See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/361064265

Cryptographic algorithms in IoT - a detailed analysis

Conference Paper · December 2021

DOI: 10.1109/ICCMST54943.2021.00021

CITATION READS
1 63

2 authors, including:

Pavandeep Kaur
Chandigarh University
8 PUBLICATIONS 12 CITATIONS

SEE PROFILE

All content following this page was uploaded by Pavandeep Kaur on 03 July 2022.

The user has requested enhancement of the downloaded file.

 2021 2nd International Conference on Computational Methods in Science & Technology (ICCMST)

Cryptographic algorithms in IoT- a detailed analysis

Pavandeep Kaur Shivani Aggarwal
Apex Institute of Technology Apex Institute of Technology
Chandigarh University Chandigarh University
2021 2nd International Conference on Computational Methods in Science & Technology (ICCMST) | 978-1-6654-5866-5/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICCMST54943.2021.00021

Punjab, India Punjab, India

[email protected] [email protected]

privacy occur when many networks are joined in this way

Abstract— IOT is quickly becoming
a fundamental platform for interconnected devices. With
such an advancement in technology, interconnected
devices are also having security issues. As a matter of
fact, Internet of Things (IoT) security has become a
critical challenge. Because scalable systems and services
are subject to a variety of vulnerabilities and data
breaches, more confidentiality and anonymity are
necessary. This paper presents cryptographic approach
using symmetric and asymmetric encryption techniques
for IoT security along with their comparison. This
research aims to provide a detailed examination of RSA,
Blowfish, Diffie-Hellman, ECC and other cryptographic
schemes.
Keywords— Internet of things, cryptography, algorithms,
encryption, decryption
[4]. This is when cryptography enters the picture.
ORGANIZATION OF THE PAPER
Rest of the paper is organized as – Section 2 describes
cryptography, Section 3 consists of different cryptographic
algorithms. Section 4 depicts the performance comparison
of cryptographic algorithms. Section 5 contains the results.
Section 6 concludes the paper.
2. OVERVIEW OF CRYPTOGRAPHY
The application of mathematical techniques to offer security
services such as secrecy, data integrity, authentication, and
authorization is known as “cryptography” [5]. As seen in
Figure 1, cryptography is the solution to IOT security
requirements.

1. INTRODUCTION
This study examined cryptography research in relation
to IoT security in depth. Kevin Ashton coined the phrase
"Internet of Things" in 1998 to characterize the future of the
internet and ubiquitous computing [1]. "Internet of Things"
is abbreviated as "IoT." The Internet of Things (IoT) is a
built-in innovation that allows "Things" to be physically
connected and accessible through the internet. In this sense,
"things" can refer to anything that can interact with one
another without the need for human involvement, such as
household appliances, vehicles, machinery, and so on.
Machine-to-machine communication [2] is a means of
Fig.1. Cryptography as a security service
linking smart devices.
In the IoT ecosystem, security concerns like as privacy, safe
Cryptography is the study of transforming plaintext into an
storage and administration, authorization, communication,
unreadable form (cipher-text) by encryption and then
and access control are critical and complex challenges. The
decrypting the cipher-text back to plaintext. Cryptography is
widespread adoption of IoT sensors and applications results
a new term that secures data more efficiently while using
in a plethora of network security flaws and attacks.
less resources and delivering higher throughput, stability,
Common security models suffer from a variety of
and low power consumption. The cryptographic algorithms
drawbacks as a result of their restricted processing
are further classified into 2 types: (a) Symmetric and (b)
capabilities. As a result, IoT security should be increased by
Asymmetric.
ensuring connectivity, allowing only authorized users to
Any step done to prevent a computer system against any
access data. Cryptography algorithms are the most secure
unauthorized access or information exploitation by an
methods for IoT resources.
intruder is referred to as “security”. On a daily basis, hostile
The security of IoT applications in the workplace is another
activities include the breach of confidentiality, credit card
big potential threat. When an unauthorized entrant obtains
robberies, the leaking of economic information, and
the sensing data from a smart device from a major corporate
malware infection on computer systems [6].
unit, the attacker use it to spy on the company. As a result, It
The following recommendations are made in order to
is possible that IoT security will be extra difficult to achieve
achieve computer network protection:
than traditional security[3]. This is because the Internet of
x Confidentiality: It protects system information
Things (IoT) includes a collection of networks that require
from illegal access coming from external sources.
security in a range of domains, including the Internet, sensor
It is maintained in a variety of approaches. The
networks, as well as mobile networks. Additional challenges
most prevalent methods for accomplishing this are
like as administration, access control, authentication, and
cryptographic techniques and access control.
Cryptography is the technology used to encode the

978-1-6654-5866-5/21/$31.00 ©2021 IEEE 45

DOI 10.1109/ICCMST54943.2021.00021

Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
 target data, and it cannot be employed by any party
unless it has the decryption key. RSA, DSA, and
AES are examples of popular encryption
algorithms. Inappropriate accessibility
confidential material is prohibited to anybody
whose actual identity cannot be confirmed
throughout the access control procedure. [7].
x Integrity: data that have not been altered with by
an unintelligible entity are said to be integrated [8].
x Authentication: Authentication is the process of
confirming a system resource user's identity [8].
x Non-repudiation: A node can never deny an
action it has taken, such as sending a message.
x Availability: Authorized people have accessibility
to system resources.
x Confidentiality: the user's identity cannot be
determined from his actions in the system.
x Authorization: It is a means of determining user
permissions or access levels to system resources.
3. DIFFERENT CRYPTOGRAPHIC ALGORITHMS
Message integrity checks, encryption, entity authentication,
and other services are given by symmetric ciphers, but
asymmetric ciphers also provide non-repudiation and key
management. Symmetric ciphers are classified into 2 types -
stream cipher and block cipher.
(a) Stream ciphers create an output cipher stream by
synthesizing plain-text digits with a pseudo-random key
stream. They are also known as “state ciphers” since the
pseudo-random secret sequence is produced via a hidden
internal state and these ciphers process the message a bit or
byte at a time. The key stream is frequently merged with the
plain-text using a bit-wise “XOR” operator during the
encryption process. The identical key stream is generated at
the receiver end, and it is used to decode the cipher and
return the plaintext.
(b) Block Ciphers are encryption algorithms that process
data in blocks of fixed sizes. To produce cipher-text blocks,
plaintext blocks get combined with a key. It is used for
encrypting the data, message integrity & authentication,
random bit formation, hashing, and other similar tasks. The
most significant block ciphers, presumably, are AES and
DES.
Figure 2 depicts symmetric and asymmetric cryptographic
g
algorithms.
Fig.2. Cryptographic algorithms
Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
3.1 ASYMMETRIC ALGORITHMS
Asymmetric cryptography uses two unique keys, it provides
more security: a public key that is only used to encrypt data,
to keeping it secure for everyone to use, and a private key that
is only used to decode messages yet don't ever needed to be
shared.
3.1.1 RSA
RSA being a public-key cryptography technique that
provides encryption and digital signatures [9] was called
after its developers (Rivest, Shamir, and Adleman) in 1977.
It is indeed modeled on the computational challenges of
factoring large prime numbers. To encrypt and decode data,
a public key (e) and a private key (d), both positive integers,
are employed. Here's how it works [18]:
Step 1. Select any 2 random values p,q (p must not be equal
to q, and both should be prime). Let p=17, q=11.
Step 2. Calculate n as:
n = p x q = 17 x 11= 187
Step 3. Next Φ(n) is calculated by:
Φ(n) = (p-1)(q-1) = (17-1)(11-1)= (16)(10)= 160
Now take value of public key ‘e’ such that e is relatively
prime with Φ [range 1< e < Φ(n) i.e 1< e < 160]. Let e=7.
Step 4. Now calculate private key ‘d’ as:
d=e^(-1) mod [Φ(n)]= 7-1 mod 160= 23
Manually put values, (n,e)=(187,7) and (187,23)= (7,23)
For example, if the message value is 4, then ciphertext can
be calculated as:
C = me mod n= C=47 mod 187 = 16384 mod 187 = 115
Therefore, the encrypted message (c) is 115.
The encrypted message (c) is then decrypted with:
M=cd mod n= 11523 mod 187= 4, which is equal to the
message value.
RSA is more secure than any other symmetric key
technique, and its benefits in cryptography include
authenticity and confidentiality. The sole disadvantage is
that RSA requires excessive processing.
3.1.2 DH (Diffie Hellman)
(Whitfield Diffie and Martin Hellman, 1976) developed the
Diffie-Hellman (DH) algorithm, which is a cryptographic
technique [10]. It lets 2 entities to communicate by agreeing
on a symmetric key, which is used to encode and decode
data. The algorithm is created using mathematical ideas. DH
is an algorithm for sending a shared secret among two users
via a public network. This shared secret is required in order
for two users who have never communicated before to
encrypt their communications. Figure 3 shows steps of
Diffie Hellman algorithm.
46

Fig.3. Steps of DH algorithm
3.1.3 ABE
ABE is an abbreviation for “attribute-based encryption”,
which is a sort of public key encryption. In this
cryptographic technology, the encryption of data is done
using a Boolean formula. This formula is called access
policy, which other parties must fulfil in attempt to decipher
the cipher text [12]. This approach is highly helpful on the
Internet of Things since it offers fine access control as well
as encryption.
The two basic types of ABE approach are (a) key policy
(KP-ABE) and (b) cipher-text policy (CP-ABE).
(a) KP-ABE - (Goyal et al.) developed the first KP-ABE
implementation [24], which enabled access policies to
somehow be defined using any monotonic formula over
encrypted data. Under the Bilinear Diffie-Hellman
assumption, the system was shown to be selectively secure.
Later, by including revocation methods into that KP-ABE
scheme, Ostrovsky et al. [25] introduced a KP-ABE system
in which private keys can reflect any access formula over
attributes, including non-monotonic ones.
(b) CP-ABE – It combines the tree access structure into
cipher-text and construct the users' secret keys by mixing
attribute sets [19]. The CP-ABE algorithm is not the same
as the standard ABE method. The quantity of system
characteristics has no effect on the length of public keys and
parameters. It uses two-level random masks for eliminating
the chances of user collision.
Setup, Encrypt, KeyGen, and Decrypt are the 4 core
algorithms of a ciphertext-policy attribute-based encryption
method. The setup algorithm takes implicit security
parameter. It returns the public parameters PK and a master
key MK as an output. The Encrypt method is similar to the
KeyGen algorithm of KP-ABE, with the exception that
Pr(0) = s. The decrypt algorithm is identical to KP-ABE,
except the number of bilinear pairing operations is twice.
Because the access tree is embedded in the cipher-text, data
access control is feasible in CP-ABE, however KP-ABE
47
Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
seems to have no access control because the access tree is
comprised of the users' key.
3.1.4 ECC
Victor S. Miller and Neal Koblitz introduced ECC in 1985
[16]. ECC's ability to operate on finite domains is a critical
feature. Eq. (1) defines elliptic curve as:
y2 = x3 + ax + b................................................. (1)
ECC is an encryption technique focused primarily on the
algebraic mathematical structure that has a smaller message
size and requires minimal keys than other public key
systems. Even though ECC works with fewer keys but still
provides the high degree of sustainability and security.
ECC is always symmetric to x-axis [17]. As shown in figure
4, line touches maximum three points.
Fig.4. Elliptic curve
Step 1- Let Ep(a,b) be the elliptic curve. Consider the Eq.
(2):
Q=k*P ………………………………….. (2)
here we can calculate Q very easily if we know the values of
k and P, but it is very difficult to find k if we know the
values of Q and P. This problem is called discrete logarithm
problem.
Step 2 - Let 'q' be any prime number or an integer of the
form 2m. Let 'G' be a point on the elliptic curve whose order
is large value of n.
Step 3 - For user A, Select private key 'na' such that na<n.
Calculate public key Pa as: Pa = na x G
Step 4 - For user B, Select private key 'nb' such that nb<n.
Calculate public key Pb as: Pb = nb x G
Step 5 – Calculate secret key by user A, ka=k=na x Pb
Step 6 – Calculate secret key by user B, k=nb x Pa
Step 7 – Perform encryption as: Cm={kG, Pm + kPb}
To safeguard internal communications, the US government
employs the ECC algorithm. It is the technique for proving
bitcoin ownership. It adds digital signatures to Apple's
iMessage service.
3.2 SYMMETRIC ALGORITHMS
Symmetric algorithms are cryptographic algorithms that
employ the similar cryptographic keys for encryption of
plain-text and decryption of cipher-text.
3.2.1 DES
The Data Encryption Standard is a symmetric key technique
for encrypting data in order to protect it from an attacker or
an unauthorized user [13]. DES has a great deal of power in
the security field since it protects data. In 1997, the National
Bureau of Standards had adopted DES, which is now known
as Federal Information Processing Standards. DES encrypts
data in 64-bit blocks with a 56-bit key. The method turns
64-bit input into 64-bit output in a succession of stages, as
shown in Figure 5. To reverse the encryption, the same
techniques and key are required [23].
Fig. 5. DES Encryption and decryption process
The Triple DES technique offers more security and requires
minimal time to perform operations like encryption and
decryption than other cryptography methods. But DES is not
secure enough because of too short key length i.e 56 bits.
3.2.2 AES
The AES algorithm encrypts and decrypts data using a
single key [14]. The AES algorithm takes input blocks of
128, 192, and 256 bits in size. It is determined by the length
of the key.
TABLE I. No. of iterations as per key size
KEY SIZE NO. OF ITERATIONS
128 bits 10
192 bits 12
256 bits 14
Plain text is turned into encrypted text in this approach after
going through many steps as shown in figure 6, such as byte
substitution, row shift, mix column, and round key [20].
x Sub Byte: For sub-byte round, all bits in state are
replaced by the other, as done in Rijndeal S-Box.
x Shift Row: All rows are moved to the left by a four
- fold.
x Mix Column: In this case, the linear
transformation is performed on the array's columns.
x Add Round Key: After iterations, each byte of the
state is coupled with a round key, that is obtained
from the Rijndeal key scheme [22].
48
Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
Fig. 6. Working of AES algorithm
3.2.3 BLOWFISH
In 1993, Bruce Schneier invented the blowfish block cypher
[15]. It employs a fixed 64-bit block with key lengths
varying from 32 to 448 bits. Depen ding on the switch, it
also employs huge S-boxes. It is an adaptable algorithm that
has not been cracked. It is also among the fastest ciphers for
public usage. Blowfish Algorithm is a Feistel network-based
symmetric block cipher that iterates basic cryptographic
operations like encryption and decryption 16 times. Feistel
is a mechanism for quickly converting any function into a
permutation. The sole prerequisite for decrypting the
encrypted text is to reverse the key schedule. The crucial
point BA expansion begins with the P-array and Sboxes [21]
and involves the usage of multiple sub-keys, which
necessitates pre-compilation prior to data encryption or
decryption.
Steps of Blowfish Algorithm are:
Step 1 - The Blowfish method employs a 64-bit block size,
and length of produced key ranges between 32 and 448 bits.
The algorithm is divided into two sections. The first is for
key expansion, while the second is for data encryption.
Step 2 - Once the request is received, the key expansion
turns the 448 bits of a key into sub-keys, causing the array
to grow to 4168 bytes in size.
Step 3 - For data encryption, the technique employs a 16-
round Feistel cipher along with massive key-dependent S-
boxes.
Step 4 - Each cycle of substitution in the S-boxes has a
unique permutation key.
In Blowfish, the P-array has 18 entries, whereas the S-boxes
contains four 256-entry entries. S-boxes are then employed
to transform the 8-bit input to a 32-bit output. Once all the
rounds are completed except last one, each half of the data
block is XORed along with one of the P-entries that has not
yet been utilised. The new adjusted subkeys are then used to
encrypt P1 and P2. For producing fresh subkeys for the P-
array and the four S-boxes, the Blowfish cipher repeats this
method 521 times.
 4. COMPARISON OF CRYPTOGRAPHIC 6. CONCLUSION
ALGORITHMS
IoT has revealed a major security flaw that affects
TABLE 2. Comparison of cryptographic algorithms everything from authentication, authorization to trust
management, as well as a danger to its embedding systems.
Algo Created By Key size Block Security Spee
rith size d Cryptographic techniques were used to explore IoT security
m in this study. Security has to be a primary issue while
RSA Rivest, 1024 to 128 bits Excellent Slow designing the IoT ecosystem. Cryptography algorithms are a
Shamir, 4096
Adleman bits
highly strong mechanism for safeguarding the network's
DH Whitefield Variable - Good Slow physical layer, and they are critical for the effective security
Diffie, of the core network design. ECC has shown to be the safest
Martin and most efficient encryption method.
Hellman
ABE Amit Sahai, - - Good Slow
Brent
REFERENCES
Waters,
Vipul [1] Wu, M. et. al., (2012) “Research on the architecture of Internet of
Goyal, things”. The Proceedings of 3rd International Conference on
Omkant Advanced Computer Theory and Engineering, 20–22 Aug, Beijing,
Pandey China.
ECC Victor S. Variable Variable Excellent Fast
Miller, Neal [2] Shah A., Engineer M. (2019) “A Survey of Lightweight
Koblitz Cryptographic Algorithms for IoT-Based Applications”. Smart
DES IBM 56 bits 64 bits Not secure Slow
Innovations in Communication and Computational Sciences.
Advances in Intelligent Systems and Computing, vol 851.
AES Vincent 128, 128 bits Adequately Fast Springer.
Rijmen, 192, 256 secured [3] Radoglou Grammatikis, P. I., Sarigiannidis, P. G., & Moscholios, I.
Joan bits D. (2019). “Securing the internet of things: Challenges, threats and
Daemen solutions”. Internet of Things, 5, 41–70.
Blow Bruce 32-448 64 bits Secure Fast [4] Kouicem, D. E., Bouabdallah, A., & Lakhlef, H. (2018). “Internet of
-fish Schneier bits enough things security: A top-down survey”. Computer Networks, 141, 199–
221.
Figure 7 demonstrates the usage of cryptographic algorithms [5] Zeadally, S., Das, A. K., & Sklavos, N. (2019). “Cryptographic
in IoT. technologies and protocol standards for internet of things”. Internet of
Things.
[6] Rauscher, J., & Bauer, B. (2018). “Safety and security architecture
analyses framework for the internet of things of medical devices”.
2018 IEEE 20th international conference on e-health networking,
applications and services.
[7] Lu, X., Pan, Z., & Xian, H. (2019). “An integrity verification scheme
of cloud storage for internet-of-things mobile terminal devices”.
Computers & Security.
[8] Rivest, R., Shamir, A., & Adleman, L. (1978). “A method for
obtaining digital signatures and public-key cryptosystems”.
Communications of the ACM, 21(2), 120–126.
[9] Kandhoul, N., & Dhurandher, S. K. (2019). “An asymmetric RSA-
based security approach for opportunistic IoT”. 2nd international
conference on wireless intelligent and distributed environment for
communication. Springer International Publishing.
[10] A. El Emine Sejad, K. Wane Keita, K. Tall and I. Diop, (2020)
"Proposal of a DH optimization model," 2020 International
Conference on Computer, Information and
Fig.7. Use of Cryptographic algorithms in IoT Telecommunication Systems, pp. 1-5.
[11] Shah, R. H., & Salapurkar, D. P. (2017). “A multifactor
5. RESULTS authentication system using secret splitting in the perspective of cloud
of things”. 2017 international conference on emerging trends &
ECC is employed to provide excellent security in small innovation in ICT.
devices. In comparison to alternative asymmetric [12] Pace, G. J., Picazo-Sanchez, P., & Schneider, G. (2018). “Migrating
approaches now in usage, ECC employs a minimal amount monitors ? ABE: A suitable combination for secure IoT?” Leveraging
of keys while providing good security. ECC with a small applications of formal methods, verification and validation. Industrial
key size saves money in considerations of memory and practice. Springer International Publishing.
computational power. As a result, ECC is strongly advised [13] Chandi, P., Sharma, A., Chhabra, A., & Gupta, P. (2019). “A DES-
based mechanism to secure personal data on the internet of things”. In
for the creation of lighter and faster cryptographic ICCCE 2018. Springer.
algorithms that can run on small machines. RSA also [14] Cruz-Duarte, S., Sastoque-Mahecha, M., Gaona-Garcı´a, E., &
provides excellent level of security but it is significantly Gaona-Garcı´a, P. (2019). “Security scheme for IoT environments in
slower than ECC. Blowfish is substantially quicker than smart grids”. In Information systems and technologies to support
learning. Springer International Publishing.
DES, but the performance improvement is slower since it
[15] Schneier, B. (1993). “Description of a new variable-length key, 64-bit
requires significantly more memory for sub-key and S-box block cipher (blowfish), fast software encryption”. Cambridge
setup. DES is least secure and slow among all other security workshop proceedings. Springer (pp. 191–204).
cryptographic algorithms.

49

Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
 [16] Miller, V. S. (1986). “Use of elliptic curves in cryptography”.
Advances in cryptology—CRYPTO ’85 proceedings. Berlin,
Heidelberg: Springer.
[17] Mousavi, S.K., Ghaffari, A., Besharat, S. et al. (2021) “Security of
internet of things based on cryptographic algorithms: a
survey”. Wireless Netw 27, 1515–1555.
[18] Xin Zhou and Xiaofei Tang, (2011) "Research and implementation of
RSA algorithm for encryption and decryption," Proceedings of 2011
6th International Forum on Strategic Technology, pp. 1118-1121.
[19] Y. Yan, M. B. M. Kamel and P. Ligeti, (2020) "Attribute-based
Encryption in Cloud Computing Environment," 2020 International
Conference on Computing, Electronics & Communications
Engineering, pp. 63-68.
[20] S. Mewada, P. Sharma and S. S. Gautam, (2016) "Exploration of
efficient symmetric AES algorithm," 2016 Symposium on Colossal
Data Analysis and Networking, pp. 1-5.
[21] A. Alabaichi, F. Ahmad and R. Mahmod, (2013) "Security analysis of
blowfish algorithm," 2013 Second International Conference on
Informatics & Applications (ICIA), pp. 12-18.
[22] B. Bhat, A. W. Ali and A. Gupta, (2015) "DES and AES performance
evaluation," International Conference on Computing, Communication
& Automation, pp. 887-890.
[23] O. Reyad, H. M. Mansour, M. Heshmat and E. A. Zanaty, (2021)
"Key-Based Enhancement of Data Encryption Standard For Text
50
Authorized licensed use limited to: Marvell International Ltd. Downloaded on June 16,2022 at 13:06:23 UTC from IEEE Xplore. Restrictions apply.
View publication stats
Security," 2021 National Computing Colleges Conference (NCCC),
pp. 1-6.
[24] V. Goyal, O. Pandey, A. Sahai, and B. Waters, (2006) “Attribute-
based encryption for fine-grained access control of encrypted data,”
in Proceedings of the 13th ACM Conference on Computer and
Communications Security (CCS '06), pp. 89–98..
[25] R. Ostrovsky, A. Sahai, and B. Waters, (2007) “Attribute-based
encryption with non-monotonic access structures,” in Proceedings of
the 14th ACM Conference on Computer and Communications
Security (CCS '07), pp. 195–203.
Author(s) Profile
Pavandeep Kaur has received her Bachelor in Computer
Science Engineering (Internet of Things) from Chandigarh
University, Punjab. She is currently pursuing her Masters in
CSE (Cloud Computing) in collaboration with Virtusa from
Chandigarh University, Punjab. Her key areas of interest
include Internet of Things and Cloud Computing.
Shivani Aggarwal is an Assistant Professor at AIT-CSE
department in Chandigarh University, Punjab. Her area of
expertise includes Artificial intelligence, Machine learning,
Soft Computing, and Deep learning.