The Tech Herald first came across Revere Security earlier this year during RSA. Revere is a small startup with a killer idea for encryption, and it has the peer-reviewed patented technology to back its ambition. The team has also developed an encryption cipher that will work in areas previously thought impossible due to resource restraints, such as RFID, smart grids, and industrial control systems.
Revere’s encryption cipher, called Hummingbird due to its lightweight and quick design, was conceptually born in 2005. Around this time, and long before the public had learned of Stuxnet, the Department of Homeland Security (DHS) was examining critical infrastructure and ways to protect it. After some serious research and work, Revere co-founder Eric Smith came up with a solution that had everything necessary to address the DHS’s needs and commercial potential.
However, before said solution could be commercialized, it needed some additional checks, so Revere went to consultancy Information Security Systems Inc. (ISSI) and had its ex-NSA cryptanalysts give Hummingbird the once over. In short, ISSI's purpose is to examine and improve cryptology by attempting to break it. ISSI worked with Revere Security for almost two years and helped the company incorporate several improvements into its Hummingbird technology.
More importantly, ISSI introduced Revere to Dr. Whitfield Diffie, the co-inventor of public-key cryptography, who now leads its cryptology team.
When we spoke to Revere, one of the things it explained is that Hummingbird isn’t a block or stream cipher, it’s a word cipher inspired by rotor-based encryption. Part of what makes Hummingbird so fast and light is the use of large virtualized rotors, thanks to custom block ciphers developed by Dr. Diffie.
Another feature to standout about Hummingbird’s development is the level of transparency Revere offers to the public regarding its design. The team has no plans to hide Hummingbird, which is why it openly links the public and academics to ISSI’s analysis report. It's also willing to discuss it with anyone who cares to investigate (examples can be found here and here).
“We subscribe to [the thought] of no security through obscurity. All of our cryptography, algorithms, everything, is open to the market, on the Internet, published in papers, peer reviewed, everything,” Revere’s vice president of Product Management and Marketing, Chris Hanebeck, told us.
Commenting on questions about reverse engineering and other security checks, Hanebeck also said: “...there’s nothing you can do about it... We published our algorithm on the market, go ahead.”
So how does it work?
Imagine a standard AES 128 algorithm that you know of today, as a book with a couple of volumes. An exaggeration, to be sure, but this is how we learned to understand Hummingbird while discussing it at RSA with Hanebeck.
“The point being is that we’re a half a page of code. The revolutionary nature of [Hummingbird] is its small size, and the fact that it does a couple of things in one process,” Hanebeck explained.
For traditional cryptography, encryption is done on the first pass followed by message authentication. That's two passes per 128-bit block, or processing 256 bits per 128-bit block. Hummingbird does encryption and authentication in one pass processing 16-bit blocks at a time. This self-contained process, combined with the low overhead that it equates to, impacts several things at once.
“[It] impacts not only the size of the cryptographic algorithm that goes on the chips; it impacts the speed in which that takes place. It also impacts the power that is consumed to do that process, whether it’s a battery device or it’s a non-powered device like an RFID chip,” Hanebeck added.
The way Hummingbird is designed also prevents random scanning. For example, sticking with RFID, unless the scanning device is authorized to talk to the chip using Hummingbird, the proper identifier will never be returned.
On a call last week, Revere retold a story where a prospective customer was losing products due to a competitor scanning shipping crates. Once the competitor located its rival’s products, through the identifier returned by the non-encrypted RFID tag, it would alter the crates with new tags and paint, claiming them for itself.
In the context of RFID, tags are typically designed to be promiscuous, meaning they will talk to any reader. In the standards used today, not only will a tag talk to any reader, it will also send a fixed identifier every time it talks. This allows for a variety of security and privacy violations.
With Hummingbird, the tag can send a Secure Identifier that changes every time the tag is read, and only an authorized reader can use this Secure Identifier to determine the true identity of the tag. In addition to preventing unauthorized identification of a tag, Hummingbird can be used to prevent unauthorized readers from ever getting the tag to respond in the first place.
This is called "cloaking". The tag remains silent and invisible to the reader until the reader first authenticates itself to the tag as something the tag is allowed to communicate with. In essence, a cloaked tag always follows the golden rule your mother told you every time you left home as a kid, namely, "never talk to strangers".
The other side to Revere’s offering is key management.
Hanebeck explained it by asking us to imagine cryptology as a lock. You can have the world’s greatest lock, but if anyone finds the key, the lock becomes worthless. Adding to that, if you cannot access the key when it's needed, again the lock is rendered useless. Revere sees the ability to deliver the correct key at the correct time as a critical step to its entire crypto system.
Key management can be slow, so what Revere has done is leverage some of Hummingbird’s attributes to process keys at machine speed. During a demonstration at RSA, Revere processed 16 million keys in less than a second in order to authenticate an RFID device using its system.
Securing RFID-based devices usually calls for the use of digital certificates. Yet, that plan has some flaws if you consider logistics. For example, using digital certificates to secure the smart meter implementation in Dallas, Texas, would require more digital certificates than exist on the entire Web today.
While Revere can help in a situation like this, its point is that, even without using Hummingbird, there has to be a better way. Situations like these are why Revere’s RSA theme focused on dragging security out of the Dark Ages.
We’ll admit it. When we first heard of Revere, we were skeptical about a company claiming to offer security for RFID-based devices. After all, the last time we researched a business operating in this area, it had a policy of 'security by obscurity' and threatening anyone who dared talk about its flaws publicly. In other words, we fully expected Revere to be another NXP.
We are happy to report that our initial assessment was completely wrong. This is not because Dr. Diffie is involved with Revere, or because of the inventive crypto and its application, but because other academics and cryptology wizards have placed Hummingbird under a microscope, not only with Revere’s blessing, but with its active encouragement.
That level of transparency is exactly what this type of security needs, as it will keep things stronger in the long run.
If you have an interest in cryptology, check Revere Security out for yourself, its official website offers tons of information regarding Hummingbird’s design and usage.
The best place to start reading is here.