How Big is Your Key?

In providing cryptography solutions for wireless sensors and other devices in the Internet of Things we are often asked, Can the encryption be cracked? We think this is the wrong question to ask when evaluating a cipher. Rather, we feel the question a user should ask is How long will it take to crack this encryption?

You see, even if there is no known structural attack against an encryption algorithm, one can always simply try all the keys until you find the correct one in what is commonly referred to as a brute force attack.

The size of a cryptography key, or its length in bits, is often the metric used in describing a system’s strength. Since a bit can be either a 0 or a 1, a key of n bits has 2n possible keys. The number of possible keys grows very quickly (exponentially) as the length of the key increases. So a symmetric (private key) encryption method with even just a 60-bit key has 260, or 1,152,921,504,606,850,000, possible combinations. On the one hand, this seems like a very big number but most security people will tell you this is too small (insecure) to use today. This feeling comes from at least two key facts. First, using the law of averages, we only need to search through one half of the key combinations, on average, to find the correct key. And second, this number is made to seem insecure by the fact that our typical desktop computer can search 17 billion keys an hour. And remember, we can use more than one computer in our search!

We work with asymmetric (public key) encryption methods too, where the keys must meet certain mathematical properties, and not just any key can be used. As a result, the key sizes will be bigger to deliver the same level of security you get in a symmetric system. For example, RSA estimates that a 1,024-bit key in their method is equal in strength to an 80-bit symmetric key. There is a lot of misconception on how to use key sizes in discussing cryptography protocols.

So how can you begin to use this information to figure out the level of security for your IoT device? As suggested in my opening, the question you should ask is, How long do I need to keep this information secure?

For example, if you are looking to encrypt data on a sensitive waybill on a RF tag, that will be in transit for a week or so, using a 128-bit strength key is likely unnecessary. 2128 is a very big number (I will spare you printing it here), and assuming you had 100,000 desktop computers at your disposal, it would only take 321,318 years (I rounded down), on average, to find the key using a brute force attack. Of course, if you have the space, power, and time I am not suggesting you use something less just that it is likely far beyond your needs and the current battery life of most vendors tags. And if you are using an asymmetric method, you have just cracked one tag, as each tag has its own unique key-pair!
However, if you are looking to secure a device which will be part of the Smart Grid infrastructure for the next 20 years then you would want at least this security level and perhaps even more.

There are many factors to consider when deciding on the type of security, protocols, and strength that you should use to secure Internet of Things devices and a good way to get there is by asking the right questions for your application.

Note: The original version of this post was written by Louis Parks in 2010 and appeared in an industry association blog which is no longer online.