Cisco open-sources experimental small message encryption for cloud, IoT
Networking giant Cisco is open-sourcing an experimental cipher that could help preserve privacy in the cloud and the Internet of Things.
Cisco software engineer Sashank Dara describes the cipher as “FNR” (Flexible Naor and Reingold) and says that it’s a variant on the work of Naor and Reingold from a paper published in the Journal of Cryptology. That permits the encryption of small messages without a great amount of bloat.
Common ciphers used in today’s encryption tend to generate fixed width messages. For example, AES has a fixed block length—from 128, 192, or 256 bits—and any length of data smaller than that automatically gets padded to fit the full width.
For most situations where encryption is used—such as person-to-person communications or the exchange of large amounts of data—this isn’t that big of a problem since these examples send a lot of data with a low number of messages. However, in a cloud or Internet of Things situation a lot of small messages might be exchanged rapidly in order to keep real-time data flowing.
Dara adds that the system would be useful for exchanging small chunks of data such as IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths. This way FNR could also be extremely useful for adapting encryption to legacy databases that require a set column length to store data.
As for Dara’s example for the cloud: Use the FNR cipher in what’s called ECB (electronic codebook) mode, which does not give strong security to the underlying data but does deliver a level of anonymity to ingested messages. He suggests that such an application would be good for cloud-based monitoring of a system that also needs to preserve the data anonymity of the monitored subject. It’s not always necessary to know “what a system is doing” to gauge its overall health and, given that a logging service could also be hacked, anonymizing data would resist further intrusion.
The code has been open-sourced under the LPGLv2 license and is available at github. Alongside the code Cisco provides a demonstration application that encrypts IPv4 addresses as an example. The specifications also caution that this code is experimental and is not ready for production systems.
Encrypting the Internet of Things
This sort of cipher could have implications for any system that needs to exchange lots of messages over thin bandwidth that have a high chance of being intercepted. Dara suggests that cloud is a potential use, but another space that could use such a cipher is Internet of Things applications.
Low-power wireless sensors, common to IoT solutions, need to make the best of their power and bandwidth when sending information back to receivers and at the same time open up clients to potential privacy breaches. Being able to encrypt smaller bursts of data would open up new avenues for developing private messaging for a large number of industries.
The USPS recently started seeking solutions from IoT vendors and one of the primary concerns about any solution included keeping customer data private. To maintain privacy for customers of any IoT endeavor would need to include everything from databases and cloud (the datacenter where a lot of encryption is already used) as well as from parcels and trucks (the IoT side that would benefit from FNR.)
photo credit: FutUndBeidl via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.