Cybersecurity

NIST seeks 'lightweight' encryption standards

Letters of word encyption highlighed on text background 

The National Institute of Standards and Technology will seek public comment next week on the best way to design evaluation criteria dictating new encryption standards for small computing devices.

The agency will eventually call for cryptographers and researchers to submit algorithms to encrypt data on smaller "constrained devices," such as RFID tags, industrial controllers, sensor nodes and smart cards. Such components are often present in automobile systems, internet-of-things devices, the smart grid and distributed control systems.

NIST is asking for feedback on the requirements and evaluation criteria that will guide that process. According to a notice scheduled to be published in the Federal Register on May 14, current NIST encryption standards were designed for "general purpose computing platforms" like personal computers and tablets, and the agency says they have not been optimized for smaller devices and could lead to performance issues.

"The shift from desktop computers to small devices brings a wide range of new security and privacy concerns," the notice reads. "It is challenging to apply conventional cryptographic standards to small devices, because the tradeoff between security, performance and resource requirements was optimized for desktop and server environments, and this makes the standards difficult or impossible to implement in resource-constrained devices."

The 45-day comment period is scheduled to begin when the notice officially publishes on May 14. Following that process, NIST will put out a call for public submissions of encryption algorithms from security experts, cryptographers, academia and government. The algorithms will be subject to a year of public review and an additional 10 to 11 months of analysis by NIST officials before being considered for standardization.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.