Haji Akhundov,Erik van der Sluis,Said Hamdioui,Mottaqiallah Taouil

DOI: https://doi.org/10.5121/csit.2019.91328

2020-02-04

Abstract:Nowadays, Internet of Things (IoT) is a trending topic in the computing world. Notably, IoT devices have strict design requirements and are often referred to as constrained devices. Therefore, security techniques and primitives that are lightweight are more suitable for such devices, e.g., Static Random-Access Memory (SRAM) Physical Unclonable Functions (PUFs) and Elliptic Curve Cryptography (ECC). SRAM PUF is an intrinsic security primitive that is seeing widespread adoption in the IoT segment. ECC is a public-key algorithm technique that has been gaining popularity among constrained IoT devices. The popularity is due to using significantly smaller operands when compared to other public-key techniques such as RSA (Rivest Shamir Adleman). This paper shows the design, development, and evaluation of an application-specific secure communication architecture based on SRAM PUF technology and ECC for constrained IoT devices. More specifically, it introduces an Elliptic Curve Diffie-Hellman (ECDH) public-key based cryptographic protocol that utilizes PUF-derived keys as the root-of-trust for silicon authentication. Also, it proposes a design of a modular hardware architecture that supports the protocol. Finally, to analyze the practicality as well as the feasibility of the proposed protocol, we demonstrate the solution by prototyping and verifying a protocol variant on the commercial Xilinx Zynq-7000 APSoC device.

Cryptography and Security

A. Ukpebor,J. Addy,K. Ali,A. Humos

DOI: https://doi.org/10.48550/arXiv.2302.12994

2023-02-25

Abstract:The field of lightweight cryptography has been gaining popularity as traditional cryptographic techniques are challenging to implement in resource-limited environments. This research paper presents an approach to utilizing the ESP32 microcontroller as a hardware platform to implement a lightweight cryptographic algorithm. Our approach employs KATAN32, the smallest block cipher of the KATAN family, with an 80-bit key and 32-bit blocks. The algorithm requires less computational power as it employs an 80 unsigned 64-bit integer key for encrypting and decrypting data. During encryption, a data array is passed into the encryption function with a key, which is then used to fill a buffer with an encrypted array. Similarly, the decryption function utilizes a buffer to fill an array of original data in 32 unsigned 64-bit integers. This study also investigates the optimal implementation of cryptography block ciphers, benchmarking performance against various metrics, including memory requirements (RAM), throughput, power consumption, and security. Our implementation demonstrates that data can be securely transmitted end-to-end with good throughput and low power consumption.

Aniruddha Bhattacharjya,Xiaofeng Zhong,Xing Li

DOI: https://doi.org/10.1109/access.2019.2900300

IF: 3.9

2019-01-01

IEEE Access

Abstract:For virtual private network and LAN-to-LAN tunnel sessions, End-to-End security is the main constraint in private messaging scenarios. Internet Protocol Security can negotiate new keys for every communication, but when the key is compromised, it is a problem. Perfect Forward Secrecy is the resolution. In addition, the messaging scheme should be efficient and lightweight for keeping parity with daily needs. The popular Rivest-Shamir-Adleman (RSA) cipher is omnipresent in secure communications but has many scientific problems. So here, in this paper, a lightweight and efficient Secure Hybrid RSA (SHRSA) messaging scheme with four-layered authentication stack is implemented and analyzed. The scheme is resolving the problem of asymptotic very low speed of decryption of RSA, the computational modular exponentiation complexity and partial key exposure vulnerability issues of RSA, and many more. The four-layered authentication stack have eliminated the need of the use of any password, external digital certificates, and a third party for authentication with its own four techniques in a staked way. We have found that in evolutions and analysis of the scheme, it is not only resolving various scientific problems of RSA but also occupying 2%-4% less CPU than main RSA and occupying 1%-3% less memory than main RSA. Its decryption average time has gained 8.858 times compared to the main RSA and gained 2.248 times compared to CRT RSA. We have found that the RSA, CRT-RSA, and SHRSA's encryption throughput are alike-all are around 6 KB/Sec but decryption throughput of SHRSA has gained 8.5345 times than main RSA and gained 2.1174 times than CRT-RSA. The results obtained have shown us the relevancies of the SHRSA messaging scheme to be integratable as a cipher in Blockchain architectures, cyber-physical systems, and the Internet of Everything.

Chintan Patela,Ali Kashif Bashirb,Ahmad Ali AlZubic,Rutvij H Jhaveri

DOI: https://doi.org/10.48550/arXiv.2207.13419

2022-07-27

Abstract:Industrial IoT (IIoT) aims to enhance services provided by various industries such as manufacturing and product processing. IIoT suffers from various challenges and security is one of the key challenge among those challenges. Authentication and access control are two notable challenges for any Industrial IoT (IIoT) based industrial deployment. Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors, actuators, fog devices and gateways. Thus, articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security. In this paper, first, we present cryptanalysis for the certificate-based scheme proposed for similar environment by Das et al. and prove that their scheme is vulnerable to various traditional attacks such as device anonymity, MITM, and DoS. We then put forward an inter-device authentication scheme using an ECC (Elliptic Curve Cryptography) that is highly secure and lightweight compared to other schemes for a similar environment. Furthermore, we set forth a formal security analysis using the random oracle based ROR model and informal security analysis over the Doleve-Yao channel. In this paper, we present the comparison of the proposed scheme with existing schemes based on communication cost, computation cost and security index to prove that the proposed EBAKE-SE is highly efficient, reliable, and trustworthy compared to other existing schemes for inter-device authentication. At long last, we present an implementation for the proposed EBAKE-SE using MQTT protocol

Cryptography and Security

Di Lu,Ruidong Han,Yue Wang,Yongzhi Wang,Xuewen Dong,Xindi Ma,Teng Li,Jianfeng Ma

DOI: https://doi.org/10.1016/j.cose.2020.101922

2020-10-01

Abstract:<p>To achieve more powerful task processing capabilities, the smart embedded systems (SES) are interconnected via wireless network to form a collaboration system. However, due to the limitations on system hardware, the SES device are usually built with the consideration of software functions instead of enough security mechanisms, that exposes the SESs under the security threats from malware or malicious users, such as software or data tampering. To address this issue, a Trusted Platform Module (TPM) is brought in the SES device to guarantee the integrity of the system, with which any unauthorized modifications towards the SES system can be detected by measurement operations of TPM. However, from the perspective of the external visitors, a SES collaboration network performs as a complete system. Thus, to unify the root-of-trust of the network, all the TPMs need to be integrated into a logical one, which can provide more efficient way to attest the external visitors. This brings two distinct advantages: 1) any nodes of the network can be the access node for the visitor, and 2) once a visitor has been successfully attested, it can access the network via any nodes without extra attestation. To achieve TPM integration, we have proposed five protocols to orchestrate the distributed TPMs, including <em>Synchronization Protocol (SYNP), Node Accessing Protocol (NAP), Crossing-Node Access Protocol (CNAP), Updating Protocol (UPDP)</em> and <em>Node-Removing Protocol (NRP)</em>. We have built a prototype system composed of Raspberry Pis and Infineon TPM2.0 chips, in which these protocols are implemented and deployed. Then, we evaluate the protocols' performance on time consumption, and the results show the feasibility and availability of these protocols. Finally, our analysis on experimental results gives the guidance for appropriate use of these protocols.</p>

computer science, information systems

Mohamed Ali Shaaban,Almohammady S. Alsharkawy,Mohammad T. AbouKreisha,Mohammed Abdel Razek

DOI: https://doi.org/10.5121/ijcnc.2023.15404

2024-08-06

Abstract:The rapid growth of cloud computing and Internet of Things (IoT) applications faces several threats, such as latency, security, network failure, and performance. These issues are solved with the development of fog computing, which brings storage and computation closer to IoT-devices. However, there are several challenges faced by security designers, engineers, and researchers to secure this environment. To ensure the confidentiality of data that passes between the connected devices, digital signature protocols have been applied to the authentication of identities and messages. However, in the traditional method, a user's private key is directly stored on IoTs, so the private key may be disclosed under various malicious attacks. Furthermore, these methods require a lot of energy, which drains the resources of IoT-devices. A signature scheme based on the elliptic curve digital signature algorithm (ECDSA) is proposed in this paper to improve the security of the private key and the time taken for key-pair generation. ECDSA security is based on the intractability of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which allows one to use much smaller groups. Smaller group sizes directly translate into shorter signatures, which is a crucial feature in settings where communication bandwidth is limited, or data transfer consumes a large amount of energy. The efficiency and effectiveness of ECDSA in the IoT environment are validated by experimental evaluation and comparison analysis. The results indicate that, in comparison to the two-party ECDSA and RSA, the proposed ECDSA decreases computation time by 65% and 87%, respectively. Additionally, as compared to two-party ECDSA and RSA, respectively, it reduces energy consumption by 77% and 82%.

Cryptography and Security

Khwaja Mansoor,Anwar Ghani,Shehzad Ashraf Chaudhry,Shahaboddin Shamshirband,Shahbaz Ahmed Khan Ghayyur,Amir Mosavi,Shehzad Chaudhry,Shahbaz Ghayyur

DOI: https://doi.org/10.3390/s19214752

IF: 3.9

2019-11-01

Sensors

Abstract:Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dennis Agyemanh Nana Gookyi,Kwangki Ryoo

DOI: https://doi.org/10.3390/s22083004

2022-04-14

Abstract:The backbone of the Internet of things (IoT) platform consists of tiny low-cost devices that are continuously exchanging data. These devices are usually limited in terms of hardware footprint, memory capacity, and processing power. The devices are usually insecure because implementing standard cryptographic algorithms requires the use of a large hardware footprint which leads to an increase in the prices of devices. This study implements a System-on-Chip (SoC) based lightweight cryptographic core that consists of two encryption protocols, four authentication protocols, and a key generation/exchange protocol for ultra-low-cost devices. The hardware architectures use the concept of resource sharing to minimize the hardware area. The lightweight cryptographic SoC is tested by designing a desktop software application to serve as an interface to the hardware. The design is implemented using Verilog HDL and the 130 nm CMOS cell library is used for synthesis, which results in 33 k gate equivalents at a maximum clock frequency of 50 MHz.

Dipanwita Sadhukhan,Sangram Ray,G. P. Biswas,M. K. Khan,Mou Dasgupta

DOI: https://doi.org/10.1007/s11227-020-03318-7

IF: 3.3

2020-05-07

The Journal of Supercomputing

Abstract:Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

Majid Mumtaz,Luo Ping

DOI: https://doi.org/10.1016/j.ins.2020.05.075

IF: 8.1

2020-01-01

Information Sciences

Abstract:Standard RSA cryptosystem becomes vulnerable, when private key d < N-0.292 is used inside CryptoChips of constrained devices, thus an alternate scheme is the Common Prime RSA (CP-RSA) variant, which provides cryptographic (decryption/signing) operations. In this paper, we perform a cryptanalytic attack on CP-RSA using lattice basis reduction method that is used to exploit possible vulnerabilities of RSA small private key attacks. In addition, we performed detail experiments on CP-RSA weak or overestimated bounds and compare results to the past studies. Our implemented cryptanalytic attack implicates more precise and direct method to exploit the CP-RSA existing theoretical and experimental bounds. Also, our results prove that CP-RSA is an effective approach that provides resistance against standard RSA small private key attacks. (C) 2020 Elsevier Inc. All rights reserved.

Basel Halak,Thomas Gibson,Millicent Henley,Cristin-Bianca Botea,Benjamin Heath,Sayedur Khan

DOI: https://doi.org/10.1109/access.2024.3350775

IF: 3.9

2024-01-01

IEEE Access

Abstract:The accelerated development of quantum computers poses a direct threat to all current standards of public key encryption, for example, the Shor algorithm exploits the superposition state of the qubits to solve the problem of integer factorization in polynomial time, rendering all systems whose security relies on this hard mathematical problem not secure. Public key encryption algorithms are used in a multitude of applications that form the core of the digital world (e.g., emails, banking, digital currency, defense, and communication.). The prospects of a quantum machine that can break such systems are too risky to ignore, even if such a computer still needs thirty years to build. This is because adversaries can be storing data now to decrypt later aka. SNLD attack, moreover, some systems have an operational lifetime that spans more than thirty years (e.g., defense, aviation industry). Consequently, the work has already started to develop quantum-attack resilient security schemes. The number of Internet of Things (IoT) devices is expected to be around 29 billion in 2030, forming a significant portion of all computing machines. Most of these will be implemented as embedded systems with limited resources. Consequently, assessing the energy and computational overheads of the quantum-attack resilient security schemes is vital. This work presents a comprehensive study that evaluates the energy and performance costs of the proposed solutions in resource-constrained devices, in comparison with the existing schemes. This was achieved through the development of a testbed that emulates a client-server configuration, wherein both devices perform mutual authentication and then agree on a shared key using the TLS protocol. A Raspberry Pi 3b+ was used as a server, and a client in the first set of experiments. Raspberry Pi Pico W was the client in the second group of tests. The results of the evaluation have shown that Kyber1-Dilithuim-2 is the most resource-efficient solution, it outperforms all other PQC algorithms, including the current scheme that uses elliptic curve cryptography. Our study has also shown the digital signature scheme Sphinx+ is associated with significant latency and energy costs so may not be suitable for IoT-type devices.

computer science, information systems,telecommunications,engineering, electrical & electronic

S. Satheesh Kumar,Manjula Sanjay Koti

DOI: https://doi.org/10.1007/s13721-021-00329-z

2021-08-12

Network Modeling Analysis in Health Informatics and Bioinformatics

Abstract:In recent decades, broad range of Internet of Things (IoT) technologies are deployed such as machine to machine communication, Internet Technologies (IT), robots, smart devices, and wireless sensor networks. IoT is a spectacular technology in the modern world of IT in which the objects can do data transmission and connect using the intranet or internet networks. Data security and privacy is one of the top most challenging issue where several researchers are showing interest that to especially in healthcare domain. For this reason, a hybrid combination of Elliptic Curve Digital Signature Algorithm (ECDSA), Rivest Cipher 4 (RC4), and Secure Hash Algorithm (SHA-256) is proposed for protecting the reliable data which is transmitted from the IoT based healthcare systems. In the proposed model, the ECDSA is used for improving the RC4 in which the encryption of key is processed by ECDSA for performing the XOR operation in RC4. Furthermore, the security is ensured by transforming the incoming data using the SHA-256 technique. Experimental results show that the proposed model outperforms for 10 MB of data in terms of encryption time that obtained as 631 ms, decryption time is 616 ms, and throughput obtained by the proposed models is 11.71 MB/ms when compared with other existing techniques such as ECC+3DES+SHA-256, RC4+AES+SHA-256, and ECC+RC2+SHA-256.

Mingsheng Cao,Dajiang Chen,Zhongye Yuan,Zhiguang Qin,Chunwei Lou

DOI: https://doi.org/10.1109/mownet.2018.8428890

2018-01-01

Abstract:Key distribution plays a crucial role in secure device-to-device (D2D) communication. However, due to the lack of infrastructure of D2D communication and the limited storage and computing capability of wireless devices, many key distribution methods based traditional cryptography cannot be directly applied to D2D communication scenarios. In this paper, a lightweight key distribution scheme is proposed by using acceleration sensors. Specifically, a lightweight extreme points extraction and filtering algorithm is presented in the proposed scheme to extract extreme points for key generation. Moreover, a lightweight index matching algorithm is designed in the proposed scheme to further improve the bit match rate. Furthermore, an application of the proposed scheme is developed on android system and developed by JAVA. Through extensive experiments, it is demonstrated that the proposed scheme can distribute a secure key with high entropy and low computing resources and energy consumption.

Long Wang,Hui Zhao,Guoqiang Bai

DOI: https://doi.org/10.1109/edst.2007.4289808

2007-01-01

Abstract:The ever increasing demand for security in embedded systems such as smart cards has resulted in the need to provide cost-efficient hardware that can compute the public-key cryptography. Now, 8-bit microcontrollers still hold a considerable share of the low-cost embedded system market and dominate in the smart card industry. The performance of 8-bit microcontrollers is too inefficient to implement the necessary cryptography operations in software. In this paper we describe the feasibility of utilizing an public-key cryptographic coprocessor on an 8-bit microcontroller to get time and size trade-offs. The coprocessor flexibly supports both RSA with ranging from 256 bit to 2048 bit and ECC on GF(2(257)) field. In order to exploit the full potential of our coprocessor, We proposed a small direct memory access (DMA) to removing system-level performance bottlenecks caused by the transfer of data between coprocessor and external RAM. Considering performance and hardware cost, our design compares favorably with existing solutions.

Nabeil Eltayieb,Rashad Elhabob,Yongjian Liao,Fagen Li,Shijie Zhou

DOI: https://doi.org/10.1016/j.jisa.2024.103763

IF: 4.96

2024-01-01

Journal of Information Security and Applications

Abstract:The Snowden leaks exposed the truth that skilled attackers can access users’ devices and steal their private information. Although public key encryption is widely used and theoretically secure, it has hidden vulnerabilities when implemented in practice. This is especially problematic when employing communication channels among heterogeneous protocols within the Internet of Things (IoT), it becomes apparent that these channels lack adequate protection to address the diverse nature of IoT systems. This work proposes a novel Heterogeneous Online/Offline Signcryption with Cryptographic Reverse Firewalls (HOOS-CRF). The scheme enables a secure communication channel between the sender in an Identity-based cryptosystem (IBC) and the receiver in the Public Key Infrastructure (PKI) cryptosystem with CRF deployed. To reduce computational costs, we split the signcryption algorithm into two stages: online and offline. Most resource-intensive operations are performed during the offline stage, which operates without any knowledge of the message being processed. The HOOS-CRF scheme provides confidentiality, authentication, and defense against insider security attacks. Meanwhile, we prove the security of the HOOS-CRF using the random oracle model and demonstrate its high efficiency and practicality through experiments. Lastly, the scheme’s relevance to IoT-driven healthcare applications is demonstrated.

Adnan Gutub,Faiza Al-Shaarani,Khoulood Alharthi

DOI: https://doi.org/10.1007/s11042-024-19027-9

IF: 2.577

2024-04-21

Multimedia Tools and Applications

Abstract:In the face of malicious cyberattacks, classic security approaches like cryptography and steganography are becoming not sufficient. Secrecy are normally maintained by single party holding control over data causing it possibly being lost or revealed, with or without consciousness. Secret sharing can provide assistance unifying decisions by multi-authorized individuals distributing the target-key over several authorized participants, requested to interact for reconstructing the keys to reveal the privacy. Lately, counting-based secret sharing (CBSS) has been under focus being optimistic, as potential secret sharing scheme that is fast, intuitive, and practical. A primary limitation with this scheme is its restricted number of generated key-shares, which was deployed in the matrix-based secret sharing scheme. Unfortunately, the simple intuition behind these schemes made them prone to smart cyberattacks that can make uncovering the target-key dishonestly possible. In this paper, we demonstrate significant cyberattack weakness in the CBSS scheme, that also applies to the matrix-based scheme making them both unsafely vulnerable to selected key-shares integration. We introduce a novel algorithm that can defend this speculating existence of target-key suffering via exploring the problem deeply and advising appropriate protection procedure. The study enhances the structure secrecy to ensure that the key-shares are fully safeguarded. Our work further tests the security of the CBSS scheme protection strategy experimentations demonstrating remarked organisation robustness as well as possibility of producing sophisticated, versatile security system, to overcome breaching weaknesses of key-shares components for current ongoing developing IT utilizations.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Anothay Phimphinith,Xiong Anping,Qingyi Zhu,Yi Jiang,Yong Shen

DOI: https://doi.org/10.1109/iccsn.2019.8905268

2019-01-01

Abstract:As a revolutionary and profound technology, the Internet of Things (IoT) has the potential to fundamentally transform our society by simply connecting sensors and smart devices to the Internet. It is no doubt that the security of communications between smart devices is an important issue in IoT. In this paper, we deal with the security scheme for communications between ESP8266 modules, which can provide embedded Wi-Fi capabilities at a low cost. Based on an existed security scheme for ESP8266, we proposed an enhanced mutual authentication mechanism and ECDH-key agreement on curve25519. Compared with the existed schemes, security analysis and performance evaluation show that the new scheme can resist various communication attacks, saying modification attacks, replay attacks, and man-in-the-middle attacks.

