Applied cryptography is an essential enabler of security and trust in IoT and IIoT, supporting important protection goals such as confidentiality, integrity, authenticity, and non-repudiation. Despite remarkable progress over the last decades, today's cryptographic solutions do not meet by far all the requirements that arise in new and next generation IoT environments.
- Current cryptography for IoT and IIoT does not match all the required functional requirements for new and expected future applications. For example, there is no adequate protection of confidential data on an embedded IoT device or in the cloud, in particular in the long-term and over the complete life-cycle of data
- Fundamental cryptographic building blocks such as RSA and ECC primitives are threatened by future attacks, in particular through quantum computers and physical implementation attacks. There are no efficient, reliable and well established alternatives for IoT and embedded systems.
- Agile cryptographic systems and update mechanisms are not sufficiently considered in IoT, which leads to system inflexibility and hinders the ability to adapt quickly to newly developed cryptographic algorithms when vitally required.
- Existing solutions lack sound implementations and often facing inadequate integration.
- Engineers and developers in the IoT sector are often not experts in cryptography, which makes it almost impossible to correctly apply cryptographic schemes in a proper way.
The question is which cryptographic mechanisms can be designed, implemented and deployed for such components. It is important to develop a deep understanding of the context in which the security services and cryptographic implementations are used and to combine this with the knowledge about relevant algorithms, protocols and countermeasures. With this, our cryptographic engineers at Fraunhofer Singapore are able to design and implement robust and efficient cryptographic building blocks tailored to concrete application scenarios, both now and in the future. We develop building blocks and provide services in the following areas:
Cryptographic Building blocks for IoT and Industrial Applications
The application of cryptography in new or existing systems often leads to requirements that cannot be completely covered by existing solutions. For instance, applications that allow only a low communication bandwidth, infrequent connectivity or lossy communcation links have special requirements that cannot be met with the usual protocols deployed in standard computer networks. We research and develop solutions for new applications and protocols to enable secure communication for systems with new requirements. Cryptography is often a major but necessary cost factor, because it adds many overheads, such as area, runtime, or RAM/ROM consumption. Implementations that are also secure against fault or side-channel attacks are even more costly. Therefore, faster, smaller and at the same time still secure implementations are an important building block for secure systems. We research and develop efficient implementations of cryptographic algorithms. This includes optimizations for hard- and software implementations and also new and more efficient countermeasures against fault- and side-channel attacks.
Quantum-safe Cryptographic Engineering
In the next decades, powerful quantum computers will likely become a reality. This development will render most of our current algorithms for public-key cryptography insecure. Therefore, new post-quantum (PQ) cryptographic algorithms are needed, ones that can resist such attacks. We do not know when or even if quantum computers will become a reality — but once they arrive, they will break confidentiality, privacy, and authenticity of our modern communication. It will no longer be possible to trust digital certificates and signatures and it will no longer be possible to exchange secret keys for data encryption using current cryptographic primitives like RSA, ECC, DH, DSA, and so on. However, there is hope: The cryptographic community is working on post-quantum cryptography in order to provide alternatives using hard mathematical problems that cannot be broken by quantum computers. There is a zoo of alternative cryptographic primitives and protocols that are under investigation and standardization bodies like NIST and ETSI are starting processes to standardize post-quantum algorithms. Yet, many challenges remain, for example:
- Which schemes do we trust?
- Which metrics can we use in order to quantify the security of cryptographic schemes against quantum computers?
- What parameters do we choose in order to balance security and usability?
- How can we improve the efficiency of post-quantum schemes?
- How can we achieve efficient implementations of post-quantum schemes?
- How do we achieve secure implementations of post-quantum schemes?
- How can we migrate from current cryptography to post-quantum schemes?
- How can we agilely update products in the field?
- How do we make current systems compatible to post-quantum schemes?
- How do we inform industry, politics, and the public about quantum computing and post-quantum cryptography?
- What schemes and what parameters should we standardize?
- What is the impact of legislation and regulation?
Academic research in this area is mainly focusing on theoretical aspects of postquantum cryptography while industry requires specific recommendations of cryptographic schemes, secure parameters, and implementations.
Fraunhofer Singapore and Fraunhofer SIT researches and develops the cryptogrpahic building blocks for the future, by investigating how to implement new algorithms such as code-based, hash-based or lattice-based post-quantum cryptosystems in secure and efficient ways. We investigate side-channel robustness and ressource efficient implementation. We also provide consulting services on how to migrate to post-quantum algorithms. We investigate and research on agile cryptography and update mechanisms for IoT.