Cybersecurity

NIST seeks 'lightweight' encryption standards

Letters of word encyption highlighed on text background 

The National Institute of Standards and Technology will seek public comment next week on the best way to design evaluation criteria dictating new encryption standards for small computing devices.

The agency will eventually call for cryptographers and researchers to submit algorithms to encrypt data on smaller "constrained devices," such as RFID tags, industrial controllers, sensor nodes and smart cards. Such components are often present in automobile systems, internet-of-things devices, the smart grid and distributed control systems.

NIST is asking for feedback on the requirements and evaluation criteria that will guide that process. According to a notice scheduled to be published in the Federal Register on May 14, current NIST encryption standards were designed for "general purpose computing platforms" like personal computers and tablets, and the agency says they have not been optimized for smaller devices and could lead to performance issues.

"The shift from desktop computers to small devices brings a wide range of new security and privacy concerns," the notice reads. "It is challenging to apply conventional cryptographic standards to small devices, because the tradeoff between security, performance and resource requirements was optimized for desktop and server environments, and this makes the standards difficult or impossible to implement in resource-constrained devices."

The 45-day comment period is scheduled to begin when the notice officially publishes on May 14. Following that process, NIST will put out a call for public submissions of encryption algorithms from security experts, cryptographers, academia and government. The algorithms will be subject to a year of public review and an additional 10 to 11 months of analysis by NIST officials before being considered for standardization.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected