Which of the following algorithms are examples of lightweight cryptography? [choose all that apply]

4.5.2 Applicability to Lower Resource Devices

The footprint of the lightweight cryptographic primitives is smaller than the conventional cryptographic ones. The lightweight cryptographic primitives would open possibilities of more network connections with lower resource devices.

A comparison of the lightweight properties with the conventional cryptographic primitives is shown in Table 4.3. The comparison in Appendix focuses on hardware properties. Some end-nodes might be able to embed general-purpose microprocessors and software properties are considered important in such platforms. However, lowest cost devices can embed only application-specific ICs due to limited cost and power consumption, where hardware properties are crucially important.

Table 4.3. Results on Hardware Performance

Cryptographic technologies are advancing: new techniques on attack, design, and implementation are extensively studied. One of the state-of-the-art techniques is “Lightweight Cryptography (LWC).” Lightweight cryptography is a cryptographic algorithm or protocol tailored for implementation in constrained environments including RFID tags, sensors, contactless smart cards, healthcare devices, and so on.

The properties of lightweight cryptography have already been discussed in ISO/IEC 29192 in ISO/IEC JTC 1/SC 27. ISO/IEC 29192 is a new standardization project of lightweight cryptography, and the project is in process of standardization. In ISO/IEC 29192, lightweight properties are described based on target platforms. In hardware implementations, chip size and/or energy consumption are the important measures to evaluate the lightweight properties. In software implementations, the smaller code and/or RAM size are preferable for the lightweight applications. From the view of the implementation properties, the lightweight primitives are superior to conventional cryptographic ones, which are currently used in the Internet security protocols, for example, IPsec, TLS.

Lightweight cryptography also delivers adequate security. Lightweight cryptography does not always exploit the security-efficiency trade-offs. We report recent technologies of lightweight cryptographic primitives.

Lightweight cryptography contributes to the security of smart objects networks because of its efficiency and smaller footprint. We believe that lightweight primitives should be considered to be implemented in the networks. Especially, lightweight block ciphers are practical to use now (Table 4.3).

5.3 Privacy—Key Management

Privacy should be an overall priority in smart cities. As it is a new concept for modern societies, privacy is a paramount element to establish smart cities in public opinion. The new technologies should be able to provide confidence to the users, who subsequently will adopt the services offered to them [49].

Key management will have a prominent role in securing privacy during the authentication process. Especially in the IoT era, lightweight cryptography schemes are necessary to reduce latency and resources. Recently, various lightweight cryptographic primitives have been introduced to substitute the conventional algorithms such as block ciphers, hash functions, and stream ciphers. The proliferation of the connected devices drives the urgency for more flexible solutions in the authentication of users. The performance advantages of lightweight ciphers provide smaller block and key sizes, as well as simpler key schedules [50]. Such schemes can be applied in various aspects of the IoT, apart from machine to machine authentication. Wireless networks could make use of the technology as energy consumption, overhead control, and reduced packet loss rate are key factors for performance enhancement [51].

3.1 Secrecy and Secret-Key Capacity

The IoT is becoming a key technique in the industrial and the IoT market is in rapid growth, which many IoT devices have been developed to target business and consumer application. In an IoT system, the connectivity between IoT devices, IoT services, and business processes over IoT should be guaranteed with high reliability, security, and performances. Actually, the standardization of IoT is still an open issue. A number of groups are still working to create engineering standards for the IoT and no one company produces all the pieces of IoT such as intelligent sensor, communication protocols, trusted networks, data, IoT services, applications, or even cloud interfaces, etc. However, the IoT devices, communication protocols, and intellectual property should be shared enough so the IoT services can be developed based on an integrated, secure base.

Recently, the lightweight cryptography for IoT has attracted lots of research effort. The traditional cryptography is designed at the application layer without regard to the imperfections of the lower layer. This makes it difficult to directly apply the existing cryptography primitives to the IoT.

Recently, the idea of designing lower layer security schemes, such as physical-layer crypto and lightweight crypto supports the resources (computation, RAM, energy supply, etc.) limited to IoT devices. On the other hand, the issues of privacy and security in the network layer of IoT have taken on an increasingly important role as these networks continue to flourish worldwide. The security in IoT is viewed as an independent feature that is closely related with all layers and components of IoT.

In IoT, the application/service desire for secrecy is challenged by the technological need for openness. The idea of physical layer security scheme and lightweight cryptography over resource-limited IoT devices first appeared in the works of Wyner (1975) and Korner (2002). They investigated a channel model by combining the “wiretap channel,” in which a transceiver attempts to communicate reliably and securely with a legitimate receiver over a noisy channel, while its messages are being eavesdropped by a passive adversary through another noisy channel. Compare with the Shannon’s impracticality of information-theoretic security, the wiretap model has proved the existence of coding schemes achieving information-theoretic secure communications over certain wiretap channels.

Since the nature opened wireless communications are the basic communication way in IoT, which are extremely susceptible to eavesdropping by nature and whose ubiquitous deployment makes security a crucial issue as shown in Fig. 3.1, in which the IoT endpoint T1 and T2 can communicate with a sink gateway S over the wireless channels A and B. The endpoint T2 can listen to the transmission of T1 through channel C to acquire confidential information. If the endpoint T1 wants to exchange a secret key or guarantee the confidentiality of its transmitted information, it can exploit the physical properties of the wireless channel to secure the information by coding against endpoint T2.

The fundamental secrecy limits of various fading wiretap channels have been characterized (Li et al., 2015). The theoretical basis of secrecy capacity (i.e., the maximum transmission rate at which the eavesdropper is unable to properly decode any information) is equal to the difference between the two channel capacities. In this case, the confidential communication is impossible unless the Gaussian main channel has a better signal-noise rate (SNR) then the Gaussian wiretap channel.

Fig. 3.2 depicts a simple example of secret capacity over a wireless communication. A legitimate IoT user Alice hopes to send information w to Bob, who is another legitimate user in the IoT. The information block wk is encoded into the code word xn=[x(1), x(2), …, x(n)], which is to be transmitted over a channel with output:

yM(i)=hM(i)x(i)+nM(i),

in which the hM(i) is channel side information (the time-varying complex fading coefficient) and nM(i) is the zero-mean circular complex Gaussian noise. If the third user, Eve, is able to eavesdrop the signal from the open-nature wireless channel:

yW(i)=hW(i)x(i)+nW(i)

If we use P to denote the average transmit signal power, then the channel is then power limited:

1n∑i=1nΕ[|X(i)|2]≤P

The power of noise in the main channel is NM and the power of noise in the eavesdrop channel is NW respectively. Then the instantaneous SNR at Bob is:

γM(i)=P|hM(i)|2/NM=P|hM|2/ NM=γM

Similarly, the SNR at the Alice is:

γW(i)=P|hW(i)|2/NW=P|hW|2/NW=γW

We can easily get the average SNR based on the above equations. The transmission rate R and error probability PeK between Alice and Bob can be defined as:

R=H( Wk)/n

and

Pεk=P(Wk≠W⌢k)

Then both the maximum transmission rate between Alice and Bob and Eve’s uncertainty about w can be calculable. The secrecy capacity of main channel can be defined as the maximum transmission rate R at Δ equals to 1 (Barros and Rodrighues, 2006).

Recently, some research works have been conducted on characterizing the secret capacity over different communication systems, which is crucial for IoT systems where more communication systems exist together to support IoT devices. Based on secrecy capacity, it is possible to develop secure schemes such as key agreement to be done. It can be expected the secure key agreement protocols can be developed over this structure and can bring an IoT system robust authentication scheme.

5.1.4 Encryption

Monitoring the vital signs of the human body demands exchanging extremely sensitive information. This information is used to diagnose health conditions, and then an action can be taken to provide the required telemedicine, such as injecting an insulin dosage. Therefore, in order to ensure the confidentiality and privacy of patient health information, data must be exchanged and stored in an encrypted form. Many encryption algorithms have been proposed in the literature, such as 1024-bit RSA Padmavathi and Kumari and 3DES (Nadeem and Javed, 2005); however, these traditional encryption algorithms are not suitable for sensor nodes with stringent resource limitations. Therefore, a lightweight cryptographic algorithm that is energy and computation efficient and able to provide a robust encryption/decryption mechanism is a must. In this survey, heavy encryption algorithms with long key size, high number of rounds, or large block size have not been considered due to their inapplicability to WBAN.

Due to the importance and potential applications of lightweight cryptography, NIST began in 2015 the process to standardize lightweight cryptographic algorithms that fulfill the requirements of constrained devices such as sensor nodes (McKay et al., 2016). In order to fulfill the resource restrictions, the following aspects should be considered when choosing a suitable lightweight cryptographic function (Singh et al., 2017):

Key size: with extremely limited storage, for instance, MICAz has only 4-KB EEPROM storage (CMT), the key size of the cryptographic algorithms plays a significant role. A cryptographic algorithm, which has a smaller key size and provides the same security level, is highly recommended. In Yang et al. (2015), authors introduce SIMECK, a block cryptographic algorithm. SIMECK is a hardware-oriented algorithm inspired by the SIMON encryption algorithm’s design. With its small key size (64, 96, or 128), it shows a more optimized performance regarding memory and power consumption. mCrypton (Lim and Korkishko, 2005) is a block cipher cryptographic algorithm based on SPN (Substitution Permutation Network) structure. It has three different key sizes, where the smallest one is 64 bits. mCrypton is designed to fit into the low resources environment. Another small key size is TWINE (Suzaki et al., 2011), which uses 80 bits key with a Feistel structure.

Block size: The block size is also another important factor towards a lightweight cryptographic algorithm. Smaller block sizes can decrease the processing time and enhance power consumption. Moreover, medical sensors usually transmit small messages containing vital medical signals; therefore, the smaller block size is more efficient. SPECK (Beaulieu et al., 2015) is a block cipher based on ARX (Addition-Rotation-XOR) structure. It supports a variety of block sizes ranging between 32 bits and 128 bits. SIMON (Beaulieu et al., 2015) belongs to the same family as SPECK. However, unlike SPECK, which is designed for software implementation, SIMON is a hardware-oriented algorithm. Another SPN based lightweight cryptographic algorithm is introduced in Zhang et al. (2015) named RECTANGLE. It uses 64 bits block size with a bit-slice technique in order to achieve rapid execution.

Number of rounds: Lightweight cryptographic algorithms usually use simple arithmetic, logic and shifting operations to fit into the limited resource restrictions such as ARX structure. Thus, using simple operations leads to increasing the number of rounds. Therefore, the number of rounds is another crucial factor to be considered when adopting a lightweight cryptographic algorithm for WBAN. PRINCE (Borghoff et al., 2012) is a block cipher, hardware-oriented cryptographic algorithm that aims to enable encryption in just one clock cycle by using a modest number of rounds (12 rounds), which required a short time to be executed. A 4-round cryptographic algorithm is introduced in Engels et al. (2011) called Hummingbird-2. In addition to encrypting, it is able to generate MIC (Message Authentication Code). Another encryption algorithm that uses a low number of rounds is LWE (Toprak et al., 2020). LWE is a 3-round block cipher algorithm. It has been designed to be light enough in order to meet the resource restrictions of medical sensors and IoT. The key and the block size are 64 bits. The performance of LWE is contrasted with well-known lightweight encryption algorithms, such as Rectangle (Zhang et al., 2015) and TWINE (Suzaki et al., 2011).

Moreover, in cryptography, when a number of rounds are required to produce the cipher, a round-key is usually used for each round. The algorithm used to produce the round-key from the key is called the key schedule. Consequently, the more complex the key schedule algorithm is, the more memory and computation power it requires. Therefore, a key schedule algorithm could be regarded as another factor to be considered.

The surveyed encryption algorithms are listed in Table 2, stating the block and key sizes, the number of rounds, the algorithm structure and the possible attacks that might compromise the proposed algorithm.

Table 2. Lightweight Cryptographic Algorithms.

7.1 Secure routing protocols based on cryptography

Cryptography is the basic means to ensure secure routing protocols in space information networks. Over the years, researchers at home and abroad continue to study and promote the development of cryptography. The research of cryptography mainly involves the design, analysis and application of cryptographic algorithms. In order to deal with the problems and challenges of new computing resources and new service forms, such as quantum computation and space information network, etc., functional encryption and lightweight cryptography in space information networks are becoming the future directions of cryptography. Especially, a secure routing protocol that mixes a trust model with lightweight cryptography for satellite network can be researched.

Functional encryption is an encryption technology that supports the calculation of ciphertext and the distribution of different decryption rights to different data users. Different privileges can be assigned to different data users by flexible cipher decryption expressions. To a great extent, functional encryption can enrich the mode of information sharing, and has high practicability in space information network. Hence, we can study the attribute encryption for function encryption, such as key revocation and key abuse in space information network.

Because of the storage space and energy resources of the space information network are limited, lightweight cryptography for resource constrained devices is a future direction of research. As a new cryptography technology, the theoretical analysis of lightweight cryptography is not perfect. The research of lightweight cryptography based on security with high efficiency and robustness will greatly promote the development of lightweight cryptography in space information network.

Identity-based encryption algorithms usually identify satellite nodes based on MAC addresses, IP addresses and other information, but these features can be easily camouflaged and tampered by attacks. Moreover, in practical applications, because of the wireless channel are fast and time-varying and the inconsistency of uplink and downlink channel, the difference of channel feature extraction will results in the keys generated inconsistency. Therefore, it is necessary to study the tradeoff between key generation rate and consistency.

3.2.1 Blockdetail

As shown in Fig. 4, the structure of the reformatory block, akin to Bitcoin, could be divided into two parts: block header and block body. Nevertheless, in difference from conventional block composition, our proposed block is tailored for the lightweight IoT devices as well as the communications between UAVs, via utilizing lightweight cryptography technologies Keccak [42,43] (i.e. a low-cost alternative to the standard version which is selected as the winner of SHA-3 by NIST [44]) for example and redefining the functions of all transactions.

The block header, detailed in Table 1, is composed of the current block header’s hash, preceding block header’s hash, root of the reputation tree, policy list, a timestamp, and root of the transaction tree. Here, unlike Bitcoin where the miners are required to find the solution to a hash puzzle so as to win the right of appending a block to the main chain, our solution relies on a voting mechanism combining with reputation evaluation scheme which is akin to the fundamental idea of Delegated Proof of Stake (DPoS) [20], to nominate a node to generate a new block. Thus, the item of reputation tree is added into the block and the root of tree is recorded by block header. In addition, the policy list is generated by the GCS administrator when adding new UAVs to the system during the initialization process and added into the first block. To update it, the administrator only need to modify the policy list in the latest block, and therefore each node in the network should refer to the latest policy to handle the transactions.

Table 1. Composition of a block.

Accordingly, block body contains a reputation tree and a transactions tree. The reputation value of each UAV will be recalculated once the UAV acts in suspicious ways, such as querying privacy data against the access policy listed in block header, and creating or relaying the invalid blocks or transactions. And the details of reputation evaluation scheme are elaborated in Section 4.2. It should be noted that a cryptographically authenticated data structure—modified Merkle Patricia Trie (MPT) applied in Ethereum [45] is adopted to store the reputation value of each UAV as depicted in Fig. 5, which could quickly and efficiently identify data that has changed without having to retrieve over all the data in order to make the comparison.

7.1.1 Authentication & encryption

Many IoT systems suffer from lack or weak authentication as a result of constraints in hardware, energy consumption, and other computing resources. Unfortunately, this has presented opportunities for cyber attacks.

The work of Sun et al. (2019) considers two types of authentication to maintain security and privacy in an IoMT system, i.e., on personal and on system's servers via device and client authentication. The device authentication is performed to secure/encrypt data and maintain confidentiality and integrity of communications.

A common approach for user authentication at personal servers is the use of biometric security, in IoMT systems, biometrics can easily be obtained from physical and surgical equipment worn or implanted into the human body (Fahim et al., 2019; Kumar et al., 2017; Mohsin et al., 2019). The work of Hamidi (2018) focused on building secure IoMT application access using biometrics as identifiers for secure connections.

In view of hardware constraints, lightweight security approaches like lightweight cryptography, lightweight hybrid anomaly detection, and lightweight multi-factor authentication are possible current approaches to enforce stronger authentication in IoMT systems. In particular (Xu et al., 2019), proposed a secure, lightweight authentication system for WBAN. In this scheme, forward secrecy can be ensured without the use of asymmetric encryption. They believe that their proposed method will greatly minimize computing costs and reduced security risk.

The work of Hossain et al. (2018) focused on a security system that guarantees user authentication via protected access to medical devices by introducing a security access token. The access is cryptographically against forgery and ensures secure access to medical IoT devices (Meng et al., 2020). focused on the detection of malicious devices by designing a trust-based intrusion detection approach based on behavioral profiling of devices in IoMT ecosystem. In another work, Zhang et al. (Zhang et al., 2018) implemented an encrypted medical data that utilized the risk of disease prediction models to preserve privacy.

The work proposed by (Shen et al., 2018) introduced a multilayer authentication protocol for WBAN. The design comprised a multicast group authentication protocol, a new nonpairing cryptographic certificateless authentication protocol, and a group key establishment algorithm with an elliptic-curve cryptography algorithm.

Working on Radio Frequency Identification (RFID) communication (Aghili et al., 2019), demonstrated several attacks such as anonymity, secret disclosure, replay, traceability, and impersonation that may occur within an IoMT system. They then introduced a new mutual RFID authentication protocol to secure communication and preserve the privacy using Burrows–Abadi–Needham (BAN) logic to validate the security features. In addition, the researchers developed an authentication with the ownership transfer protocol for IoMT application to satisfy access control security requirements and preserve privacy. The protocol overcomes de-synchronization, traceability, insider attacks, and DoS. In related work, using the same BAN logic (Sureshkumar et al., 2019), proposed an authenticated key establishment protocol using the Elliptic Curve Cryptography (ECC) to resolve the security problems found in present IoMT communication protocols.

The work of Hussain et al. (2018) highlighted the security and privacy of medical data associated with the Android mobile operating system. A set of security checks and policies was developed that protect against different attacks and malware, as well as disabling intents, permission restrictions, data shadowing, and the impact of enabling/disabling system peripherals.

Focusing on big data and cloud computing technologies for IoMT, Yang et al. (2018) focused on big data security by developing fine-grained access control manners, a centralized trusted authority, and data encryption using attribute-based encryption.

The privacy requirement at the time of pandemic is a crucial issue, especially with the contact tracing and movement control. Although contact tracing applications are necessary to the authorities, they can leak information about the infected users to third parties, causing serious privacy concerns. Therefore, IoMT users have to develop trust for the centralized servers or use the decentralized approaches provided by blockchain technology. Table 6 shows the IoMT privacy methods and its focus area.

Table 6. IoMT privacy methods.