Cybersecurity

NIST seeks 'lightweight' encryption standards

Letters of word encyption highlighed on text background 

The National Institute of Standards and Technology will seek public comment next week on the best way to design evaluation criteria dictating new encryption standards for small computing devices.

The agency will eventually call for cryptographers and researchers to submit algorithms to encrypt data on smaller "constrained devices," such as RFID tags, industrial controllers, sensor nodes and smart cards. Such components are often present in automobile systems, internet-of-things devices, the smart grid and distributed control systems.

NIST is asking for feedback on the requirements and evaluation criteria that will guide that process. According to a notice scheduled to be published in the Federal Register on May 14, current NIST encryption standards were designed for "general purpose computing platforms" like personal computers and tablets, and the agency says they have not been optimized for smaller devices and could lead to performance issues.

"The shift from desktop computers to small devices brings a wide range of new security and privacy concerns," the notice reads. "It is challenging to apply conventional cryptographic standards to small devices, because the tradeoff between security, performance and resource requirements was optimized for desktop and server environments, and this makes the standards difficult or impossible to implement in resource-constrained devices."

The 45-day comment period is scheduled to begin when the notice officially publishes on May 14. Following that process, NIST will put out a call for public submissions of encryption algorithms from security experts, cryptographers, academia and government. The algorithms will be subject to a year of public review and an additional 10 to 11 months of analysis by NIST officials before being considered for standardization.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.