2019 International Conference on Platform Technology and Service (PlatCon)

A Study on IoT Device Authentication Protocol for

High Speed and Lightweight
Seul-Ki Choi Ju-Seong Ko Jin Kwak
ISAA Lab. Dept. of Computer Engieering ISAA Lab. Dept. of Computer Engieering Dept. of Cyber Security
Ajou University Ajou University Ajou University
Suwon, Republic of Korea Suwon, Republic of Korea Suwon, Republic of Korea
[email protected] [email protected] [email protected]

Abstract— In Authentication to IoT devices is a very important And Figure 2 below shows the number of IoT malicious
step in providing secure IoT services. Accordingly, studies on an codes that occurred until the third quarter of 2018[1].
authentication protocol suitable for low-power and low-
performance IoT devices are being actively conducted. Therefore,
in this paper, we have selected the LEA-128-CTR and Chaskey
algorithms to increase the high-speed parallelization effect of
SIMD-based IoT device authentication protocol and proposed
protocol for light weight and high speed

Keywords—SIMD, authentication protocol, lightweight

protocol, mobile security, IoT security, network security

I. INTRODUCTION
Recently, the convenience of life has been increased by
providing various IoT services based on IoT devices. IoT
services continue to expand, ranging from smart homes and
smart medical environments that use dozens of IoT devices to
smart factories and smart city services that connect hundreds to
thousands of multiple IoT devices. However, these IoT services
are continuously threatened by various malicious codes because Fig. 2. Number of IoT malicious codes (until 2018 Q3)
they are technologies that actively utilize IT technology.
The statistical data in Figure 2 shows that the malicious code
Figure 1 below shows the statistics of malicious code that for the IoT environment increased sharply in 2018. Therefore,
occurred in McAfee Labs Threats Reports from McAfee Labs in research is needed to strengthen the authentication protocol for
December 2018 until the third quarter of 2018[1]. IoT devices in order to provide a secure IoT environment from
rapidly increasing IoT malicious codes. However, since the
performance of the IoT device is not good enough to apply the
existing authentication protocol, the lightweight of the
authentication protocol should be considered. Therefore, this
paper proposes a high-speed and lightweight authentication
protocol suitable for IoT devices.

II. RELATED WORKS

A. SIMD
SIMD stands for Single Instruction Multiple Data. It refers
to a technique for simultaneously processing multiple data with
a single instruction.
It is often used in the multimedia field, such as graphics
related processing. CPUs that provide SIMD include Intel's
MMX, SSE series, and ARM-developed NEON. SIMD has the
Fig. 1. Total number of malicious codes (until 2018 Q3)
advantage of improving the processing speed efficiency when
processing a larger amount of data than the single instruction

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

978-1-7281-1288-6/19/$31.00
Authorized licensed use limited to: Visvesvaraya Technological ©2019
University Belagavi. Downloaded on January IEEE
17,2022 at 10:04:44 UTC from IEEE Xplore. Restrictions apply.
 single data (SISD) method, which is generally used in general
programs. Figure 3 shows the SISD and SIMD processing
structure.
Fig. 3. Processing structure of SISD and SIMD
Chaskey MAC Algorithm has the following features
• Dedicated Design: Chaskey is a dedicated design
for 32-bit microcontroller architectures. The
addition and XOR operations are performed on
32-bit words, and each of these operations requires
only one instruction on these architectures.
• Cross-Platform Versatility: Nicky et al took into
account that certain microcontrollers do not
support variable-length bit rotations and bit shifts.
By choosing some rotation constants to be
multiples of 8, these bit rotations are efficiently
implemented by swapping 8-bit or 16-bit registers.
• Efficient Implementation: Benchmarks on an
ARM Cortex-M4 show that Chaskey requires only
7.0 cycles/byte for long (≥ 128 byte) messages,
and 10.6 cycles/byte for short (16 byte) messages.
It has been implemented in only 402 bytes of
ROM. Results for the Cortex-M0 are very good as
well: 16.9 cycles/byte for long messages, 21.3
cycles/byte for short ones, and 414 bytes of ROM
for the implementation.

B. Chaskey • Resistance Against Timing Attack: On all

microcontroller architectures that Nicky et al are
The Chaskey MAC (Message Authentication Code) aware of, every instruction of Chaskey takes a
algorithm is a MAC algorithm that can be used in a 32 - bit constant time to execute. The total number of
microcontroller. By eliminating key scheduling, it reduces the cycles depends only on the message length.
number of cycles required for encryption[2]. In addition, it is Therefore, Chaskey is inherently secure against
composed of only ARX(Addition, Rotation, XOR) operation timing attacks.
and has a very fast execution speed[2].
• Key Agility: Chaskey does not have a key
schedule, as keys are simply XORed into the state.
Updating the key in Chaskey requires generating
a new uniformly random 128-bit key, and only
two shifts and two conditional XORs on 128-bit
words to generate two subkeys.
• Tag Truncation: Chaskey is robust under tag
truncation.
• Nonces are Optional: Several MAC algorithms
require a nonce, and become completely insecure
if this nonce is reused. Chaskey does not require a
nonce, and therefore avoids these issues altogether.

