The internet of things, or IoT, connects many different types of sensors and alerting devices embedded in vehicles, equipment, structures or any other "thing" in question to online servers. This makes encryption difficult, because these tiny embedded devices can't support the energy and memory space required by typical encryption protocols.
MIT researchers may have come up with a solution: They have developed a chip that's hard-wired to perform public key encryption, but that consumes only 1/400 as much energy as software execution of the same protocols would. The MIT researchers accomplished this goal by eliminating extra circuitry for integrating smaller computations to reduce the chip's energy consumption and increase its speed. The entire Transport Layer Security protocol is also hard-wired into the chip, which dramatically reduces the amount of memory required for its execution.
In this Q&A with Utsav Banerjee, an MIT graduate student in electrical engineering and computer science who helped research and develop the chip, Banerjee describes how it will benefit IoT encryption and authentication.
What are the benefits of the energy-efficient IoT encryption chip that was developed by MIT?
Utsav Banerjee: The chip we have designed is not just for encryption, but also for authentication. In the internet-of-things setting, with devices communicating with the cloud or server, it's important that they authenticate each other so we know that devices are talking to each other, and we can trust the data that is coming from them. Usually, this authentication is done using very complicated public key cryptography, and that is the most energy-consuming part of it. We have implemented a very efficient hardware for that.
How does the new chip help ensure the security of the internet of things?
Banerjee: We looked at this protocol called 'Transport Layer Security' -- usually, whenever we are accessing email or any kind of daily activity on the internet, we are using TLS. It has been there for a long time, and people trust it. There are security rules for this protocol, and we wanted to add that to the internet of things.
We have implemented this entire protocol into hardware. From an application programmer's point of view, it makes things much simpler, because all of it has been put into silicon. If the hardware has been implemented correctly, then there are lesser chances of any errors in the security software code. Also, now that the authentication has been made so efficient, the devices can authenticate much more frequently to provide greater sense of security.
Utsav Banerjeegraduate student in electrical engineering and computer science at MIT
Do you think the chip will ultimately benefit businesses?
Banerjee: With the internet of things, there is a subclass of networks called the industrial IoT, where industries set up a whole range of sensor nodes in their plans so they can remotely monitor their equipment. These devices need to be secure, and they are usually powered by batteries, and they might be in some remote places. We consume much less energy, so there is no problem with the battery draining out, and we provide a strong security guarantee.
What are your ultimate goals for this chip? Do you think businesses will use it on a large scale?
Banerjee: We also have this very efficient resupply processor in the chip. Our initial goal was to demonstrate this like a research platform, where you have a processor and efficient security hardware. We have demonstrated the TLS protocols, but it can be used to do much more. As new security add-ons come, we can implement them very efficiently using a mix of software and hardware. We haven't talked about commercializing it yet.
Why was developing this chip important? Was the main goal to improve IoT encryption and to find an energy-efficient way to do it?
Banerjee: That was the main motivation. But if we can put more components of the security algorithms in hardware, there are less chances of the software programmer to make mistakes, because things are already set up in silicon, and you can't really modify it or make any errors. As long as the hardware has been securely designed, moving things into a hardware makes life easy for anyone who is actually implementing the application stack.