Charles Odunaiya, Dev Patel, Harsh Patel, Nina Onwuachi, Saniya Jabir
Internet of Things (IoT)
Buzzwords like Smart cities, Smart homes, and Smart Wearables have recently gained popularity on all fronts, both on social media and traditional platforms. The technical description of these words is the Internet of Things (IoT). According to Thakor et al. (2021), IoT is a network of connected devices, each with unique identification, able to collect and exchange data over the Internet with or without human interaction.
What is Cryptography?
Cryptography is a method used to safeguard information and communications by encoding them with codes, ensuring that only individuals for whom the information intends to understand and utilize it, preventing unauthorized access to it.
Cryptography relies on mathematical algorithms to protect information by transforming messages in a way that makes decoding difficult. They are also vital for secure online activities like browsing and safeguarding sensitive transactions (credit card information). (Follow, 2019).
Some Cryptographic algorithms:
Advanced Encryption Standard (AES): AES is the most widely adopted Cybersecurity algorithm. AES is a symmetric key encryption algorithm (encryption and decryption uses the same for their respective operation). Its swiftness and robust security features position AES as the go-to choice for instant messaging applications like WhatsApp and Signal.
It works on fixed-size data (128 bits) and uses a key of variable size (128, 192, or 256 bits), which does a series of computations called rounds (10, 12, or 14 rounds depending on the key size) like Sub Bytes, Shift Rows, Mix Columns, and Add RoundKey.
Secure Hash Algorithm (SHA): SHA is a family of cryptographic functions designed to keep data secured. SHA produces a fixed-size string (the hash value that looks nothing like the original). A few algorithms of interest are SHA-1, SHA-2, and SHA-3, each of which was successively designed with increasingly more robust encryption in response to hacker attacks. SHA-0, for example, is now obsolete due to the widely exposed vulnerabilities.
What is Conventional Cryptography?
Conventionally in cryptography, resources like memory, computation power, battery power, etc., have often been taken for granted as modern hardware for widely used devices like PCs, Servers, and mobile phones have enough of these resources to run the algorithms.
In Conventional Cryptography, the same secret key is used to Encrypt and Decrypt the message.
Back then, it was the only encryption method used before the development of public-key encryption. It processes quickly because it uses a single key for encryption and decryption.
Assuming Alice wants to send a message to Bob (plaintext). Alice encrypted the plaintext using an algorithm and a secret key to prevent hackers from reading the message. This encrypted plaintext is called Ciphertext. Using the same secret key and encryption algorithm run in reverse, Bob can get the message from Alice, and thus, the message is read only by Bob, and security is maintained.
The idea used in this technique is old, and that is why this model is called conventional encryption.
Advantages of using Conventional Cryptography:
1. Simple
2. Fast
3. Uses less computer resources
A new frontier has recently opened for computing devices, i.e., IoT
IoT devices are meant to have a small surface area, fast and narrow in their abilities. This feature also means that much data will be transferred through the networks, which must be secured.
Well, we very quickly realized that the IoT devices needed algorithms that used less resources like processing, storage and power and were faster to facilitate the real-time aspect of IoT devices. Here is where a new area of Cryptography, aptly named Lightweight Cryptography (LWC), emerged.
What is Lightweight Cryptography (LWC)?
Lightweight Cryptography is an encryption method used by small devices with low computational capabilities. It aims to expand cryptography applications to constrained devices and its related international standardization and guidelines.
The main factors to take into consideration for LWC are:
- Size (RAM / ROM sizes, circuit size) is related to small devices like RFID tags, Sensors, smart cards, etc.
- Power – is essential with RFID and energy-harvesting devices
- Power consumption – is vital with battery-driven devices.
- Processing speed (throughput/ latency)
Examples of Lightweight Cryptography Algorithms:
- AES
- PRESENT
- GIFT
- SKINNY
- TWINE
- MCRYPTON
- ICEBERG
- PUFFIN-2, etc.
Why choose LWC over conventional for IoT?
Lightweight Cryptography (LWC) is noteworthy due to its speed and solid protective strategies, establishing it as a logical option for a multitude of reasons:
- Resource Efficiency: LWC is recognized for its resource conservancy, conceived with the limited computational capacities of IoT gadgets in consideration. It spares the device’s memory bandwidth, endorsing smoother operations without immersing in complicated cryptographic procedures (Jadhav et al., 2020).
- Speed and Flexibility: LWC facilitates swifter data manipulation and interaction, which is indispensable for the instantaneous requirements of IoT devices. Its versatility facilitates smoother integration with varied IoT frameworks, presenting adjustable security tiers, which is beneficial (Alkhudhayr et al., 2021).
- Cost-Effectiveness: Choosing LWC can markedly diminish expenses related to defending an IoT infrastructure due to its lesser computational requisites. It is a financially wise alternative for protecting diverse IoT setups (Thakor et al., 2021).
Embracing LWC guarantees advanced protection while encouraging efficiency and adaptability, paving the pathway for a more secure and forward-thinking IoT environment.
Shortcomings of LWC
Despite being able to utilize far fewer resources, power, and space, Kanagachidambaresan (2020) suggests that LWC has three significant challenges:
- Challenges in Hardware Implementation: When implementing any hardware solution, hardware components should be preserved. In LWC, they are scaled down.
- Challenges in Software Implementation: For Software implementations, implementation size, memory consumption, and code execution speed are always better in conventional Cryptography as compared to Lightweight Cryptography.
- Challenges in Design: AES, considered the fastest and most secure of existing encryption algorithms, requires a 128-bit block and 128-bit key. However, LWC only uses a 64-bit block. (WAIT PLS)
Conclusion
IoT is here to stay; it will eventually outnumber the number of humans on Earth. However, this increases vulnerability and raises security and data privacy issues. Of course, until we have a Cryptographic algorithm that is secure, fast, and extremely lightweight.
Thanks for stopping by!
If you enjoyed reading this blog, please leave a comment and or question.
References
Alkhudhayr, F., Moulahi, T., & Alabdulatif, A. (2021). Evaluation study of elliptic curve cryptography scalar multiplication on raspberry PI4. International Journal of Advanced Computer Science and Applications, 12(9). https://doi.org/10.14569/ijacsa.2021.0120954
Follow, J. (2019, July 8). Cryptography and its types. GeeksforGeeks. https://www.geeksforgeeks.org/cryptography-and-its-types
Jadhav, S. P., Balabanov, G., Poulkov, V., & Shaikh, J. R. (2020). Enhancing the security and efficiency of resource constraint devices in IOT. 2020 International Conference on Industry 4.0 Technology (I4Tech). https://doi.org/10.1109/i4tech48345.2020.9102639
Follow, A. (2021, January 4). Conventional encryption. GeeksforGeeks. https://www.geeksforgeeks.org/conventional-encryption/
Kanagachidambaresan, G. R. (2020). Lightweight Cryptography Algorithms for IoT Resource-Starving Devices. In Role of Edge Analytics in Sustainable Smart City Development (pp. 139–169). John Wiley & Sons, Incorporated. https://doi.org/10.1002/9781119681328.ch8
Okamura, T., (2017). Lightweight cryptography applicable to various IoT devices: NEC technical journal. (n.d.). NEC. Retrieved September 13, 2023, from https://www.nec.com/en/global/techrep/journal/g17/n01/170114.html
Secure Hash Algorithms. (n.d.). Brilliant.org. Retrieved September 14, 2023, from https://brilliant.org/wiki/secure-hashing-algorithms/
Thakor, V. A., Razzaque, M. A., & Khandaker, M. R. A. (2021). Lightweight Cryptography Algorithms for Resource-Constrained IoT Devices: A Review, Comparison and Research Opportunities. IEEE Access, 9, 28177–28193. https://doi.org/10.1109/ACCESS.2021.3052867
Hey Guys,
Your article was enlightening, especially the section on shortcomings. I appreciate how you clearly highlighted the challenges associated with LWC, as it brings into focus the trade-offs we make in the pursuit of efficiency.
I’m particularly intrigued by the 64-bit block size in LWC. Traditional algorithms like AES use 128-bit blocks, which provide a higher security level due to the larger key space. Historically, smaller block sizes, such as 64-bit, were associated with vulnerabilities, especially in the face of multi-block attacks. For instance, older algorithms like DES, which used 64-bit block sizes, were found to be susceptible to attacks like birthday attacks when encrypting large amounts of data under the same key.
Are there similar concerns for LWC algorithms using 64-bit block sizes? I’m especially interested in real-world attack vectors that might exploit this smaller block size.
Hello Ishak,
Yes, there are concerns for LWC as well.
The three main characteristics of LWC algorithms are Physical cost, Performance, and Security.
While LWC (64-bit block) satisfies the first two characteristics, Security is not. Security is fulfilled by adopting one of five internal structures (SPN, FN, GFN, ARX, NLFSR, or Hybrid, i.e. a mix) for immunity against attacks.
In a nutshell, there’s no perfect LWC yet. Maybe we can collaborate on research to create one true LWC that can satisfy all three characteristics.
For now, the best approach is to select an LWC that works best for the scenario you are working on/implementing.
Hi Ishak,
The smaller block sizes do provide a less secure cypher. This is the age old question of security vs usability. What we as researchers and innovators should aim to do is to give the developers of the technologies multiple options of security implementations and keep the ball in their court to choose one after understanding the caveats they come with.
Great blog post! I thought the topic you chose to conduct research on was very interesting, and I definitely appreciate the humour your sprinkled throughout your post.
I have one question regarding your opinions on the adoption of LWC. Do you believe as IOT devices become increasingly popular and thus in need of protection, we will see a shift in the use of LWC algorithms on these devices or instead we will see their hardware improve and thus the use of conventional crypto employed? Obviously for devices like smart light bulbs, this is not applicable as LWC is needed, but for other devices whose hardware could be improved which direction do you think it will go?
Thanks again for your post!
Thank you for your kind words! It’s great to hear that you enjoyed the blog post and found the topic engaging.
For smaller devices like light bulbs, lightweight methods (LWC) are essential because they don’t need as much power. But for bigger and more powerful devices, we might see improvements in their hardware, making it easier to use stronger security methods. So, it’s not about one replacing the other, but about using the right security for each type of device.
That makes a lot of sense. Thank you very much for your response!
Great Topic!
Historically this has been the case where all the hardware becomes more efficient and faster as time progresses (Moore’s law). But LWC is not just a way to encrypt/decrypt data efficiently. In IOT a huge concern is Side-Channel Attacks. Most of the common encryption algorithms are not concerned with this as modern CPUs are much more immune to these then smaller IOT devices. This is a security concern that LWC is uniquely being designed to address. Hope that answers your question. Loved that you liked the humour.
Nice write-up!
Very interesting to think about in which direction the future of cryptography will go. I wonder if there will be a distinction between LWC and regular cryptography in the end though, if a result of making it more lightweight would compromise the provided level of security then its usefulness would be rather questionable. On the other hand if it is possible to achieve the same level of security with a lighter algorithm then what would we need the regular crypto for?
Either way it’s clear that securing IoT devices should definitely be a priority and it will be interesting to see the measures that are taken to finally achieve that.
Nice Write-up!
Very interesting to think about the direction of development for future crypto algorithms. I wonder if there will be a distinction between LWC and regular crypto in the end though. If a result of making an algorithm more lightweight would also compromise the level of provided security then the usefulness would be rather questionable. On the other hand if it is possible to achieve the same level of security while using less resources, then what would we need reglar crypto algorithms for? It seems to me that using less resources would be a benefit even on machines where they have enough to run even the regular algorithms.
Either way its clear that securing IoT should definitely be treated as a priority and it will be very interesting to see the measures that are taken to achieve that.
Thank you for reading our post .
In the future, when it comes to keeping IoT devices safe, we need to find a good mix between easy-to-use, lightweight methods and the stronger, more traditional ways we use now. It’s like finding the right size of shoe that fits comfortably but still supports your feet well. This way, even devices with limited power can stay secure. Robust cryptographic solutions are essential for safeguarding the growing IoT ecosystem.
Thank you for Taking a look into our post
nowadays its important to provide security to IoT devices as the use of smart appliances is increased and this is the place where LWC can be very much useful as it has less power consumption and more throughput.
from my point of view the result of making algo. more lightweight would not compromise the provided security as it will be more secure for IoT devices(cards chips, etc.).
Thank you for your kind words! It’s great to hear that you enjoyed the blog post and found the topic engaging.
For smaller devices like light bulbs, lightweight methods are essential because they don’t need as much power. But for bigger and more powerful devices, we might see improvements in their hardware, making it easier to use stronger security methods. So, it’s not about one replacing the other, but about using the right security for each type of device.
