Article Preview
TopIntroduction
IoT devices are potential gateways into our enterprise systems because they are widely distributed, and security standards are not yet established for many of the devices. IoT-based attacks are already a reality. Cryptographic algorithms must be used in the communication channels between IoT devices in order to provide confidentiality, authenticity and integrity of the messages. 8-bit, 16-bit and 32-bit microcontrollers are commonly used in IoT and conventional cryptographic solutions are prohibitively expensive to implement in such devices (Książak et al., 2014). However, the demand for secure communication on such environment motivates the development of many lightweight ciphers (Hu., 2018; Curran, 2014). Lightweight cryptography deals with cryptographic algorithms within stringent requirements imposed by devices with very low computing power such as low-cost smart cards, sensor networks, and electronic body implants (Shiho, 2008).
In lightweight cryptography, often smaller block sizes (typically 64 bits or 80 bits), smaller keys (often less than 96 bits), simpler rounds (4-bit S-boxes instead of 8-bit) and simpler key schedules (generate sub keys on the fly) (McKay, 2017) are used. The following issues are noticed in designing lightweight cryptography solutions: (i) When smaller blocks are used, CBC erodes faster than other part as the number of n-bit blocks encrypted approaches 2n/2 (Lo, 2017), meanwhile the use of small key size increases the risks of key-related attacks (Biryukov, 2017); (ii) The number of operations in symmetric lightweight cryptography roughly doubles when the input size of a symmetric-key primitive doubles (Bertoni, 2012) .For example, in AES 256, the number of rounds is 14, and the number of S-box doubles as the block size doubles; (iii) The lightweight cryptography is always driven by the applications; as a result, lightweight primitives need be addressed based on the characteristics of the IoT environment in which it is applied.
The resources needed for lightweight asymmetric key primitives are much larger than that of lightweight symmetric key primitives. Even though some asymmetric key primitives can be implemented with relatively small footprint, they cannot be accomplished within a reasonable time. The symmetric key primitive AES is a reasonably lightweight bock cipher. But its large S-boxes, large block size and inherent vulnerability to Side Channel Attack (SCA) caused by its look-up-based S-boxes make it suboptimal choice in many cases (Bertoni, 2012). The symmetric key cryptography predominantly makes use of solutions based on block ciphers. Recently permutation-based constructions (Bogdanov, 2012) are gaining attraction for a wide range of platforms and on IoT devices in particular.
In this paper, a tweakable lightweight block cipher is designed directly from a randomly chosen public permutation rather than from a traditional block cipher. The cipher is aimed to achieve security beyond birthday bound using key alternating Even-Mansour construction (Even, 1997) for some suitable number of rounds in order to make it indistinguishable from an ideal cipher. Linear operations are used for mixing the key and tweak into the state of an Even- Mansour construction.
The rest of the paper is structured as follows: Section 2 reviews the existing techniques. The design of lightweight cryptography and Tweakable Even Mansour (TEM) construction is discussed in Section 3. In Section 4, the design detail of encryption/ decryption process of the tweakable lightweight key alternating cipher is discussed. Security analysis of the cipher is given in section 5. In Section 6, the software performance of the lightweight cipher using various metrics such as RAM consumption, code size, and execution time is analyzed. Finally, section 7 summarizes the paper and provides concluding remarks.