A. Mullai,K. Mani

DOI: https://doi.org/10.1007/s41870-019-00413-8

2020-01-07

International Journal of Information Technology

Abstract:Security is the major concern in mobile or portable devices because the internet community can do their work at any time at any place at anywhere. Today various cryptographic algorithms like RSA, Elliptic Curve Cryptography (ECC), etc., can be used to protect the information in mobile devices. But, they have some limitations viz., energy, battery power, processing speed, operating systems, screen size, resolution, memory size, etc. Providing security for limited power mobile devices is a challenging task. RSA and ECC are normally used in mobile devices. In RSA, both encryption and decryption are of the form xe mod n and in ECC, the scalar point k[P] where k is a scalar and P is a point in EC plays a vital role in performing encryption and decryption. The point arithmetic involved in ECC is a power starving process. To speed up the operations in both cryptographic algorithms, addition chains (AC) are normally used. If the encryption and decryption time get reduced, it ultimately reduces the power consumption. There are several AC algorithms exist in the literature. But, ACs are generated using Particle Swarm Optimization and Simplified Swarm Optimization are proposed in this paper and they are used in the said processes of RSA and ECC with two android and window emulators. The processing time, power consumption taken for encryption, decryption process and security of the said algorithms are also analysed.

Iman Ebrahimi,Morteza Nikooghadam

DOI: https://doi.org/10.1007/s11042-024-19330-5

IF: 2.577

2024-05-08

Multimedia Tools and Applications

Abstract:E-healthcare has significantly improved healthcare services and overall health by utilizing digital technologies such as the internet, computers, and mobile devices. However, secure communication channels play a critical role in ensuring the safety and confidentiality of patients' information. Consequently, several user authentication and key agreement protocols have been developed to address this issue. Although numerous proposed protocols are robust against security attacks, researchers have reported vulnerabilities. In this study, we evaluate one such protocol and identify vulnerabilities to insider attacks, server impersonation attacks, and replay attacks. To address these vulnerabilities, we propose a two-factor mutual authentication and key agreement scheme that offers a secure, efficient, and effective solution with low computation cost, enhanced security, and superior performance against diverse security attacks. Our proposed technique guarantees the integrity, confidentiality, and availability of patient information while ensuring the authenticity of users during communication. We conducted thorough comparisons focusing on the practical implementation of ARM microcontrollers to assess computation efficiency. The total estimated execution time of our proposed scheme for registration and authentication phases is approximately 975.8 μs, which is the shortest among all related works. This finding illustrates that our proposed scheme is well-suited for applications in e-health, telemedicine, and healthcare systems.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Abiy Tadesse Abebe,Yalemzewd Negash Shiferaw,P.G.V. Suresh Kumar

DOI: https://doi.org/10.1504/ijics.2023.135895

2024-01-11

International Journal of Information and Computer Security

Abstract:Small footprint security protocols are essential for trustworthy information exchanges in IoT network. Cryptography is a crucial security technique, but a single algorithm is insufficient to address the security requirements. Moreover, it is important to scale existing complex cryptosystems considering the resource, performance and security requirements of applications. In this research, lightweight and efficient cryptographic architectures are proposed and implemented based on FPGA targeting IoT security. The major contributions include FPGA-based small footprint architecture for an authenticated encryption algorithm, efficient and lightweight architecture for elliptic curve point multiplication of ECC, and an integrated cryptosystem architecture using only two algorithms with robust security, reduced hardware complexity, less space, and minimised key management and key storage issues. It involves prevention techniques against attacks including side-channel attacks. Compared to existing outcomes, 55% reduction of slices utilisation for the integrated system, 15% and 15.7% throughput improvements for ECC and ASCON implementations, respectively, are achieved.