Cisco Blogs
Share

Collaborating with NCSU to promote lightweight crypto validation and assessment


December 18, 2017 - 0 Comments

Cryptography is very important in today’s world. Improper or maliciously altered crypto implementations have been a concern for the industry in recent years. To alleviate the risk, Cisco has been working with the industry, the National Institute of Standards and Technology (NIST) and other international organizations on finding ways to validate crypto implementations and speed up crypto certifications like FIPS or Common Criteria. The output of these efforts is the Automated Cryptographic Validation Protocol (ACVP).

ACVP enables crypto implementations to interact with a server that provides crypto test vectors which the crypto implementation encrypts and sends back. The server can then check for correctness which would mean that the algorithms are implemented correctly. ACVP can be used for validations of the cryptographic modules. Cisco has open-sourced an ACVP client that implementers can use to validate and certify their algorithm implementations against NIST’s or 3rd party servers.

ACVP Architecture

On the other hand, constrained environments cannot always use all the commonly accepted crypto algorithms available because of their constrained nature. A battery operated sensor, for example, cannot use 3072-bit RSA because it would deplete its battery faster and because of the processing load. NIST’s Lightweight Crypto Program is working on defining lightweight crypto algorithms suitable for these constrained endpoints. Some of the lightweight algorithms are documented in their Report on Lightweight Cryptography. Additionally, a recent paper from NIST’s 2016 LWC Workshop describes a methodology of using use Joules/byte as a metric for evaluating the algorithms’ energy efficiency.

What if we introduced ACVP in Lightweight Crypto for constrained environments? Could ACVP be used to validate lightweight crypto implementations and provide energy efficiency metrics for these modules that are important for constrained environments? These were some questions we were interested in answering and proposed to North Carolina State University (NCSU)’s Computer Science (CSC) Senior Design Center as a Senior Design Project.

The NCSU CSC students who jumped into this new project were Jack Thornton, Jake Inkrote, Sam Rappl and Ian McKinnon. The project was driven by Barry Fussel and Panos Kampanakis from Cisco and overseen by NCSU CSC Senior Design Center Director, Ms. Margaret Heil, and technical advisors, Dr. Lina Battestilli and Mr. Michael DeHaan.

Sam, Jake, Jack and Ian working though their code with Barry and Panos.

The outcomes of this effort were:

We hope this work will be used and extended to expand the use cases of ACVP.

Sam, Jake, Ian and Jack on the Posters and Pies project demo day at NCSU

We would like to thank the NCSU CSC Department students, Ian, Jack, Jake and Sam, for the good work and collaboration. Also thank you to the Director of the NCSU CSC Senior Design Center, Margaret Heil, and CSC Senior Design technical advisors, Professor Lina Battestilli and Mr. Michael DeHaan. We hope it has been a good experience for them as it was a fun experience for us. The collaboration will continue…



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.