Want to learn more about security, Veridify's methods and how they are used. This list of Frequently Asked Questions may have the answers.
Introduction to Security
- What is security?
- Why should folks care about security? Don’t most devices conform to security standards?
- Why is it hard to secure the IoT?
- What are Private Key security methods?
- What are Public Key security methods?
- So why aren’t Public Key security methods broadly used to secure the IoT today?
- What problem does Veridify solve?
- What does Veridify provide that no one else does?
- How is Veridify technology deployed?
- What is the Ironwood Key Agreement Protocol (IronwoodKAP)?
- What is the Walnut Digital Signature Algorithm (WalnutDSA)?
- How does Veridify perform against alternatives?
- Is Veridify a standard?
- Who are typical Veridify end users?
- What does a use case for Veridify methods look like?
- When is it import to use methods which are post-quantum ready?
- Can you tell me about Veridify as a company?
- How are Veridify methods delivered?
- What kind of support is available?
- How easy is it to try out Veridify’s methods? Where can I find more information?
People often think about passwords or encryption when the topic of security comes up. However, it is so much more. It can be about data integrity, data confidentiality, authentication, message repudiation, creating a chain of trust, or a secure boot. In the realm of embedded MCUs, as an example, there are basically two categories of security: “device security”, and “device-to-device” security. Device security can include secure boot, trusted secure IP, trusted execution environment, data and address scrambling, etc. Device-to-Device security provides additional protection to MCUs that connect to external devices. Device-to-device security may include identification and authentication methods to ensure that the MCU is really talking to the device it claims to be, and methods to protect the data passed between the MCU and external device (e.g. integrity and confidentiality).
The extraordinary growth of the Internet of Things (IoT) has given rise to a problem. While we all enjoy the convenience associated with our connected devices, nearly every day we can read about compromised cars and the vulnerability of our infrastructure. The problem is a lack of security. The truth is that many of the edge devices in the IoT are powered by processors that never had security in mind and are either unable to implement effective security or have not been deployed in a manner that makes them secure.
The consequences of the lack of IoT security are significant. Some statistics from a consumer survey sponsored by ESET/NCSA:
- 50% of consumers indicated cybersecurity concerns for an IoT device that discouraged them from purchasing
- Over 40% of respondents are “not confident at all” that IoT devices are safe or secure
- 88% of respondents have thought about the potential for hacking associated with IoT devices
We are handicapped in securing low-resource processors by the security tools that are decades old that never contemplated 8-, 16- and low-end 32-bit devices playing critical roles in controlling our infrastructure or managing sensitive data. That is because these legacy methods use 256-bit to 4,096-bit operands to perform their computations and multiplying or dividing these large numbers on an 8-, or 16-bit processor is very taxing. To use security, we generally have two options available today:
- Public Key methods which do not fit on many of our IoT edge devices, and
- Private Key methods which do not easily scale when used for authentication.
In Private Key (also called Symmetric) systems, one side may use a key to encrypt data, turning plain text into cipher text, and the other side will decrypt the ciphertext using the same key to reproduce the plain text. We use the same key at each end – hence the term symmetric (AES is an example of a symmetric method). Developers have two choices when implementing a private key system. They can assign the same encryption/decryption key to all devices in the system, or they can create a unique key for each device in the system. The disadvantage of using a common key is that a single breach will break the entire system. At scale, distributing keys requires putting the keys in a database in order to associate a unique key with a given device. This brings up a number of issues. How do you maintain and update this database in a timely fashion? Who has access to it? Securing these databases is made difficult because they require a network connection, but real-time access to the database is crucial for the system to operate. As you can see, the disadvantage of creating a unique key for every device in the system has to do with scalability and is often referred to as the key management challenge.
Public Key methods (also called Asymmetric) solve Private Key system’s key management challenge by providing each party with a pair of keys. One key is never shared with anyone – the private key. The other key is a public key that is mathematically derived from the private key; this public key is offered to whoever requests it. To use this method, when two parties meet, they will exchange their public keys (typically signed by a Certificate Authority), and then perform a calculation using their hidden—never shared—private keys. This calculation can take different forms, but in one form it gives each party a mutually shared secret. This accomplishes two things. It proves to each party that the other party is in possession of the private key that is bound to their public key, i.e. that the other party is authentic. It also provides the basis for creating an ephemeral session key that can be used with a symmetric method to encrypt and decrypt messages passed between the parties. It should be noted that this entire operation may be performed without the need for a network connection or database look-up. There are several public key methods – RSA and Diffie Hellman being the originals. Moreover, there several derivative methods including Elliptic Curve Cryptography, Lattice Methods, and Group-Theoretic Cryptography, to name a few.
Public Key methods fit and run on your 64-bit laptops, tablets, and smartphones but they were never contemplated for low resource 8-, 16- or 32-bit devices that are the foundation of the IoT today. Methods in common use today such as Elliptic Curve Cryptography (ECC) and RSA are often too big for small devices such as sensors and actuators, and often too slow because they multiply large (256-4096 bits) numbers. This is very difficult to do on small 16-bit devices. Just imagine the complexity of breaking large numbers into 16- or 8-bit chunks, performing mathematical operations on the chunks, and then piecing them all back together!
Veridify’s Security Methods
Veridify addresses the challenge of securing host/gateway devices and the vulnerable endpoints those host devices connect to. Unfortunately, most of those endpoints do not have the space to run current security methods and if one can get security to fit, security can run too slow or drain too much power. Veridify’s methods provide fast, small footprint, low-energy, quantum resistant, authentication and data protection for devices like Intel FPGAs and the 8-, 16-, and 32-bit devices they communicate to. Veridify’s methods can deliver security and performance advantages in software.
Veridify leverages a branch of mathematics called Infinite Group Theory, that is the foundation of these methods, and Group Theoretic Cryptography (GTC). This underlying math is over 100 years old, and GTC has been studied since the mid-1970s, the same timeframe as other methods such as RSA. It performs most calculations using small numbers (operands), only 8- to 32-bits, vs. 256-4096 bits required by ECC and RSA. As a result, Veridify methods are ideal for small, low-resource environments like the 16-bit RL78, the MSP430 or the 8-bit AVR. In summary – Veridify methods fit where no other methods can and deliver superior performance that is orders of magnitude superior to alternatives.
Veridify has developed several methods or protocols that will address most identification and authentication requirements. Two of these methods include:
- Ironwood Key Agreement Protocol™ (Ironwood KAP™). This protocol allows two devices to create a mutually shared secret without having prior communications. It is optimized for cost, power, and size and is ideally suited to address the security needs of the smallest devices on the market.
- Walnut Digital Signature Algorithm™ (WalnutDSA™). WalnutDSA allows one device to create a message that may be verified by another device. In the case of WalnutDSA, Veridify has been able to demonstrate significant performance improvements compared to ECDSA.
Ironwood KAP is a fast, low-energy, quantum-resistant key agreement protocol for connected devices that enables the two parties to authenticate each other. A key agreement protocol enables two parties to generate a shared secret over an open channel without any prior communication. In a typical application, two parties are involved in running Ironwood. A derivative of the secret that each party computes may be used as an encryption/decryption key to protect data that may be subsequently communicated between the two parties. Key features:
- Faster than ECDH
- Available for both software and hardware implementations
- SDKs available for a wide range of 8-, 16-, and 32-bit microcontrollers
WalnutDSA is a fast, low-energy, quantum-resistant digital signature algorithm. WalnutDSA allows one party to generate a message that may be verified by another party. The algorithm allows a signer with a private/public key pair to create a digital signature associated to a message which can be validated by anyone who knows the public key of the signer and the WalnutDSA verification protocol. Key features:
- Faster than ECDSA
- Available for both software and hardware implementations
- SDKs available for a wide range of 8-, 16-, and 32-bit microcontrollers
Veridify has created demonstrations on a wide range of platforms to highlight the benefits of Veridify’s methods compared to ECC. This testing illustrates that Veridify methods run in software faster than ECDSA / ECDH on common platforms and the results are even better in hardware. These performance characteristics translate directly to longer service life when the device is supporting a battery-powered product.
In some situations, other methods don’t even fit –they require more space than is available on the device. The fact that Veridify can achieve these results in software makes Veridify methods ideal for low resource processors that need to communicate with an FPGA.
All of Veridify’s security methods are published to support peer review, and the firm been very active in a variety of the Standards and industry bodies for many years, including ISO, ETSI (EU standards), IETF and SAE. Veridify is a member of the Global Semiconductor Alliance and was enlisted to participate on their IoT Security Working Group. Veridify’s team will continue dialogue with standards organizations, both in the quantum space and IoT Security sector, contributing to guidelines for addressing device-level cybersecurity.