C. LEA
Hong et al propose a new block cipher LEA, which has 128-
bit block size and 128, 192, or 256-bit key size[3].
It provides a high-speed software encryption on general-
purpose processors. They show that LEA is faster than AES on
Intel, AMD, ARM, and ColdFire platforms[3]. LEA can be also
implemented to have tiny code size[3]. Its hardware
implementation has a competitive throughput per area. It is
secure against all the existing attacks on block ciphers[3]. LEA
consists of only ARX(modular Addition, bitwise Rotation, and
bitwise XOR) operations for 32-bit words. Those operations are
well-supported and fast in many 32-bit and 64-bit platforms[3].

Fig. 4. A round of the Chaskey permutation

Authorized licensed use limited to: Visvesvaraya Technological University Belagavi. Downloaded on January 17,2022 at 10:04:44 UTC from IEEE Xplore. Restrictions apply.
 Industry Table Column Head
Energy Remote Terminal Unit (Cortex A9)

B. SIMD-based Authenticaion Protocol

The proposed protocol utilizes a pre-shared key distribution
scheme considering low-power and low-performance IoT
devices. The notation used in the protocol is shown in Table 2
below.

TABLE II. A DESCRIPTION OF NOTATION USED IN PROTOCOL

Notation Description

Fig. 5. LEA encryption and decryption process Identifier(ID) of x

Extra-Authentication data
_
(fingerprint, iris etc.)
III. PROPOSED SCHEME Timestamp

A. Applicable Target Processor in IoT industry Nonce value generated by x

The SIMD-based authentication protocol proposed in this Pre-Shared Key

paper is applied to the ARM processor which is widely Session Key
distributed and distributed in various IoT devices. Among them,
IoT devices that collect information from these IoT sensors and … Encryption with k
perform their own processing or processing themselves, rather … Decryption with k
than IoT sensors that perform only information gathering
functions, are the subjects of this paper. These IoT devices are … Generate MAC with k
equipped with Cortex A or higher processors among the ARM IoT device
processors. Table 1 below shows examples of IoT industry
Verifier
devices that are equipped with Cortex A processor[4]. (gateway or user device)

TABLE I. MAJOR DEVICE AND PROCESSOR TYPE BY IOT INDUSTRY SECTOR

Figure 6 shows the overall process of an SIMD-based
Industry Table Column Head authentication protocol.
Home gateway (Cortex A9)
Smart home
Thermostat (Cortex A8) In order to speed up the protocol proposed in this paper, a
cryptographic algorithm and a MAC algorithm suitable for
Medical Smart watch (Cortex A9)
parallel processing are selected. The selected algorithms can
Automovice sensor (Cortex A9) improve performance by actively utilizing Neon, the SIMD
Tranportation
Electronic Control Unit (Cortex A9)
technology provided by ARM Cortex A.

Fig. 6. Overall process of proposed authentication protocol

Authorized licensed use limited to: Visvesvaraya Technological University Belagavi. Downloaded on January 17,2022 at 10:04:44 UTC from IEEE Xplore. Restrictions apply.
 • Encryption/Decryption algorithm: LEA-128-CTR

• MAC algorithm: Chaskey

The LEA-128-CTR is composed of only ARX operation. In
the CTR mode, it is possible to parallelize both encryption and
decryption, so it can be speeded up by using SIMD, and code
size can be minimized because only encryption code is required.
In addition, the Chaskey algorithm is composed of only
ARX operations, and is a high-speed MAC algorithm adapted to
a 32-bit microcontroller. In addition, since there is no key
scheduling process, the code size can be minimized.

C. Security Analysis
The equations are an exception to the prescribed
specifications of this template. You will need to determine Fig. 7. Example of replay attack
whether or not your equation should be typed using either the
Times New Roman or the Symbol font (please no other font). • Message Modification Attack
To create multileveled equations, it may be necessary to treat the
equation as a graphic and insert it into the text after your paper The adversary can modulate the messages obtained through
is styled. steps ②, ⑧ and ⑫. However, if the and MAC values and the
encryption data are modulated, it is possible to check whether or
The security of the proposed protocol in this paper is based not the message is modulated in each message verification
on the security of PSK distributed in advance. Therefore, the process.
following assumptions are essential for the proposed protocol.
• Assumption 1) The process of distributing the PSK in
advance is a perfectly secure process.
• Assumption 2) Each Entities(Device, Verifier etc.) are
managing the PSK securely.
When the above assumptions are followed, the protocol can
be secured against representative attacks on the authentication Fig. 8. Example of message modification attack
protocol.
Even if the ID value is modulated, the PSK that can be
The step number and data transmitted in the proposed matched with the corresponding ID is not the correct decryption
protocol are as follows. These messages are also the only key. Therefore, message decryption fails and the protocol is
information an adversary can acquire. terminated.
② , , … , …
D. Processing Speed Analysis
⑧ … , …
Table 3 below shows data on the processing time of the
⑫ … SIMD method and the non-SIMD method when performing
authentication for various IoT devices in terms of the verifier in
• Eavesdropping Attack the proposed protocol.
Significant information that an adversary can obtain through
eavesdropping attack during the authentication process of the TABLE III. PROCESSING TIME DATA OF NON-SIMD AND SIMD
proposed protocol is only the and the value.
Size of Processing Time (ms) Speed ratio of
However, these information are either public or temporary.
Auth_Data Non-SIMD (A) SIMD (B) SIMD (A/B)
Therefore, confidential information (PSK, SK, EA_Data etc.) is
not exposed by eavesdropping attack. 1k 2.364 1.862 1.27

• Replay Attack 10k 2.403 1.914 1.26

The following figure shows an example of a Replay attack. 100k 2.753 2.036 1.35
The only messages that adversary can use in replay attacks are 1M 6.379 4.396 1.45
the messages obtained in steps ②, ⑧ and ⑫. However, each
2M 10.364 6.397 1.62
message contains a timestamp and a nonce value that can be
used to verify the time validity of the message. Therefore, a 5M 22.391 12.764 1.75
replay attack can be prevented by verifying the message as
10M 42.354 22.770 1.86
shown in Figure 7.

Authorized licensed use limited to: Visvesvaraya Technological University Belagavi. Downloaded on January 17,2022 at 10:04:44 UTC from IEEE Xplore. Restrictions apply.
 Figure 9 is a graph showing the processing time and the
processing speed ratio of SIMD and non-SIMD. Through the
above graph, it can be seen that the effect of high-speed parallel
processing increases as the size of authentication data increases.
Fig. 9. Processing speed comparison graph
IV. CONCLUSIONS
In this paper, we propose a protocol to perform
authentication procedure for IoT devices. We propose a protocol
that can actively utilize SIMD technology as a method to make
lightweight and high speed authentication process of ARM
Cortex A processor which is widely used and applied in various
industrial fields.
Authorized licensed use limited to: Visvesvaraya Technological University Belagavi. Downloaded on January 17,2022 at 10:04:44 UTC from IEEE Xplore. Restrictions apply.
In the future, we will study the lightweight of the IoT
authentication protocol that can be used in various processors
besides ARM.
ACKNOWLEDGMENT
This work was supported by the National Research
Foundation of Korea(NRF) grant funded by the Korea
government(MSIT) (No. NRF-2017R1E1A1A01075110).
REFERENCES
[1] McAfee Labs, “McAfee Labs Threats Report December 2018,”
December, 2018
[2] Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe,
Bart Preneel and Ingrid Verbauwhede, “Chaskey: An efficient MAC
Algorithm for 32-bit Microcontrollers,” SAC 2014, vol.8781, pp.306-
323, 2014.
[3] Deukjo Hong, Jung-Keun Lee, Dong-Chan Kim, Daesung Kwon, Kwon
Ho Ryu and Dong-Geon Lee, “LEA: A 128-Bit Block Cipher for Fast
Encryption on Common Processors,” in Information Security
Applications: 14th International Workshop, WISA 2013, Jeju Island,
Korea, August 19-21, 2013.
[4] Ministry of Science, ICT and Future Planning, Korea Internet Security
Agency, “Guide to Using Password Authentication Technology in
Internet (IoT) Environment,” March, 2017
[5] Liu Cheng, Lin shenwen, Li Yingbo, Li Na and Wang Xuren, “A Secure
and Lightweight Authentication Protocol for RFID,” in 2015 IEEE 5th
International Conference on Electronics Information and Emergency
Communication. pp.317-320, May 2015.
[6] Mohamed Amine Ferrag, Leandros A. Maglaras, Helge Janicke, Jianmin
Jiang and Lei Shu, “Authentication Protocols for Internet of Things: A
Comprehensive Survey,” in Security and Communication Networks.
Volume 2017, Article ID 6562953, 41pages, September 2017.