IoT Security·ICS/OT

Order Out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT

The need for secure encryption in IoT and IIoT devices is obvious, and potentially critical for OT and, by extension, much of the critical infrastructure. The post Order Out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT appeared first on SecurityWeek.

Chaos is unpredictable – but research demonstrates that chaos theory can be manipulated to provide strong security.

Ravi Monani, a design engineer at AMD, is on a journey to provide secure encryption for small resource-constrained edge devices such as, but not entirely limited to, Internet of Things (IoT). The chosen route is to control chaos – or more specifically harness chaos theory.

The need

The need for secure encryption in IoT and IIoT devices is obvious, and potentially critical for OT and, by extension, much of the critical infrastructure.

Consider wearable and implanted health monitors. The monitors’ sensors detect intensely personal data from the wearer; and the device then transmits that data to a control system. The same principle is relevant to all ‘mobile’ hospital equipment that isn’t wired to the control system, and equally relevant to IIoTs that collect data used to control machinery on a factory floor.

The data transmission is almost always via WiFi, and must be encrypted lest it be intercepted by an adversary. However, current encryption using PKE for key distribution is under threat from future quantum computers, and hence the current drive to replace traditional encryption with NIST recommended post quantum cryptography (PQC).

The problem for IoTs is they have limited resources, while quantum cryptography requires more resources than traditional cryptography. And there remains the problem of integrating the raw data with a separate quantum random number for a secure key, and the encryption process itself.

It is considerations such as these that have led Monani to consider whether chaos cryptography might be a better solution for IoTs than quantum cryptography. His research is being funded by the National Science Foundation.

Chaos theory

Chaos theory is the study of behavior emanating from a source that is extremely sensitive to its initial condition. The sensitivity is so high that the slightest imperceptible variance in the initial condition will result in widely different outcomes. This is often illustrated as ‘the butterfly effect’. The presence or absence of a butterfly (the initial condition) can produce extensive differences in the resulting weather system (the outcome). In this sense, chaos theory is the study of unpredictability.

It turns out, however, that chaos is not ultimately and entirely unpredictable because of a property known as synchronization. Synchronization in chaos is complex, but ultimately it means that despite their inherent unpredictability two outcomes can become coordinated under certain conditions. In effect, chaos outcomes are unpredictable but bounded by the rules of synchronization.

Chaos synchronization has conceptual overlaps with Carl Jung’s work, Synchronicity: An Acausal Connecting Principle. Jung applied this principle to ‘coincidences’, suggesting some force transcends chance under certain conditions. In chaos theory, synchronization aligns outcomes under certain conditions.

Monani is working on an encryption system that can be managed through the bounds of chaos, but secured by its unpredictability – while simultaneously being light on computational and space requirements. That is, a quantum resistant encryption suitable for IoTs.

The starting point is a mathematical emulation of Chua’s circuit, an electronic circuit invented by Leon Chua in 1983. It is considered the simplest circuit able to produce chaotic behavior. The circuit can be mathematically modeled by Chua’s Equation, a system of three coupled, nonlinear ordinary differential equations. It is Chua’s equation that is implemented in Monani’s chaos project.

Chaos encryption / decryption

On chip, the IoT’s sensor data is fed directly to the encryption engine as source material. The circuit then generates chaotic output –effectively just noise – from the initial data.

There are three important effects: data goes in and random chaotic noise comes out (the ciphertext – effectively ‘data in, garbage out’); the feed is direct RTL (there is no opportunity for the plaintext data to be sniffed by adversaries); there is no separate encryption key required (eliminating the need to generate a quantum random number and securely distribute the quantum-ready decryption key).

The unpredictable (and therefore effectively, if not quite scientifically) unbreakable chaotic noise is transmitted over the public network to its destination. All of this is done at the hardware – so, without physical access to the device, there is no opportunity for adversarial interference.

Decryption involves a destination receiver running the encrypted message through the same parameters and initial conditions, and using the chaos synchronization property to extract the original message. It can only be done if the chaos engines of the sender and receiver are precisely aligned.

Chaos security

The security of this process is multifaceted. Firstly, the encryption occurs at the data source, with no chance of intercepting raw data between sensor and encryption. Secondly, the outcome of the chaotic generator (the encrypted data that is transmitted across the public network) looks like random noise. An attacker intercepting the signal would be unlikely to recognize the noise as data, and would be unable to detect any data within the noise. Thirdly, an attacker would require precise knowledge of the parameters used by the source chaos generator, and it is considered effectively impossible to reverse engineer the noise to determine those original parameters.

One difficulty with the theory is that much of it cannot, unlike traditional encryption, be verified or proven mathematically. This is because it is based on natural laws (chaos theory and its synchronization property) rather than mathematics (prime numbers, or a lattice-based mathematical structures). Nevertheless, it is worth noting that much of computing’s future is predicated on harnessing another fundamental natural law: quantum mechanics.

Next steps

Ravi Monani is a system design engineer at AMD. His current project is designing a chaos encryption system suitable for small and resource constrained edge devices such as IoTs and IIoTs. The research began with his thesis while becoming a Master of Science in electrical engineering at California State University, Long Beach.

The research, now with support of NSF funding, continued when he joined AMD and has achieved proof of concept. “I’ve pioneered a discrete‑time, Chua’s‑equation‑based encryption engine, supported by NSF funding,” he told SecurityWeek. “This work led to a 45 nm CMOS ASIC proof‑of‑concept that demonstrates the feasibility of integrating complex mathematical models into hardware. The project has achieved ultra-low power consumption (0.486 µW at 100 kHz) and a minimal silicon area (0.005 mm²), which holds significant potential for enhancing security in resource-constrained IoT devices.”

He’s not ready yet to move to production – 45 nm process nodes were introduced around 2008, but the technology has advanced to 5 nm or 7 nm, allowing more transistors providing higher computational power and better energy efficiency. “We need to catch up with the market,” he continued. “We may not need 5 nm, but 10 nm or at last 14 nm would be good. So, we’re not targeting production for another six to 12 months.”

But it works. Chaos can be generated and harnessed to encrypt data, and chaos can later be harnessed to decrypt the chaotic noise to reveal the original data – all without either an encryption or decryption key. Now it must be improved for better efficiency – and then it’s ready to go.

Latest News

Publisher