Well detailed project description. But if I may ask, apart from the shortcomings of LWC you stated in your writeup, what other challenges the Lightweight Cryptography stand to face?
For instance how do you intend to address the Side-Channel Attacks? we know Lightweight devices may be more susceptible to side-channel attacks, where attackers exploit information leaked through power consumption or electromagnetic radiation to recover cryptographic keys or sensitive data
Thanks! Kevin for reading our post and taking an interest in it.
Lets talk about the other challenges that LWC might face (which we have not talked about in our post) : resource constrains, algorithm suitability, standardization and Adoption.
and for the second question that was about side-channel attacks where attackers exploit information leaked through power consumption and electromagnetic radiation. These attacks target the unintended emissions produced during cryptographic operations. To counter this, techniques like masking, blinding, and randomizing operations can be employed, and physical security measures should be in place to prevent direct access to the device.
Hope I cleared your doubt and thanks again for reading our post.
Thank you for your comment Kelvin. To enhance resistance against side-channel attacks, LWC implementations often incorporate robust countermeasures. These measures encompass strategies like masking, blinding, or shuffling, this makes task complicated for potential attackers seeking to exploit power consumption or electromagnetic radiation patterns.
Good information on a topic we will no doubt be hearing more on going forward. The limitations of LWC provide an appealing attack vector for bad actors, when compared to the more robust cryptography typically used at other points on our networks.
How is IOT using cryptography to manage public keys required to authenticate messaging? Are the issues raised around lower physical cost & performance of IOT’s, also creating security limitations in that regard?
I agree with you. Till we find a more secure LWC for our devices and overcome these limitations, the suggestion may be going old school to secure them against adversaries for now.
Hi guys,
Thank you for your blog post. I love you content and writing style. You mentioned a lot of benefits of light weight cryptography. It is efficient and flexible.
I wonder how to update or repair the hardware or chip of LWC when it malfunctioned? Because if it has problem and detected by hackers, it can be a vulnerability and attack vector for hackers to exploit. Would there be any alert when it had problems? So relevant experts can fix them on time before exploited by hackers.
The humor in the article gets me every time. It is not every day you find tech passages explained with a touch of wit. This is an informative post. The mention of LWC employing AES-64 bits in devices caught my attention because of the vulnerabilities in design it poses. One question I have is whether there are any specific LWC algorithms that are considered more secure for IOT applications? Thank you for your post.
Speaking of humour on this topic and stealing from an old joke…
How many Information Security students does it take to hack a smart light bulb? 🙂
We are happy that you liked the humour. Recently NIST has announced a winner in their program to find a LWC algorithm to set as the standard. Here is the link to the article published by NIST about the same.
https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices
That’s wonderful. Thank you for sharing
Great topic, guys!
The discussion, about establishing industry standards and compliance for Lightweight Cryptography (LWC) in the realm brings
to mind the Mirai Botnet attack in 2016. This malicious attack specifically targeted devices like cameras by exploiting
their default accounts and passwords. It serves as a reminder of the importance of robust security measures in the world of IoT.
Going forward I think LWC will play a crucial role in enhancing the security of IoT devices effectively safeguarding them against large scale botnet attacks.
You’re absolutely right. The Mirai Botnet attack in 2016 was a wake-up call for the security vulnerabilities inherent in many Internet of Things (IoT) devices. These attacks exploited weak default credentials, highlighting the need for robust security measures in the IoT ecosystem. LWC indeed has a significant role to play in enhancing the security of IoT devices.
Thanks for your comment Ibrahim 🙂
Yeah sure great topic!
Great topic, guys!
The discussion, about establishing industry standards and compliance for Lightweight Cryptography (LWC) in the realm brings to mind the Mirai Botnet attack in 2016. This malicious attack specifically targeted devices like cameras by exploiting their default accounts and passwords. It serves as a reminder of the importance of robust security measures in the world of IoT.
Going forward I think LWC will play a crucial role in enhancing the security of IoT devices effectively safeguarding them against large scale botnet attacks.
Thanks Ibrahim for taking a look into our blog
and yes in future LWC will enhance the security more for IoT devices as it is the most required thing to be done to prevent these devices from all kind of attacks.
additionally NIST has selected as new standard for lightweight cryptography to know more can just go through this link https://ascon.iaik.tugraz.at/