Intertrust subsidiary whiteCryption has announced the latest edition of its Secure Key Box (SKB) offering, with support for the Speck lightweight block cipher – used to allow low-power IoT devices to encrypt data using the cipher key. However, Speck is currently the subject of a controversy, with the International Organization for Standardization (ISO) rejecting Speck and its brother Simon – because of the cryptography community’s distrust of its author, the USA’s National Security Agency (NSA).
Now, whiteCryption isn’t Speck-only. Users of the SKB can opt to use different ciphers to encrypt their data, running it through the cipher using a secret key word that another trusted party can then use to decrypt the transmission. In the announcement though, whiteCryption says that Speck is well-suited for IoT devices because of its small memory and code footprint, and its key-defense hardening – which prevents the trusted keys from being ‘in the clear.’
Lots of IoT business cases call for battery-powered devices, deployed out in the field. In order to maximize battery life, for a device where a single visit by a technician to replace a battery could scupper the entire business model, one of the easiest ways to improve the battery life is by reducing the computational requirements of the device.
As such, these sorts of IoT devices are not able to access the security software that machines in data centers can, which is why solutions like the SKB have been designed. The other major pressure on these devices is the manufacturing cost, and at scale, many device makers will try to cut BOM corners by skimping on the hardware required to support security features.
More well-known examples of ciphers include the Rijndael cipher, of which Advanced Encryption Standard (AES) is a subset. AES is notable because it is currently the only publicly available cipher approved by the NSA for use with top-secret information – although you need to be used an NSA-approved hardware module. The whiteCryption SKB needs no such hardware – it is software-only, and so only concerned with Speck, and not Simon as well.
Intertrust is a well-respected name in the cryptography space, best known for its work in Digital Rights Management (DRM). It says that the SKB makes key extraction extremely difficult, which is of course quite important for devices that are going to be used out in the field, where attackers could easily gain physical access to them. Intertrust cites connected cars, medical devices, smart meters, and home automation as applications that would benefit from the SKB.
“Our whiteCryption team is constantly innovating to deliver the highest level of security, while overcoming inherent technical challenges,” said Bill Horne, GM of whiteCryption. “With the addition of Speck, IoT device manufacturers can now leverage lightweight cryptography on devices that have limited space and computing power and be assured that those devices can participate securely in the wider ecosystem in which they reside.”
So, now to wade into the recent NSA-ISO controversy – an insight into the murky world of global security and standardization. The ISO rejected Speck (software only) and Simon (hardware optimized), prompting NSA Capabilities Technical Director Neal Ziring to say, in a statement to CBR, that “both Simon and Speck were subjected to several years of detailed analysis within NSA, and have been subject to academic analysis by researchers worldwide since 2014. They are good block ciphers, with solid security and excellent power and space characteristics.”
Ziring went on to add that the “NSA devotes our decades of cryptologic experience towards breaking codes for foreign intelligence and making codes to secure US National Security Systems (NSS) – offering strong algorithms for consideration as international standards is often the best way to ensure that such algorithms are implemented in products on which national security depends. That was the basis for submitting Simon and Speck to ISO.”
Now, as far as Riot can tell, there is nothing in the Speck cipher itself that rings alarm bells. Rather, it has been the way that the NSA has presented the cipher to the crypto community that has unnerved people. In the WikiTribune, the outlet that broke the news back in April, the ISO said that the US delegation, including those NSA officials, had refused to provide the standard level of technical information needed to proceed with the standardization process.
A view of the NSA’s behavior is provided by Tomer Ashur, a fellow at KU Leuven in Belgium – the university that the two creators of the aforementioned Rijndael cipher attended. Ashur, as part of ISO, was involved in rejecting Speck and Simon, and writing in the Linux Crypto Mailing list, outlined his view of the recent history. It’s a pretty scathing account, and well worth the read.
In it, Ashur asserts that the “NSA has done quite extensive work in muddying the waters, arguing that Simon and Speck are secure and that all objections are political. This is not true. The bottom line is that there are still many open questions about their security; questions that the NSA has, on multiple occasions, refused to answer.”
Ashur adds that a main concern was the lack of a design rationale document and internal cryptanalytic results, and then a later apparent U-turn that produced the design rationale – after it became clear that the NSA was facing objection. However, Ashur says that the rationale “includes omissions, falsehoods, half-truths, and outright lies,” before outlining them in quite some detail. Of particular concern is the NSA’s reluctance to explain how it decided on the number of rounds to use in the cipher, which Ashur explained to Riot would be concerning regardless of author – stressing that the security status of the ciphers is unclear. In the security world, that lack of clarity is unacceptable.
In summarizing the problems, Ashur states that “having so many problems in a document meant to convince people that you’re not doing anything sinister is either an indication for some serious incompetence, or an indication that something sinister is actually happening. Either way, it is clear that this document is meant for PR and has no scientific value. It surely does not inspire confidence in the algorithms.” According to Ashur’s account, the NSA was given around three years to address the ISO concerns, but failed to do so.