A potential standard for securing network-connected pacemakers, automobiles, and other lightweight devices has suffered a potentially game-over setback after researchers developed a practical attack that obtains its secret cryptographic key.
Known as Algebraic Eraser, the scheme is a patented way to establish public encryption keys without overtaxing the limited amounts of memory and computational resources that often constrain so-called Internet of Things (IoT) devices. Developed by scientists from Shelton, Connecticut-based SecureRF, it’s similar to the Diffie-Hellman key exchange in that it allows two parties who have never met to securely establish a key over an insecure channel.
The big advantage Algebraic Eraser has had is its ability to work using only a tiny fraction of the power and computing resources required by more traditional key exchanges. Algebraic Eraser has looked so promising that it’s an underlying technology in ISO/IEC AWI 29167-20, a proposed International Organization for Standardization specification for securing radio frequency identification-enabled technologies, wireless sensors, embedded systems, and other devices where security is paramount and computing resources are minimal.
Read 13 remaining paragraphs | Comments