An Analysis of Cryptographic Algorithms in IoT

An Analysis of Cryptographic Algorithms in IoT

Samed Bajrić (Jožef Stefan Institute, Slovenia)
Copyright: © 2019 |Pages: 22
DOI: 10.4018/978-1-5225-7811-6.ch005


The underlying vision of the internet of things (IoT) is to create a world where the real and the virtual realms are converging to create smart environments that makes energy, transport, cities, and many other areas more intelligent. With the IoT, the physical world is being interfaced through the things to the virtual world in heterogeneous environment. In heterogeneous environment, privacy and security are the major challenges. The secure information exchange is most critical pitfall to ensure the system security. This chapter gives a detailed analysis of cryptographic algorithms in IoT. A comparison of lightweight cryptography algorithms on basis of block size, key size, gate equivalents, and throughput is given. Moreover, the various security issues in IoT are discussed along with possible solution.
Chapter Preview


The internet as we know it is always evolving, and in recent years an enormous increase in number of devices connected to the internet has occurred. It is estimated that by 2020, there will be 50 to 100 billion devices connected to Internet (Perera, Zaslavsky, Christen, & Georakopoulus, 2013). Now, ordinary objects like TVs, watches and smoke detectors are given the feature to connect to the Internet. From a sensor that enables us to configure the heating of our house when driving back home to devices that are placed inside our garden to measure the amount of rain. This is what we call the Internet of Things (IoT). The concept of IoT gives a new chapter in the history of the Internet giving the possibilities for cars, cameras, medical equipment to communicate through wired or wireless medium. With more and more devices being connected to the Internet, it can be expected that many of our day to day tasks will be aided by small connected computers, and probably be executed without any human intervention. While the technology itself might not be brand new, now is the time when it can be implemented in almost any object to create a network of things. Some of these devices use powerful processors and can be expected to use the same cryptographic algorithms as standard desktop computers.

The distributed nature of IoT necessitates secure communication with and between billions of devices. This relies on cryptography, whether for authenticating devices, protecting confidentiality and integrity of communications or for distributing digitally signed firmware updates. Many applications, such as smart cars and industrial control, require very high levels of security, as a successful attack could endanger not only sensitive data but human life. However, many of them use very low power micro controllers which can only afford to devote a small fraction of their computing power to security. For instance, sensor networks are intended to connect vast amount of very simple sensors to a central hub. These sensors would run on batteries and generate their own energy using for example solar panels. Cryptographic algorithms must be used on the messages sent by sensors to their hub in order to secure them and provide their authenticity and integrity. Because of their very low energy, the cryptographic algorithms have to be as ‘small’ as possible. On the other hand, the general method for ensuring the confidentiality of information is through the use of cryptography but most cryptographic mechanisms require a significant amount in terms of processing power and energy. This is quite a challenging issue to overcome and has received a lot of attention in the academic community.

Similarly, Radio Frequency Identification (RFID) technology uses radio waves to automatically identify objects, people and perhaps other information on a microchip that is attached to an antenna. The antenna enables the chip to transmit the identification information to a reader. In order to prevent an eavesdropper from learning the identification to a chip, this information has to be encrypted. Because of the very small number of logical gates and very little energy available, specially designed algorithms are necessary. Hence, the conventional cryptographic algorithms may perform well in computers, servers, and some mobile phones, but might not be suited for low-resource smart devices. It is well-known that the 1024 bit RSA algorithm cannot be implemented in RFID tags. Therefore, security is a significant issue in constrained devices. The number of commercial IoT systems deployed without adequate security mechanisms is growing exponentially. The large number of devices with relatively high computational power makes them an attractive target for attackers seeking to compromise these devices and use them to create large scale botnets. For instance, in 2017 thousands of insecure IoT devices were infected by malware and controlled for use in a massive Distributed Denial of Service (DDoS) attack (Jerkins, 2017). These insecurities have lead to a lack of trust in IoT in some spheres, somewhat limiting confident growth in the industry. Moreover, the tight constraints inherent the mass developments of smart devices that impeding the requirements of developing a new cryptographic algorithm, which performs strong security mechanism, encryption and decryption, with low power applications and other functionalities for the pervasive computing.

Key Terms in this Chapter

IoT Device: An IoT device is any nonstandard computing device that connects wirelessly to network and has the ability to transmit data.

Trade-Off: A trade-off is a situation in which the achieving of something you want involves the loss of something else which is also desirable, but less so.

System Security: An objective of system security is the protection of information and property from theft, corruption and other types of damage, while allowing the information and property to remain accessible and productive. For instance, system security includes the use of a firewall, data encryption, passwords and biometrics.

Layer: In computer programming, layering is the organization of programming into separate functional components that interact in some sequential and hierarchical way such that each layer usually has the ability to interface only to the layer above it and the layer below it.

Cryptographic Algorithms: A cryptographic algorithm or cipher is a mathematical function used in the encryption and decryption process. Changing plaintext to ciphertext is known as encryption, whereas changing ciphertext to plaintext is known as decryption.

IoT Architecture: An approach of how the various elements (such as sensors, actuators, gateways, mobility applications) should be designed and integrated to each other, so as to robustly deliver a service delivery network, which can serve the needs for future.

Heterogeneous Environment: Using hardware and system software from different vendors. Organizations often use computers, operating systems and databases from a variety of vendors.

Non-Repudiation: Non-repudiation is the assurance that someone cannot deny the validity of something. In other words, it makes very difficult to successfully deny who (or where) a message came from as well as the authenticity of that message.

Complete Chapter List

Search this Book: