Cisco open-sources experimental small message encryption for cloud, IoT

Networking giant Cisco is open-sourcing an experimental cipher that could help preserve privacy in the cloud and the Internet of Things.

Cisco software engineer Sashank Dara describes the cipher as FNR (Flexible Naor and Reingold) and says that its a variant on the work of Naor and Reingold from a paper published in the Journal of Cryptology. That permits the encryption of small messages without a great amount of bloat.

Common ciphers used in todays encryption tend to generate fixed width messages. For example, AES has a fixed block lengthfrom 128, 192, or 256 bitsand any length of data smaller than that automatically gets padded to fit the full width.

For most situations where encryption is usedsuch as person-to-person communications or the exchange of large amounts of datathis isnt that big of a problem since these examples send a lot of data with a low number of messages. However, in a cloud or Internet of Things situation a lot of small messages might be exchanged rapidly in order to keep real-time data flowing.

Dara adds that the system would be useful for exchanging small chunks of data such as IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths. This way FNR could also be extremely useful for adapting encryption to legacy databases that require a set column length to store data.

As for Daras example for the cloud: Usethe FNR cipher in whats called ECB (electronic codebook) mode, which does not give strong security to the underlying data but does deliver a level of anonymity to ingested messages. He suggests that such an application would be good for cloud-based monitoring of a system that also needs to preserve the data anonymity of the monitored subject. Its not always necessary to know what a system is doing to gauge its overall health and, given that a logging service could also be hacked, anonymizing data would resist further intrusion.

The code has been open-sourced under the LPGLv2 license and is available at github. Alongside the code Cisco provides a demonstration application that encrypts IPv4 addresses as an example. The specifications also caution that this code is experimental and is not ready for production systems.

This sort of cipher could have implications for any system that needs to exchange lots of messages over thin bandwidth that have a high chance of being intercepted. Dara suggests that cloud is a potential use, but another space that could use such a cipher is Internet of Things applications.

Low-power wireless sensors, common to IoT solutions, need to make the best of their power and bandwidth when sending information back to receivers and at the same time open up clients to potential privacy breaches. Being able to encrypt smaller bursts of data would open up new avenues for developing private messaging for a large number of industries.

The USPS recently started seeking solutions from IoT vendors and one of the primary concerns about any solution included keeping customer data private. To maintain privacy for customers of any IoT endeavor would need to include everything from databases and cloud (the datacenter where a lot of encryption is already used) as well as from parcels and trucks (the IoT side that would benefit from FNR.)

More here:
Cisco open-sources experimental small message encryption for cloud, IoT