//
you're reading...
Information Security, IT & TECHNOLOGY

Elliptical Curve Cryptography for the Internet of Things


ISACA-Logo

The elliptic curve cryptography (ECC) asymmetric algorithm is widely promoted to developers for new Internet of Things (IoT) advancements. At a first glance, it is easy to see why this is the case. While IoT faces new constraints and challenges that make traditional cryptography difficult to implement, these difficulties also empower ECC to emerge as a front-runner. Constraints in IoT include limitations to computational resources such as the bare minimum processor speed and memory needed as such devices are typically designed for low power consumption. Challenges include the need to reengineer things such as identity management, device and user registration, and cryptography to suit IoT needs.

Is ECC the right cryptosystem to meet the aforementioned constraints and challenges? As ECC offers shorter keys, lower central processing unit (CPU) consumption and lower memory usage for equivalent security strength, it is easy to say yes after a quick glance. However, there are many more concerns that must be deliberated. My recent Journal article, “Can Elliptic Curve Cryptography Be Trusted? A Brief Analysis of the Security of a Popular Cryptosystem,” delves into these concerns by assessing and reviewing the key threats and challenges to the famous asymmetric cryptosystem.

Does ECC provide sufficient security that would satisfy the demanding world of IoT? The potential risk is high, and damages are not limited to data theft or loss. Compromise of an IoT device can lead to significant safety issues when related to vehicles, health care devices and control systems. Such an event, whether it results in loss of vehicle control, malfunctioning medical device or other adverse event, may result in injury or worse. Threats such as unauthorized tracking of individual’s locations, manipulation of financial transactions and compromise of the integrity of highly sensitive data (e.g., health data required for proper diagnosis) are significant enough to cause anybody to pause and think. Does the risk of ECC outweigh the rewards?

Read Veronika Stolbikova’s recent Journal article:
Can Elliptic Curve Cryptography Be Trusted?,” ISACA Journal, volume 3, 2016.

Veronika Stolbikova

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

Trackbacks/Pingbacks

  1. Pingback: This Security Blog gives a lot to think about. What do you guys think? – sec.uno - 2016/05/19

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 121,320 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,358 other followers

Twitter Updates

Archives

May 2016
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
%d bloggers like this: