SPARKLE algorithm in a race to make health trackers, smart locks and baby monitors safer
Vesselin Velichkov and his collaborators are in the final of a race to solve the encryption problem in very small electronic devices such as smart locks, health trackers or baby monitors. Velichkov is a co-designer (with partners at the University of Luxembourg and INRIA, Paris) of the algorithm SPARKLE, shortlisted in the standardisation process for new lightweight cryptographic algorithms organised by the US National Institute of Standards and Technology (NIST). From 56 submissions, 10 have been shortlisted after two years of public evaluation.
Limitations of small electronic devices
SPARKLE is a family of algorithms that provides confidentiality (via authenticated encryption) and integrity protection (via hashing) of data stored or processed on very small electronic devices. All such devices have very limited computational resources. As a result, it is often not very efficient to deploy on them existing cryptographic algorithms such as the Advanced Encryption Standard. All selected 10 finalists in the NIST competition solve this problem by proposing efficient solutions for such resource-constrained applications. The SPARKLE family of algorithms, in particular, outperforms other algorithms on some platforms such as e.g. the ARM Cortex-M0 and ARM Cortex-M4 micro-controllers -- both widely used in IoT applications.
How smart locks work – and what makes them vulnerable
An example of devices this would apply to are key fobs used to open keyless vehicles or smart locks in a smart home, which provide keyless access to a property controlled by a physical token such as a smartphone or a smart card. When the token is placed in the proximity of the lock, the two exchange information over some wireless technology, typically Bluetooth Low Energy (LE), RFID or WiFi.
Part of the exchanged information represents the electronic key (a stream of bits) that releases the mechanical locking mechanism of the smart lock. If sensitive information such as the electronic key is transmitted in the clear (i.e. not encrypted), the transmitted signal can be captured, key copied and used to unlock the door by an attacker provided they are in the vicinity of the legitimate property owner during the process of unlocking.
Schwaemm scheme at work
Protecting transmitted sensitive information by the means of encryption is not sufficient for adequate security and this is where (lightweight) authentication comes into play. If the transmitted key is encrypted, but not authenticated then the attacker can copy the (encrypted) signal and simply replay it in front of the lock at a later time. Even though they don’t know the content of the encrypted message (i.e. the electronic key), the lock will correctly decrypt it and access will be granted. When the electronic key is not only encrypted, but also authenticated it will be accepted as valid only if it comes from the authorised party (i.e. the legitimate property owner). Performing authentication and encryption in a single data pass -- technically called Authenticated Encryption with Associated Data (AEAD) -- is one of the core functionalities provided by the lightweight authenticated encryption scheme Schwaemm, which is part of the SPARKLE family of algorithms.
Health trackers, pacemakers and baby monitors
Numerous other small electronic devices require adequate cryptographic protection from malicious attacks. Wearable devices for in-home health monitoring, such as health tracker rings worn on a finger to continuously monitor heart rate, oxygen saturation and sleep patterns or wearable bracelets for measuring insulin levels in diabetics store and transmit sensitive health data to a hub or a smartphone later to be uploaded in the cloud.
Failure to properly protect such information through encryption and authentication may have fatal consequences for the patient or at least cause serious privacy breaches through leaking of patients' health records.
Cardiac devices such as pacemakers require data protection through lightweight cryptography even more critically. Their function can often be controlled via instructions sent from an external device. If the communication between this device and the pacemaker is not encrypted and authenticated, then wrong instructions sent by a malicious party may have fatal consequences for the patient.
A multitude of further small devices require solution for data encryption include: card readers, security cameras, parking meters, controllers for electric motors and valves in industrial applications, movement sensors, smart watches, sports trackers, baby monitors and any networked sensors in the context of Smart City.
SPARKLE works best on microcontrollers
All computations, including all cryptographic operations, on these devices are performed by a compact integrated circuit known as a microcontroller. Microcontroller is essentially a very small computer designed to perform basic operations very efficiently. One of the most widely used microcontrollers in devices with constrained resources (as the ones above) are the Atmel AVR family and the ARM Cortex-M family (especially its M0+, M1, M3 and M4 members).
The SPARKLE family of algorithms is specifically designed to be very efficient in software on such platforms. In fact it is the most software efficient algorithm among all 10 NIST finalists on AVR and ARM Cortex-M0+ and M4 as indicated by the benchmarking results provided by NIST.
NIST standardisation process is planned to end in the first quarter of 2022. The final outcome will be a new international standard or a portfolio of standards for lightweight encryption and hashing, selected among the 10 finalists.