Revere Security Cryptographers Build on German Enigma Code

Cryptographers at Revere Security in Dallas have developed a cost-effective algorithm that is smart enough, short enough and fast enough to protect smart meters from hackers and terrorists, CEO Rich Stephenson told us recently. The firm devised the algorithm, called Hummingbird, in part by using simple but highly effective algebra.

The next hurdle will be persuading utilities to adopt the new encryption technology, said Chris Hanebeck, Revere’s VP of product marketing. Because the approach to encryption is so different from current systems, and utilities do not like to be the first to spend cash on new technology, “everyone is racing to be second,” he said.

Revere founder Eric Smith and two fellow researchers began working on cryptography about 10 years ago, backed by a few small investors, Stephenson said. Smith’s group started on the technology that would become Hummingbird in 2005, with funding from the Department of Homeland Security. Revere raised VC and incorporated in 2008. It now has 14 employees.

A key addition was Whitfield Diffie, best known for the invention of public key cryptography. Diffie, former chief security officer for Sun Microsystems, joined Revere Security in 2009. “He’s definitely a rock star in the small community of cryptographers,” Stephenson said. “He brought different ways of looking at Hummingbird to the company.”

For smart meters, the challenge is to fit in the encryption without overwhelming the meters’ primary function, Mitchell Thornton, professor of computer science and engineering at Southern Methodist University, told us. SMU is performing independent tests of Hummingbird for Revere.

Instead of adapting existing encryption technology designed for computers, Hummingbird was developed specifically for small, resource-constrained devices like smart meters, sensors and smart cards, Stephenson said.

Code designed for computers uses complex differential calculus and modal math. But resource-constrained devices don’t have the computational capabilities, memory or power supply to support such advanced math. Revere researchers have found a way to make algebra do the job using what are called fixed numbers, say 2.8, as opposed to floating numbers, such as 2.8 x 10 to the 32nd power, Thornton said.

Hummingbird’s algorithm is so efficient in terms of power use, memory and speed that it can run on an 8- or 16-bit microprocessor, Revere said. Similar software used in Itron Open Way smart meters uses more complex math and requires a 32-bit microprocessor, Stephenson said. “With Hummingbird being as small as it is, we can go back and retrofit existing smart meters that have been deployed,” Stephenson said.

That is a key issue, since many security experts have argued that current smart meters are not protected from hackers and terrorists. A skilled attacker could, Thornton said, turn off power to one home or an entire area and demand ransom; program smart meters to shave 10% off a customer’s usage; overload relay switches and cause fires in specific cases; or even shut down the grid in an entire nation.

QUOTE OF THE DAY: In public forums, you hear a lot of utilities saying: “We’ve got it covered. Security is not an issue.” What you hear in private is different. – Chris Hanebeck, Revere’s VP of product marketing

Revere is testing whether it is best to employ Hummingbird as hardware, software or a combination of the two, said Thornton, the SMU professor.

German code helped

Hummingbird’s design was inspired by the German Enigma code machine, which used rotors to encode messages before and during World War II. Computer encryption by necessity uses complex math. Smith improved on the Enigma concept using four simulated rotors instead of three real ones, allowing for the rotors to run in random instead of sequential order and creating a code that is harder to break. One of Diffie’s key contributions was much-simplified math, Stephenson said.

“Just because it’s based on Enigma doesn’t mean it’s only as good as Enigma,” Thornton said. Polish code breakers cracked Enigma just before World War II. “Using the principles of Enigma, Hummingbird is able to perform stronger encryptions than an Enigma machine. We can make the rotors go forward or backward. We can scale it up.”

SMU has been testing smart grid-related security for several years. “We have contracts with big, three-letter government agencies as well as small commercial concerns,” Thornton said. SMU researchers began testing Hummingbird four months ago and plan to continue tests for six months.

“So far I have not found a case where Hummingbird isn’t as good as or better than standard encryption,” Thornton said. “And I have reason to believe it’s going to be equivalent to or better than other standard encryption methods, but I haven’t fully verified it yet.”

Market yet to come

Revere is expected to turn its first profit this year, but not principally because of Hummingbird, said CEO Stephenso. The firm is splitting its focus evenly between Hummingbird and similar technology to protect RFIDs, for which there is a more ready market, he said. “They’re essentially fancy barcodes, and companies such as Wal-Mart use them to track containers,” he said.

Revere will be ready to support Hummingbird later, when utilities start adopting it, Stephenson said. “We’re just now getting into the [utilities] market. The biggest obstacle is that Hummingbird is not considered one of the standard algorithms.”