In June 2019, Veridify’s security library received ISO 26262 Automotive Safety Certification. The company’s software development methods conform with the strictest requirements, receiving an Automotive Safety Integrity Level (ASIL) “D,” the highest classification for safety-critical processes.
Using Veridify’s Methods
Typical end users are IoT customers including players in the smart city, connected industry, connected building, connected car, smart energy, connected health, smart supply chain, smart agriculture or smart white goods manufacturers, building automation and smart retail segments. Customers in all those market segments may have edge devices in the field that need to communicate securely to “home” devices. The devices may need to validate who they are talking to, that a command given is authentic, or that the code running on the edge device has not been tampered with.
With Veridify methods and tools, customers can deploy a broad range of security authentication and identification solutions for many products and markets it addresses today - including medical devices, small appliances, smart energy solutions, and industrial automation tools. To give you an idea of how these security methods might be applied, here are three real-world examples.
- Secure Firmware Update. Customers concerned about ensuring that firmware on an MCU or FPGA is updated securely, once deployed, can leverage Veridify’s Walnut Digital Signature Algorithm to guard against the loading of unauthorized firmware in the field. An MCU or FPGA running WalnutDSA Verify can validate firmware that has been signed by a trusted party (usually the creator of the firmware). To implement this solution, Veridify provides a signing app and SDK for Linux and Windows for development, and an HSM-based appliance for production.
- Protection Against Anti-Counterfeiting. Customers who want to guard against the possibility that an end user might use an off-market or counterfeit component for their product can embed Veridify methods on an MCU tied to that product, allowing the part or asset carrying the MCU the ability to “authenticate” itself to another component or system. For example, this type of implementation could allow a power tool to only operate with a manufacturer’s authorized MCU-enabled battery. In this example, a battery pack that includes an MCU provisioned with Ironwood, WalnutDSA, and AES, can be used to authenticate itself to the product it powers – and enable the powering of the device only if the battery pack is authentic. All authentication would be performed without the need to connect to a cloud or network.
- Future Proof Identity Assurance and Message Integrity. Operators of critical infrastructure (as an example) will want to ensure that when a remote device receives a command, the authenticity of the sender and the integrity of the command is ascertained before acting on the command. In such cases, Veridify methods can be used to allow the remote edge device communicating with a hub or gateway to validate the signature associated with the command to ensure that the command is authentic. And because critical infrastructure is often in place for ten years or more, the ability of quantum computers to break current security methods within the next ten years should be a concern; Veridify methods are resistant to all known quantum computing threats.
If your customers are designing solutions that will be in the field for more than five years, then they need to consider the current development of quantum computers that will break popular security methods like ECC and RSA. Announcements from IBM, Microsoft, and Google have recently highlighted rapid advances in quantum computing.
Veridify cryptography methods are resistant to all currently known quantum computing attacks.
Veridify has achieved recognition for its innovation from the Linley Group, Silicon Valley’s leading semiconductor analysts, who awarded Veridify with “Best Technology” for 2017, and at Arm TechCon which awarded Veridify with “Best Contribution to IoT Security” in 2017 and finalist for the “Design Team of the Year” in 2018. Veridify was founded by world leading mathematicians nearly 15 years ago. The company is based in Connecticut and has offices in the Bay Area to support close collaboration with customers.
Veridify methods are available in software, ensuring fast and cost-effective implementation. Additionally, Veridify has collaborated with many leading players in the semiconductor ecosystem to deliver authentication methods including Intel, ST Microelectronics, Renesas, Synopsys, ARM, RISC-V and many others. Veridify also offers hardware implementations of its methods to maximize performance but because Veridify methods are already so efficient, software-only implementation are generally sufficient to meet most requirements as they are still orders of magnitude more efficient than alternatives.
Veridify stands ready to support your discussions with customers. There are presentations and demos that highlight the superior performance of Veridify methods on a wide range of platforms. The firm offers free security consultations. Please do not hesitate to reach out and let us know what Veridify can do for you.
Veridify has a wide range of tools available for your development and assessment including IoT embedded SDKs. You or your customers can request your SDK by contacting us directly at firstname.lastname@example.org .