For the last few years, Tirana-based software company division5 has been working on how to […]
Data encryption and authentication are playing a larger role in the lives of modern-day users than ever before. Everyday activities, such as protecting the information on one’s laptop, through using the keyless entry system of one’s car all require secure transmission of the electronic signals to keep the user from experiencing data breaches. Nowadays, even the smallest gadgets require such type of protection, which poses a challenge to scientists to come up with an efficient software component that is simple enough to be implemented on small electronic devices with highly constrained computational resources, due to their size.
One such example is SPARKLE – a family of algorithms that ensures confidentiality and integrity protection. The solution solves the problem of efficient encryption and authentication on the so-called lightweight devices, such as wearable health trackers, keyless locks, security cameras, and other sensors that are part of the Internet-of-Things (IoT).
SPARKLE was developed jointly with the participation of scientists from the University of Edinburgh, the University of Luxembourg, and the Inria Paris Research Centre. At the beginning of 2021, the technology was shortlisted among the 10 finalists in a public call for worldwide standardization of new lightweight cryptographic algorithms. The initiative was organized by the US National Institute of Standards and Technology (NIST). SPARKLE was one of 56 other candidates, submitted from different research teams across the world.
The Recursive talked to Bulgarian Vesselin Velichkov, scientist and co-designer of SPARKLE, to understand more about the solution and how it solves the encryption problem for small electronic devices.
The need for data authentication
Velichkov graduated from the Technical University Sofia in 2002, with a Master of Science in Communication Engineering. It was a “Computer Networks” course he took that spiked his interest in cryptography and motivated him to pursue a doctoral study on the subject, which culminated in a Ph.D. from KU Leuven, awarded in 2012. Between 2012 and 2019, Velichkov was a postdoctoral researcher at the University of Luxembourg and the Nanyang Technological University. In 2019, he became a lecturer in Security and Privacy at the School of Informatics of The University of Edinburgh..
The scientist shared that SPARKLE was the outcome of years of previous work on a certain class of cryptographic algorithms, known as ARX (for Addition-Rotation-XOR): “The arithmetic operations, on which ARX algorithms are based, are natively supported on all modern central processing unit architectures, which makes them extremely efficient. This is the reason why SPARKLE, being an ARX algorithm, is especially suitable for lightweight applications.”
In general, lightweight cryptography is an encryption method with low computational complexity and a small footprint that allows for encryption on small devices with limited capacity. “The rising importance of lightweight cryptography has been dictated by the growing number of small electronic devices that have become an inseparable part of our everyday lives. The area has become especially critical in the last couple of years with the ever-growing number of interconnected IoT devices. The need for secure communication and data storage for such devices is pressing especially in industries such as healthcare, banking, and automotive,” Velichkov explained. “We already have well-established, robust, and secure algorithms such as the Advanced Encryption Standard (AES) that can be used in lightweight settings as well. The goal of the NIST initiative, however, is to come up with solutions that are more efficient than the existing ones,” he added.
Securing keyless entry systems and health devices
SPARKLE is suitable for applications in which it is critical for a device to ensure secure communication or secure storage of sensitive data where only limited resources are available. SPARKLE can be integrated into card readers, security cameras, parking meters, controllers for electric motors and valves in industrial applications, movement sensors, baby monitors, and any networked sensors in the context of Smart City.
The solution is applicable for securing keyless automobile and smart home locks. When a key fob is used for unlocking the property of a user, it transmits electronic key information with the lock through wireless technologies, such as Bluetooth Low Energy, or WiFi. The process is encrypted for security purposes, otherwise, it can be captured and used by intruders. Non-authenticated encryption, however, is not enough to adequately protect the owner’s property, as the electronic signal transmitted can be copied and replicated by an attacker. SPARKLE provides lightweight authenticated encryption, which means the algorithm accepts the encrypted message only if it comes from an authorized party, thus reducing the risk of proprietary damage.
SPARKLE can be used in the healthcare industry, for wearable health monitoring technologies, such as oxygen and heart rate monitoring rings and bracelets. The lack of protection of sensitive health data can lead to privacy outbreaks, connected to leaking a patient’s health records. The algorithm is suitable for cardiac devices, including pacemakers which often require information exchange and instructions from an external device, making a malicious attack by a third party a life threat for patients.
The SPARKLE family of algorithms performs better than other algorithms on several key platforms such as ARM Cortex-M0 and ARM Cortex-M4 microcontrollers, which are commonly used in IoT applications.
Developing the lightweight algorithms of the future
Since its proposal in 2019, SPARKLE has undergone external analysis and no major weaknesses have been found to date, according to Velichkov. Currently, the algorithm is being considered for standardization by the US National Institute of Standards and Technology (NIST), together with 9 other competing algorithms. The results of the final round of the NIST open call are expected in the first quarter of 2022.
Velichkov said that the deployment of SPARKLE depends on the final outcome of the competition. Until the results come out, the joint team will be focusing on enhancing their solution: “Recently, two hardware experts from Ruhr-University Bochum joined our team. They are working on the hardware implementation of the algorithm, which is one of the current priorities,” the co-designer added. The scientist is also working on another project at the University of Edinburgh which is researching the design of a system for anonymous communication for lightweight devices: “The system will naturally employ a set of lightweight cryptographic algorithms and SPARKLE may be one suitable candidate,” Velichkov shared.