to needing general obfuscation techniques to secure the transfer of information, specialized techniques are needed with respect to the transfer of information between “intelligent devices.” With yearly shipments of more than 10 billion micro controllers that can all exchange information locally or through the Internet, a huge variety of so called “intelligent devices” are enabled. These devices can all be accessed over the internet and the resulting network has commonly been referred to as the Internet of Things (IoT). For example, a large device that can be an IoT device would be a refrigerator that could be connected to the Internet and keep track of the items inside so that when a homeowner runs low on milk the refrigerator automatically orders more milk to the house. On the other end of the spectrum, smaller devices, like sensors to detect if a door or window has been opened as part of a homeowner's alarm system, could be connected to the Internet and alert a homeowner that a door or window has been opened. Another IoT device could be a pacemaker which could communicate with the Internet and provide feedback to a doctor on how a patient's heart is functioning and even allow the doctor to control the pacemaker's settings from a remote location.
The ability to allow for all manner of devices to be connected together also poses challenges and risks. For example, in the case of a pacemaker, authentication and security are critically important so that only authorized individuals can make modifications to the settings of the pacemaker. In addition, because smaller IoT devices tend to run on battery power and because their size often means the circuit boards must be small and therefore are not capable of storing large amounts of information, conservation of energy and compactness of the algorithms that run on the IoT devices are important. Typical IoT devices require a local low power wireless connection along with an Internet connection. For most such applications and solutions, a gateway is required to connect the sensors to the Internet via some form of local infrastructure or using a cellular connection.
Current authentication and security algorithms used for IoT devices, like advanced encryption standard (AES), require lots of processing power and therefore reduce the useful lifetime of a device. Moreover, due to the power and space requirements for implementing AES, many devices simply don't implement security and authentication functions at all. Moreover, use of AES128, for example, requires the algorithm to work in 16 byte blocks, but due to the small payload sizes in an IoT application, padding to 16 byte boundaries is wasteful. Moreover, the small size of IoT devices typically means they lack hardware instruction sets that accelerate AES implementations. Finally, implementing algorithms such as AES require many CPU cycles, which directly effects the useful battery life. What is needed is a way to permit authentication and security of IoT devices that is part of an algorithm that has a small footprint, low power usage, and strong authentication and security.