A Robust Lightweight Algorithm for Securing Data in Internet of Things Networks

Abstract

One of the modern technologies that link millions of different devices together, is the technology called Internet of things. The amount of data exchanged between these devices is very large. Therefore, it requires high protection for that data. Also, those devices are small size and limited resources. Therefore, conventional cryptography will take long process on the internet of things due to complex mathematical operations and an increase in the number of rounds, which leads to energy resource consumption for devices. In this paper, a lightweight cryptographic algorithm is suggested. The algorithm uses simple mathematical operations (XOR, XNOR, shifting, swapping). The algorithm works on a combination of Feistel and SP architectural methods to increase the complexity of the encryption. The algorithm has been compared to other algorithms in terms of structure, security, and flexibility.

1 Introduction

Internet of Things (IoT) technology has become an integral part of many activities in our daily life. Therefore, this modern technology has turned into a debate in the field of research and applications. Many different fields such as agriculture, industry, medicine, and smart cities use this modern technology on a large scale in artificial intelligence, sensors and RFID, depending on Internet technologies [1].

These networks use very limited resources, low-energy, and very small devices that communicate with each other to transfer information between them. Therefore, the amount of information exchanged between devices is large and needs to be secured the exchange of information between devices is called conventional cryptography.

Conventional cryptography algorithms are not suitable for devices with limited resources on the Internet of things because they need long operation (process) and do not make a trade-off among memory, security, cost, power, and performance. Therefore, lightweight cryptography is the new direction for the Internet of Things because it concerns memory, security, cost, power, and performance. There are strict limitations and requirements in applications using IoT. On that basis, the requirements must be met when designing a lightweight cryptography algorithm [2].

In this paper, a lightweight algorithm is proposed for devices with resource-limited in the Internet of Things. It is described in Sect. 2. It is compared to various aspects with many algorithms in Sect. 3.

2 Proposed Algorithm

The proposed algorithm for resource-limited devices is designed to implement lightweight encryption in the Internet of Things. Some encryption blocks have the advantages of replacing, switching, and confusing to change the text. As an established fact, SP network architecture is used by AES [3], PRESENT [4] and Square [5] blocks. In addition, some of the other advantages of the encryption process are the decryption itself. While SF [6], Blowfish [7] and DES [8] blocks are used by Feistel network architecture. The proposed algorithm is a combination of Feistel and SP networks to obtain the security required to develop lightweight encryption algorithms that work on the Internet of Things.

In any cipher algorithm, cryptography consists of several rounds, each round consisting of mathematical operations to create confusion and diffusion. An increase in the number of rounds increases security but leads to the energy consumption of devices [9]. The optimum number of rounds is from 10 to 12 rounds, to be a robust algorithm. But the proposed algorithm is used to improve power on devices that operate on the Internet of Things. So it works in six rounds, each round contains logical operations working with 4 bits of data. This creates confusion for attackers and further complicates the encryption process, and this will be further discussed in Sect. 3. In general, the proposed algorithm has three main blocks:

• Key Expansion Block

• Encryption Block

• Decryption Block.

In the following subsections, these blocks will be further clarified in detail, and some of the essential notes followed in the interpretation are presented in Table 1.

Table 1 Notations

2.1 Key Expansion Block

The key is the main component of the algorithm (encryption/decryption). The size of the encryption key is very important for security. That is how (key size) becomes a major obstacle for being known by the attacker. Accordingly, confusion and diffusion (key generation) reduces the possibility of weakening the key, increase the security, increase the complexity of the encryption, and lack of knowledge of the key by the attackers.

The proposed algorithm uses 80 bits cipher key (Kc) to encryption a 64 block of data. From the Kc, two keys will be produced. The first will be sent to open the encryption while the second will become an entry key for the keys expansion process as explained in sections a and b. Moreover, the key will generate six unique keys. In order to encrypt the block with six keys. These operations (confusion and diffusion) improve the strength of security and decrease the opportunity of attacking.

1. a.

   Before Encryption Process

   In this process, two keys will be created from the key entered by the user. The first key is the key that has been sent by the user for the process of opening the encryption as it will be explained in section b. The other key will be completely different from the key entered by the user and also will be the encrypted key for the data as in Fig. 1, and it will be discussed below:

   Fig. 1

   

   Before encryption process

• The 80-bit cipher key (Kc), It is divided into segment R0(40 bit) and segment L0(40 bit)

• For i = 1 to 40

  If Ri = 0 then.

  Cr-R[i] = 1, Cr–L[i] = 1.

  Else.

  Cr-R[i] = 0, Cr–L[i] = 1.

• To combine Cr-L, Cr-R to key send(Send Key 80 bit)

• To combine R0, Cr-R to Kc(encryption Key 80 bit).

1. b.

   Key Expansion Process

Key expansion of the component key is done in Section a. Therefore, it will be explained as in Fig. 2.

Fig. 2

Key expansion process

• The 80-bit cipher key (Kc), It is divided into 20 segments, each segment of 4-bits.

• The f -function used 4 segments, each segment 4 bit (16 bit) as illustrated in Fig. 2. Substitution can generate for cipher key (Kc) by f-function as shown in Eq. (1).

$$ Kb_{i} f = \left\| {_{j = 1}^{5} K_{{c4\left( {j - 1} \right) + i}} } \right. $$

(1)

where i = 5;

• Ka_iF is output from Eq. (2)

  $$ Ka_{i} f = f\left( {b_{i} f} \right) $$

  (2)

• \(f:\) f—function [10]. Is perform confusion and diffusion transformations linear and non-linear by comprised of P and Q tables are shown in the Tables 2 and 3 as illustrated in Fig. 3.

  Table 2 P Table

  Table 3 Q Table

  Fig. 3

  

  F-Function of SIT algorithm

• Output, each f-function is generated one matrix 4*4 from (16 bit). Therefore it generates five arrays named (Km1, Km2, Km3, Km4, and Km5).

• The arrays generated K1, K2, k3, K4 and K5 are the round keys. The result of the rotation of the arrays is Km1, Km2, Km3, Km4, and Km5, respectively.

• To generate the sixth key, XOR works between the five keys generated by Eq. 3.

$$ k6 = \begin{array}{*{20}c} 5 \\ \oplus \\ {i = 1} \\ \end{array} k_{i} $$

(3)

2.2 Encryption Process

The encryption process takes place after generating the sub-keys (K1, K2… K6) from the key expansion and also the plaintext to be encrypted as in Fig. 4. The encryption process contains simple logical operations of XNOR, XOR, shifting (left, right), replacing and switching. These operations increase complexity and create confusion for the attackers.

Fig. 4

Encryption process

In each round, the blocks are divided into four segments, each segment is 16 bits (P_0-15, P_16-32, P_33-47, P_48-63), respectively. This is to produce segments (Ro11, Ro12, Ro13, Ro14).

Ro11 is the output of XNOR between P_0-15 and K1, The product (Ro11) feeds F-Function to produce EfL1. Ro14 is the output of XNOR between P_48-63 and K1, The product (Ro14) feeds F-Function to produce EfR1.

Ro12 is the output of XOR between P_32-47 and EfL1. Ro13 is the output of XOR between P_16-31 and EfR that, the process of switching takes place during the encryption process between the two internal halves. Then, the switches are between the parts (Ro11, Ro12) and (Ro13, Ro14).

All the previous processes are to increase the complexity of the coding as shown in Fig. 4. The same steps for the rounds are repeated by Eq. (4).

$$ Ro_{i,j} = \left\{ {\begin{array}{*{20}l} {Px_{i,j} \odot k_{i} ;} \hfill & {j = 1.5} \hfill \\ {Px_{i,j + 1} \oplus Ef_{li} ; } \hfill & {j = 2} \hfill \\ {Px_{i,j - 1} \oplus Ef_{ri} ;} \hfill & { j = 3} \hfill \\ \end{array} } \right. $$

(4)

After that, the encoded text is obtained by Eq. (5).

(5)

2.3 When Decryption Process

Before opening the encryption process, the encrypted key will be extracted from the key sent by the user. The process will be explained in Fig. 5.

Fig. 5

When decryption process

• The 80-bit cipher key (send key), is divided into segment R0(40 bit) and segment L0(40 bit).

• K1 = R0 ⊕ L0

• To combine R0 and K1 (decryption Key 80 bit).

3 Analytical Comparison of Symmetric Key Algorithm for IoT Proposed Algorithm

In Internet of Things technologies, there are many main symmetric Key algorithms, some of which offer sufficient security and some of them offer better efficiencies in this area. In this section, the proposed algorithm will be discussed, compared, and analyzed with the main symmetric Key algorithms.

Table 4, it shows the comparison process in the various parameters (structure, flexibility, security and limitations) between the proposed algorithm and many of the main symmetric Key algorithms.

Table 4 Some Symmetric Key Algorithms’ Comparison in Terms of Flexibility, Architecture, Security & Limitation

3.1 Result and Analysis

The proposed algorithm for the Internet of Things contains a simple design to encrypt the data in six rounds; each round contains simple mathematical operations (free of mathematical complexity). Therefore, the algorithm reduces the process of processing and saving the energy of the devices. In contrast, the processing and power consumption of the algorithms increases AES, SKIPJACK, HIGHT, RC6 the number of turns 12, 32, 32 and 20, respectively, for block coding.

Moreover, the proposed algorithm is a lightweight algorithm for IoT not uses mathematically complex multiplication, small-sized S-boxes are used because most mathematical operations applied to 4-bit data and small-sized boxes. However, the proposed algorithm uses simple mathematical operations and small S-boxes are higher, the overall complexity is lower. Therefore AES and SKIPJACK use large size S-boxes, SEA use variable rounds.

The algorithm provides good flexibility compared to the rest of the algorithms to improve performance in the Internet of Things. Therefore, you use the 80-bit key for 64-bit encryption. The proposed algorithm's flexibility function aims to boost IoT’s energy efficiency by reducing power usage, i.e. the energy needed to pad external bits to make the data block fit the size [2].

The proposed algorithm provides security because it merges the architectures SP and Feistel networks. As a result, it provides resistance to most attacks by attackers, as will be discussed below:

• Linear and Differential Cryptanalysis

  The proposed algorithm uses each bit in a similar way to maintain round transformation is uniform. Therefore, it provides resistance against this type.

• Weak Keys

  This condition occurs in [11] when the non-linear operations in the cipher blocks depend on the actual key value. However, the actual key in the proposed algorithm is not used and to increase the complexity, first uses XORed and then fed f-function. In the f–function all the non-linearity is fixed and there is no limitation on the selection of key.

• Related Keys

  Using different keys (unknown or partly unknown) to launch an attack during the encryption process with a selected relation. The attack depends on the symmetry and diffusion relationship in the expansion block. The proposed algorithm for the key expansion process is designed to be resistant to this type of attack because it possesses a high diffusion and non-linearity.

• Interpolation Attacks

  Simple coding structures (S-box) had polynomial or rational expressions controllable. It is subject to interpolation attacks that cannot be performed on the proposed algorithm when expressing an S-box along with a diffusion layer.

• Square Attack

  Square attack was presented in [12]. The attacker could get the last byte in the last round of the key. In addition, repeats the attack eight times to obtain the rest of the key. Therefore, to get one a byte requires key guessing from the attacker 2⁸ by 2⁸ chosen plaintexts = 2¹⁶ S-box lookups.

4 Conclusion and Future Work

Many different devices and sensors in the Internet of things are interconnected to each other to exchange data. These devices are limited resources and require high data security. Therefore, the proposed algorithm is a lightweight which adopted on Internet of things networks with high flexibility and efficiency. Due to its light of computations, it providing low energy consumption of devices, providing high security, and low computation cost. The performance of the proposed algorithm was analyzed and compared to some symmetrical algorithms to various parameters.

The performance analysis resulting in the superiority of the proposed algorithm which can be represented in low complexity, high security, and saving energy. Briefly, balancing between security, performance, and complexity which leads to making it proper and suitable for devices and sensors in the IoT networks.

The future work is to implement the proposed algorithm in both hardware and software environments and comparing the performance in both environments, i.e., hardware and software.