Algebraic Eraser, the algorithm running the 'Internet of Things' is broken...again

News by Teri Robinson

A team of mathematicians were able to break a key used as part of the encryption system that secures many of the most critical IoT technologies internationally.

Everything from baby monitors to smart TVs and vehicles has been found to rely on security measures that have been found to be wholly inadequate, and now a team of mathematicians has demonstrated how to break a key used as part of the encryption system that secures many of the most critical IoT technologies internationally.

The Algebraic Eraser, owned by the Connecticut-based company SecureRF, is a widely used encryption solution for IoT devices that have minimal computing capacity. This includes RFID tags, mobile payment devices, and micro controllers.

The system is also a fundamental component of ISO/IEC AWI 29167-20, a specification proposed by the International Organisation for Standardisation to secure air interface communications devices like wireless sensors and embedded systems.

The research team, consisting of Simon Blackburn, a mathematics professor at Royal Holloway College, University of London together with Bar-Ilan University mathematicians Adi Ben-Zvi and Boaz Tsaban published research showing how they were able to break the security key provided to them by SecureRF, owner of the Algebraic Eraser trademark.

Their process is described in their paper, “A Practical Cryptanalysis of the Algebraic.” The team's method builds on the approach used by another group of researchers, Arkadius Kalka, Mina Teicher, and Boaz Tsaban (Tsaban was involved in both research groups, in a paper that was published in 2008 and revised in 2012).

When the earlier researchers published their results, SecureRF countered that the algorithm parameters chosen by the researchers were weak, Blackburn told The company then created a workaround and announced that the problem was resolved.

Blackburn and his team, however, were not so sure. So they set out to break the key again, this time using parameters provided by SecureRF. Blackburn told SC that he asked SecureRF for parameters being used in practice.

The research group broke the key again, this time in less than eight hours.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike