Security in IoT barely exists, which is shocking, given the rapid emergence of the "smart" world. We suggest SSA as a method for implementing security in IoT devices. It is efficient and can enforce the need for multiple devices to collaborate in the sending of signals before actuation. We are also exploring its role in eliminating IoT passwords.
We have a simple-to-use, lightweight browser extension that converts any piece of text into a sequence of purely random numbers that can only be decoded by the intended recipient. All it takes is three clicks. Even if the identical message is encoded again later, a randomly different sequence of random numbers is generated. Easy set-up and peace of mind when sending highly confidential information over non-secure lines!
Our SSA algorithm can also be applied to data stored in databases and in the Cloud. Every hour of every day, multiple company databases are being hacked, with valuable customer data compromised. With our methods, only random numbers need ever be stored.
SSA is based on secret sharing. If implemented in the correct way, secret sharing is highly secure. In fact, individual "shares" of the confidential message contain no information whatsoever about the message.
The problem with conventional secret sharing is that it cannot be used as a cryptographic cipher, as it would be necessary to transmit all shares. A hacker could obtain these and retrieve the message. SSA solves this problem.
With SSA, the master share in a communication is fixed, and a new share is created to securely transmit a message. The transmitted data (the transient share) is not merely an encrypted version of the message, but a sequence of entirely random numbers. Share-Send is resilient to all common cryptanalysis.
We suggest SSA for securing the Internet-of-Things (IoT), communicating signals comprising only random bit sequences. SSA offers several advantages over conventional ciphers, such as RSA, AES, TwoFish, etc.:
Secret sharing was first devised in 1979 by Adi Shamir, co-inventor of the famous RSA cipher. Its origins can however be traced to the one-time-pad of the 1960s. In conventional cryptography, the "plaintext" message is encrypted using a key. The result is a function of the plaintext and key, known as the "ciphertext".
In secret sharing, there are no keys, but "shares", each completely random, containing no information whatsoever about the plaintext. The plaintext, known as the "secret", is only revealed when valid subsets of the shares are combined.
There are many ways of doing secret sharing. In the simplest possible implementation, there are two shares needed, and the secret is converted into a stream of binary digits, for example 11011110001. The first share is a totally random bit stream, the same length as the secret, such as 00111001010. The second share is the binary XOR of the first share and the secret. In this example, it would be 11100111011.
The secret can now be destroyed and shares retained and distributed. It is impossible for the share holders to reveal the secret by themselves, but it can be retrieved by simply XORing the two shares.
In Shamir's method, known as Shamir Secret Sharing, there are n shares, any k of which can reveal the secret. For this a k-1-degree polynomial equation is needed, with n coordinates on its resulting curve chosen (normally at regular x-intevals), and the y coordinates are taken as the shares.
Secret sharing has many uses, such as in secure multi-party computation, securing passwords and cipher keys, and in Cloud security, but it is not currently used as a stand-alone cipher. This is the purpose of our Share-Send/Store Algorithm (SSA), harnessing the highly secure nature of secret sharing.
Technology Transfer Officer
Please feel free to contact us if you have any questions or suggestions of any kind.
Contact Neil Buckley via email bucklen [at] hope [dot] ac [dot] uk or social media above, for any technical information, or if you would like to talk about your cybersecurity needs.
Contact Howard Yates via email hy [at] tento [dot] co [dot] uk or social media above, if you would like to talk about your cybersecurity needs.