Lightweight encryption schemes for the internet of things: A review

get the original text by 
divided into blocks of data and the same key is used to simply trying as many keys as possible. 
encrypt each block. Block cipher has a fixed number 
 Motivated by the above reason, the 3DES cipher 
of bits and different stages of transformation. These 
 was developed in 1998. In 3DES, the 192-bit key is 
stages are determined by a symmetric. Block cipher 
 divided into three subkeys. Hence, each subkey has the 
algorithms are versatile and can be very helpful when 
 length of 64 bits [12]. The procedure for encryption is 
deploying in the IoT systems [5]. The advantage of 
 the same as the regular DES. The data is encrypted and 
these methods is that the process has almost identical 
 decrypted with the first and second keys and then 
encryption and decryption methods. This implies that 
 encrypted again using the third key. Note that the 
the implementation of the encryption and decryption 
 3DES algorithm is three times as secure as DES if 
processes will be reduced. Since the block ciphers 
 three separate keys are used. 
have relatively low latency, they have been considered 
as an improved solution for IoT security [6]. There are Blowfish on the other hand, is a symmetric block 
different kinds of block ciphers, namely AES, DES, cipher that can be treated as a replacement of the DES 
3DES, Blowfish [7]. Table 1 shows the comparison of algorithm [10]. It is unpatented, and thus, being free of 
the various block cipher algorithms. cost for all usages [13]. Blowfish provides high speed, 
 54 
 Journal of Science & Technology 144 (2020) 053-057 
compactness, security and simplicity. Its rate of faster than AES. The Salsa20/12 and Salsa20/8 are 
encryption is 26 cycles/byte on a 32-bit among the fastest 256-bit stream ciphers. In Salsa20, 
microprocessor. Blowfish requires less than 5 KB of the key is a uniform random sequence of 32 bytes; The 
memory space. Its block size is 64-bit and the key size 24-byte nonce is never used for any other 32-byte 
is from 32 bits to 448 bits. The design and messages that are exchanged between the source to the 
implementation of Blowfish rely on primitive destination. The nonce is long enough to minimize the 
operations, including lookup tables, XOR and addition risk of collision. Salsa20 encryption function by 
[14]. In [7], Blowfish was observed to be the fastest hashing the key, nonce and block number and xor’ing 
algorithm as compared with AES, DES, 3DES and the result with the plaintext [19]. 
RC2. Similar observations can be found in [15], where 
 Poly1305 authenticator is designed by D. J. 
the various block ciphers were executed on the Beagle 
 Bernstein in 2005. Poly1305 is a one-time polynomial 
Bone Black and Raspberry PI 3 for different file sizes 
 evaluation Message Authentication Code (MAC). It 
ranging from 1 MB to 128 MB. 
 aims at providing fast authentication mechanisms on 
4. Stream ciphers software platforms. Poly1305 is considered as a secure 
 message authentication if AES is secure. It relies on a 
 Stream ciphers use keys with the size that is equal 
 32-byte secret key and a 16-byte nonce to compute the 
to the size of the data. In stream ciphers, the ciphertext 
 16-byte authenticator of a given message. A popular 
is obtained by bit operations on the plaintext. 
 implementation of Poly1305 can be found in NaCl 
Particularly, a keystream that is generated using a key 
 library [20]. More importantly, the >100-bit security 
and an Initialization Vector (IV), is XORed with the 
 level of Poly1305 prevents forgery attack. The 
plaintext to create ciphertext. Stream ciphers are 
 Poly1305 authenticator, which has been standardized 
potentially more compact, simpler, and faster as 
 in RFC 7539 [21], is designed to ensure that those 
compared to the block ciphers [16]. In this section, the 
 forged messages are rejected with a probability of 1-
various stream ciphers are reviewed and discussed in 
 (n/(2^102)), even after 2^64 legitimate messages have 
detail. 
 been sent. In other words, such method is unforgeable 
 CBC-MAC (CCM) stands for Cipher Block against chosen message attacks. Poly1305 is known to 
Chaining Message Authentication Code. CCM is have consistent high speed, even when being run on 
originally designed to be used with 128-bit block many different Central Processing Units (CPUs). 
ciphers but can be extended to be used with other block 
 Table 2. shows the comparison between 
sizes [17]. CCM provides confidentiality and 
 lightweight stream ciphers based on the key size, block 
authenticity of data using an approved symmetric 
 size, performance, number of rounds and the possible 
algorithm, whose block size is 128 bits with 12-byte 
 attacks [22]. CCM employs counter mode for 
nonce. CCM allows varying degrees of protection 
 encryption. However, reusing the same Initialization 
against unauthorized modifications by using variable-
 Vector (IV) with the same key is catastrophic. This 
length authentication tags. In CCM, a single key to the 
 potentially leads to an IV collision and the leakage of 
block cipher must be established beforehand among 
 information in data packets. For this reason, it is 
the communication parties. For this reason, such 
 inappropriate to use CCM with static keys. Additional 
scheme should be implemented within a well-designed 
 measures would be needed to prevent the reuse of IV 
key management structure. The security properties of 
 values with the static key. 
CCM are much dependent on the secrecy of the pre-
shared key. Implementations of GCM mode often utilize 
 short IV. This potentially results in the collision 
 Galois/Counter Mode (GCM) for authenticated 
 probability of random IV. The reuse of the GCM 
encryption with associated data is constructed from an 
 nonce/key combination also destroys the security 
approved symmetric block cipher with a block size of 
 guarantees and leads to the degradation of the 
128 bits with 12-bytes nonce. GCM has two functions, 
 confidentiality of a given plaintext. Because the GCM 
i.e., authenticated encryption and authenticated 
 mode uses a variation of the counter mode to ensure 
decryption. GCM can provide data confidentiality with 
 confidentiality. As a result, it can be extremely 
various counter modes of operation since its hash 
 difficult to deploy GCM securely when using static 
function is defined over a binary Galois field. The 
 keys. In many cases, GCM has been proved to be faster 
encryption and authentication of GCM is safe from the 
 than AES in CBC mode, especially when the hardware 
attack [18]. 
 supports cryptographic engine [23]. AES-GCM is 
 Salsa20 [19] is a stream cipher that was designed faster than AES-CCM. When it comes to performance, 
and introduced in 2005. Salsa20 has 256-bit keys. The AES-GCM is a better alternative to be used in 
20-round stream cipher Salsa 20/20 is consistently applications.
 55 
 Journal of Science & Technology 144 (2020) 053-057 
Table 2. Stream cipher based on the different indices like initialization vector (IV), size of the key, block, nonce 
and attacks [22] 
 Stream cipher IV Key size Block size Nonce Attacks 
 (bits) (bits) (bits) (bytes) 
 CCM 64 128 64/128 12 Unauthorized modifications 
 GCM 64 128 64/128 12 Chosen plaintext attack, replay attack 
 Salsa 20- Poly 1305 128 256 512 24 Forged attack 
 The Salsa20 stream cipher and Poly1305 Acknowledgements 
authenticator were also evaluated by the CFRG. Based 
 This work is supported by the Centre for 
on such evaluation, the RFC7539 [21] and RFC7905 
 Technology Environment Treatment. 
[24] have been established. Salsa 20 and Poly1305 
have been designed for high-performance software References 
implementations and to minimize leakage of 
 [1] Bansod, Gaurav, et al., An ultra-lightweight encryption 
information through side channel attacks. design for security in pervasive computing, Big Data 
 Salsa 20 is simple and easy to setup. It can Security on Cloud (BigDataSecurity), IEEE 
achieve a good overall performance and is selected as International Conference on High Performance and 
part of the eSTREAM portfolio of stream ciphers [21]. Smart Computing (HPSC). (2016) 79-84. 
Poly 1305 is never used the same nonce for two [2] Hammi, Mohamed Tahar and Livolant, Erwan and 
different messages. Poly1305 has extremely high Bellot, Patrick and Serhrouchni, Ahmed and Minet, 
speed and low overhead. XSalsa20-Poly1305 is Pascale, A lightweight IoT security protocol, Cyber 
proved to be a well-suited algorithm that can be used Security in Networking Conference (CSNet). (2017) 1-
to encrypt and decrypt data packets in a wide range of 8. 
applications, where time and memory usage are [3] Dutta, Indira Kalyan and Ghosh, Bhaskar and 
considered as important factors. XSalsa20-Poly1305 is Bayoumi, Magdy, Lightweight Cryptography for 
three times faster than AES-GCM on mobile devices. Internet of Insecure Things: A Survey, Annual 
It spends less time on decryption and thus providing Computing and Communication Workshop and 
faster page rendering and better battery [25]. In [26], it Conference (CCWC). (2019) 475-481. 
was observed that GMC, CCM, SIV and EAX are not [4] Bhardwaj, Isha and Kumar, et al., A review on 
feasible to perform in the current swarm architecture lightweight cryptography algorithms for data security 
and configuration. GCM and CCM are only feasible and authentication in IoTs, International Conference 
when risk is accepted. Overall, the best choice by far on Signal Processing, Computing and Control. (2017) 
is XSalsa20-Poly1305. XSalsa20-Poly1305 should be 504-509. 
a viable option in any scenario, where classified data [5] Batina, Lejla, et al., Dietary recommendations for 
is not being created or handled [26]. lightweight block ciphers: power, energy and area 
 analysis of recently developed architectures, 
5. Conclusion International Workshop on Radio Frequency 
 The security and privacy issues have drawn a lot Identification: Security and Privacy Issues. Springer, 
 Berlin, Heidelberg. (2013) 103-112. 
of consideration, while other concerns such as 
availability, reliability, and performance of the [6] M. A. Philip, A Survey on Lightweight Ciphers For 
constrained IoT devices still require more attention. In IoT Devices, Int. Conf. Technol. Adv. Power Energy 
this paper, we provide a comprehensive discussion on (TAP Energy). (2017) 1-4. 
the lightweight security solutions, i.e., stream ciphers [7] Nadeem, Aamer and Javed, M Younus, A performance 
and block ciphers for the IoT systems. Based on such comparison of data encryption algorithms, 
discussion, we can conclude that there is no single best international Conference on information and 
scheme that is able to meet the needs of the IoT communication technologies. (2005) 84-89. 
applications. Block ciphers and stream ciphers achieve [8] Martin Feldhofer, Sandra Dominikus, and Johannes 
a good performance in terms of computational cost and Wolkerstorfer, Strong Authentication for RFID 
improve the security level slightly. Future research is Systems Using the AES Algorithm, in Cryptographic 
therefore dedicated to designing a lightweight cipher Hardware and Embedded Systems–CHESS Lecture 
that can provide fast confusion and diffusion in a Notes in Computer Science, Springer. (2004) 357-370. 
smaller number of rounds for block ciphers and extend 
the nonce for the stream ciphers. 
 56 
 Journal of Science & Technology 144 (2020) 053-057 
[9] O.A. Hamdan, and B.B. Zaidan, New Comparative [17] Whiting, D and Housley, R and Ferguson, N, 
 Study Between DES, 3DES and AES within Nine RFC3610: Counter with CBC-MAC (CCM). (2003). 
 Factors, Journal Of Computing. 2 (2010). 
 [18] McGrew, David and Viega, John, The Galois/counter 
[10] Y. Kumar, R. Munjal, and H. Sharma, Comparison of mode of operation (GCM), submission to NIST Modes 
 Symmetric and Asymmetric Cryptography with of Operation Process. 20 (2004). 
 Existing Vulnerabilities and Countermeasures, 
 International Journal of Computer Science and [19] Bernstein, Daniel J, The Salsa20 family of stream 
 Management Studies. 11 (2011) 60-63. ciphers, New stream cipher designs, Springer. (2008), 
 84-97. 
[11] Mathur, Raghav and Agarwal, Shruti and Sharma, 
 Vishnu, Solving security issues in mobile computing [20] Bernstein, Daniel J, The Poly1305-AES message-
 using cryptography techniques—A Survey, authentication code, In International Workshop on Fast 
 International Conference on Computing, Software Encryption. (2005) 32-49. 
 Communication \& Automation. (2015) 492-479. [21] Y. Nir and A. Langley, ChaCha20 and Poly1305 for 
[12] Adhie, Roy Pramono and Hutama, Yonatan and IETF Protocols, RFC 7539, https://rfc-
 Ahmar, A Saleh and Setiawan, MI, Implementation editor.org/rfc/rfc7539.txt. (2015). 
 cryptography data encryption standard (DES) and [22] https://libsodium.gitbook.io 
 triple data encryption standard (3DES) method in 
 communication system based near field [23] Bogdanov, Andrey and Mendel, Florian and 
 communication (NFC), Journal of Physics: Regazzoni, Francesco and Rijmen, Vincent and 
 Conference Series. 954 (2018) 012009. Tischhauser, Elmar, ALE: AES-based lightweight 
 authenticated encryption, International Workshop on 
[13] S.P. Singh, and R. Maini, Comparison of Data Fast Software Encryption. (2013) 447-466. 
 Encryption Algorithms, International Journal of 
 Computer Science and Communication. 2 (2011) 125- [24] A. Langley, W.-T. Chang, N. Mavrogiannopoulos, J. 
 127. Strombergson, and S. Josefsson, ChaCha20-Poly1305 
 Cipher Suites for Transport Layer Security (TLS), 
[14] A. Kumar, Comparative Analysis between DES and RFC 7905, https://rfc-editor.org/rfc/rfc7905.txt. 
 RSA Algorithm’s, International Journal of Advanced (2016). 
 Research in Computer Science and Software 
 Engineering. 2 (2012) 386-391. [25] Islam, Maliha Momtaz and Paul, Sourav and Haque, 
 Md Mokammel, Reducing network overhead of IoT 
[15] Deshpande, Kedar and Singh, Praneet, Performance DTLS protocol employing ChaCha20 and Poly1305, 
 evaluation of cryptographic ciphers on IoT devices, International Conference of Computer and Information 
 International Conference on Recent Trends in Technology (ICCIT). (2017) 1-7. 
 Computational Engineering and Technologies. (2018) 
 1-6. [26] Thompson, Richard B and Thulasiraman, Preetha, 
 Confidential and authenticated communications in a 
[16] Armknecht, Frederik, and Vasily Mikhalev, On large fixed-wing UAV swarm, IEEE 15th International 
 lightweight stream ciphers with shorter internal states, Symposium on Network Computing and Applications 
 International Workshop on Fast Software Encryption. (NCA). (2016) 375-382. 
 Springer, Berlin, Heidelberg. (2015) 451-470. 
 57