To protect data on and access to resource-constrained devices, Revere Security offers its tried and proven Hummingbird HB-2 cipher. It is one of several algorithms that are currently available for small, resource-constrained devices. Others include Present, Grain or Klein to name a few. Hummingbird HB-2 is one of a few available ciphers where no weaknesses or sub-exhaustive attacks have been found. At the same time it is the only algorithm supported by an entire professional organization dedicated to the provision of Edge Security.

 

Obviously, data protection within Edge Security comes down to using encryption and a symmetric, secret key. The HB-2 algorithm uses a 128-bit key and is inspired by the idea of a rotor machine. The cipher protects data on edge devices by performing the encryption on the device itself. However, Hummingbird HB-2 does more. It has a built-in message authentication that is usually handled by a hash algorithm such as SHA-1 or SHA-2. The main advantage of using Hummingbird HB-2 lies in the fact that it does not require additional computations to achieve message authentication. This feature saves considerable energy and it at least doubles the speed of each read/write transaction to and from the device.

 A third and equally important differentiator for Hummingbird HB-2 is its ability to authenticate both parties in a communication. It is obvious that communication should occur in a secure channel. Hummingbird HB-2 ensures anonymity, security and privacy protection. Simply put, both parties in a communication know a shared secret and are able to exchange information with trust. The beauty of this design lies in the fact that the shared secret is never actually exchanged and cannot be intercepted. In this manner, it is possible to obtain encrypted information off of an edge device even when the receiving system is not known. All three features – encryption, data authentication and mutual authentication – are important and their implementation needs to be carefully considered for every edge system.

In addition, the Hummingbird cipher offers an interesting capability in that it allows for anonymous communications in secure RFID systems. What this means is that the tag ID of a secure passive RFID tag changes with every communication. This feature is based on the way that the Hummingbird HB-2 protocol has been implemented. Because the tag sends a random initialization vector and cipher text instead of its tag ID, the information that it sends changes every time the tag is read. A single tag that has been read 100 times will appear just like a hundred tags because the reader sees 100 unique IDs. The benefit of this feature is apparent in that traceability is not possible. In short, Hummingbird HB-2 provides a solution for those situations where tracking of persons and objects leads to vulnerabilities and risk exposure.

Revere Security has designed an innovative key management and distribution system that allows for multi-domain key management, meaning that more than one organization can share access to keys without compromising the security of their own systems. Hummingbird’s capability to communicate the shared secret without transmitting it leads to complete confidentiality within each domain and also between them. No organization is forced to share their secrets with others. This very issue lies at the heart of enabling true edge security. The principle is best explained when we look at an edge device such as a toll tag, which leverages RFID technology. Today, toll tags only work with one tolling provider. Using the innovative, patent-pending Hummingbird key distribution system, toll tags can be used with as many tolling providers as desired. Each is able to validate the tags’ key by simply accessing its own database and, when it does not return satisfactory results, sending a query through Revere’s secure key distribution system to other tolling providers. The tag will send information about its “owner” along to simplify and speed up the process. In this manner, a specific toll tag can be used by any other system as long as it has the capability to look up and find the right secret key.

 

In summary, Edge Security requires a number of technologies that range from encryption and decryption to message and mutual authentication to the proper management of keys. Today Revere Security is the only Edge Security solution provider dedicated to offer all of these components for truly secure RFID applications. The company is set up in a way that allows all of its RFID industry partners to leverage its extensive experience and knowledge as a single-source provider for Edge Security. At the same time, the Hummingbird algorithm is the only viable cyber security solution specifically designed for small, resource-constrained devices such as passive RFID tags on access cards, mobile payment systems and industrial control systems to name a few.
 
Hummingbird was developed by some of the world’s top security experts, including our Chief Cryptographer Dr. Whitfield Diffie. It has been openly published for years and has withstood all levels of testing by organizations ranging from ISSI to several universities. Hummingbird has a number of unique capabilities that set it apart from other offerings that you might consider for your Edge Security:
 

 

 

If you are curious about Edge Security by now and would like to have a detailed discussion on how Revere Security’s technology can improve the security in your business, please contact us at sales@reveresecurity.com.