See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/318040830

Complexity of Cyber Security Architecture for IoT Healthcare Industry: A

Comparative Study

Conference Paper · August 2017

DOI: 10.1109/FiCloudW.2017.100

CITATIONS READS

44 1,251

2 authors:

Aysha Alharam Wael Elmedany

Khalifa University University of Bahrain
5 PUBLICATIONS 81 CITATIONS 43 PUBLICATIONS 404 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Wael Elmedany on 30 June 2017.

The user has requested enhancement of the downloaded file.

 Complexity of Cyber Security Architecture for IoT
Healthcare Industry: A Comparative Study
Aysha K. Alharam, and Wael El-madany
Computer Engineering department
University of Bahrain
Manama, Bahrain
[email protected]
,
[email protected]
Abstract— In recent years a wide range of wearable IoT
healthcare applications have been developed and deployed. The
rapid increase in wearable devices allows the transfer of patient
personal information between different devices, at the same time
personal health and wellness information of patients can be
tracked and attacked. There are many techniques that are used
for protecting patient information in medical and wearable
devices. In this research a comparative study of the complexity
for cyber security architecture and its application in IoT
healthcare industry has been carried out. The objective of the
study is for protecting healthcare industry from cyber attacks
focusing on IoT based healthcare devices. The design has been
implemented on Xilinx Zynq-7000, targeting XC7Z030 - 3fbg676
FPGA device.
Keywords—Cyber-Security; Xilinx IP cores; Encryption; AES;
Healthcare; IoT
I. INTRODUCTION
Internets of Things (IoT) health care applications are
critical applications where a very high security is required in
the process of storing or processing data. Part of securing this
system is having strong Encryption/Decryption algorithms.
Advanced Encryption standard (AES) is a well-known
algorithm from 2001. It is considered to be faster and stronger
than other traditional algorithms such as DES, 3DES and
Bluefish and many other algorithms. Despite the fact that it is a
very strong application; it needs some development in order to
be suitable for the IoT type of applications due to the limited
power, area and memory available. This can be done by
minimizing the area of design and the time required for
processing. Optimizing the area of design needs to study the
original design of AES algorithm.
In the field of implementing AES algorithm in IoT
application discussed in different research. Many studies
proposed different ways of improvements on AES algorithm to
suit the IoT framework of applications. An example of these
studies is shown in [1] where authors adapted AES
implementation by having reconfigurable design. They target
consuming the energy by activating process elements subset at
a time. This design is used to select the number of rounds
dynamically and it ends up with good energy consumption and
an optimized throughput. Another research proposed by
authors in [2] implemented an efficient AES-CCM IP core on
FPGA board. This done by implementing AES with 128bit key
size and then optimizing the developed code to minimize the
hardware complexity using iterative design approach. Their
research results that hardware complexity is optimized to suit
such a critical application as healthcare application.
In this paper, the complexity of cyber security architecture
for IoT healthcare industry has been considered to optimize the
design of IoT healthcare devices. The complexity issue in a
comparative study has been carried out using Xilinx tools, and
focusing on the optimization of S-box implementation. The
complexity of different architectures have been compared
based on resources utilization, S-box design using Xilinx IP
core has been considered as one of the chosen architectures
with an advantages of short time to market. This paper is
organized as follows; in the second section a literature review
is provided. In section three, AES Encryption process with its
stages is introduced. Section four discussing the IP core design;
the implementation of S-box using different methods design is
given in section five. Section six shows the results and
discussion. Finally section seven concludes this paper and
provides the future work.
II. LITRETURE REVIEW
There are many researches and studies introduced about
optimizing the AES algorithm design by optimizing the design
area of the S-box component. Some of these researches use
fixed tables of 256 values to be implemented where no
calculation is required, only direct matching between input
value and output value. Other researches use the function of
calculating the S-box values and implement it using
combinational logic gate in order to optimize the design area
traditional Look Up Tables (LUT).
Authors in [3] proposed a study that targets the optimization
of the throughput, area and power in the design of AES-128
Encryption method. The proposed design is implemented only
for AES-128 bit. They introduced two architectural designs
using the concept of partial loop unrolling and the use of
iteration and multistage pipelining. Their designs were
implemented using VHDL language on a Xilinx 14.2 Virtex-5
XC5VLX50-3 FPGA device. And they tested the power
consumption on Vivado 2014.4 on Zynq-7000
XC7Z010clq225-3 FPGA device. The result of this study is
that the first design had throughput of 34.08 Gbps while the
other one was 34.09 Gbps. Both designs consume a dynamic
power of around 455 mV.

Paper in [4] entitled “An ASIC implementation of low area

AES encryption core for wireless networks” produced an AES
core for wireless network application where area is limited.
This has been done by producing an optimized S-box design
in order to minimize the required area. The result of this paper
is that the AES produced core had a maximum frequency of
452.5 MHz and an efficient design compared to other designs. Fig. 1. AES algorithm-Encryption Structure [6].

Authors in [5] introduced an architectural design for

implementing AES encryption algorithm in an optimized way.
This is achieved by reducing the design complexity of the S-
Box component. They used combinational logic gates by
simplifying the equations in order to use AND, OR, NOT and
multiplexer logic gates. They implemented their design on
Virtex II FPGA chip. The result of this paper was that
theoretically the overall delay of the design was reduced
efficiently.
III. AES ENCRYPTION
AES Encryption algorithm is a symmetric block cipher
algorithm. It is a private key and it was published by NIST
(National Institutes of Standards and technology) to replace
the existing Data Encryption Standard (DES) algorithm. AES
was known for its efficiency and its fast and strong algorithm.
Basically, the input block size for AES is 128bit, and key size
is 128,192 and 256bit. This paper discusses the 128bit key
size. 128-AES uses 11 rounds for operations. According to the
operation flow by Rajender shown in Fig. 1, there are four
basic functions used I different stage and Nr=10 since it is
128bit key size. These functions are:
• AddRoundKey(): this function uses to XOR the key
with the output from the previous round.
• ByteSubsitution(): it is the only non-linear function
in the design. This function is done through two
transformations: taking the multiplicative inverse and
then the affine transformation.
• ShiftRow(): this function uses to shift the second,
third and fours row in the output state from the Byte
Substitution function. this shifting is done as shift-
left.
• MixColunm(): this function is done by using four
functions, each function is for finding the value of
single row by changing the values from the columns
only.
These functions are done in the rounds, where some of
them are done in all rounds and others are only done in certain
rounds. The Round operations done in three stages are shown
in Table I.
TABLE I. OPERATION FUNCTIONS IN EACH ROUND
Round No Functions
0 AddRoundKey( )
AddRoundKey( )
ByteSubsitution( )
1 to 9
ShiftRow( )
MixColunm( )
ByteSubsitution( )
10 ShiftRow( )
MixColunm( )
IV. INTELLECTUAL PROPERTY CORE DESIGN
The rapid increase in using FPGA devices with high
capacity has enabled the implementation of complete
sophisticated systems into a single programmable chip. “The
widening design productivity gap and shrinking time-to-
market window have made licensing of external IP cores for
system development pervade” [7]. “Intellectual property (IP)
cores in FPGAs are being used widely as these provide high
flexibility and efficiency at low cost and low time-to-market”
[8]. Xilinx IP core refers to preconfigured logic functions that
can be used in your design. Xilinx provides a wide selection
of IP cores that is optimized for Xilinx FPGAs programmable
chips. IP core provided by Xilinx for FPGAs which is
included in the ISE tools. It provides a highly parameterized
cores catalogs of designs like Digital signal processing (DSP),
Automotive communication basic component like Decoder
and Multiplexer, and Memory Blocks such as ROM and
RAM.
 V. S-BOX IMPLEMENTAION
According to the literature review, the byte Substitution
function is considered to be the most costly function in terms
of design complexity because it is the only nonlinear function
and if it is implemented using lookup table it will require lots
of resources such as memory or lookup tables. In order to
reduce the design complexity of the AES algorithm, the
complexity of byte substitutions function design has to be Fig. 3. Top-Down Module for Architecture-1
optimized, as most of the design complexity is included in the
TABLE II. DEVICE UTILIZATION SUMMARY FOR ARCHITECTURE-1
byte substitutions function.
S-box Design for Architecture-1 (05/29/2017 - 22:23:00)
Basically for optimizing this component it has been Project File: sbox.xise Parser Errors: No Errors
implemented first using lookup tables but in different ways. In Module Implementation
sbox_ROM Mapped
this paper the design of byte substitutions function has been Name: State:
carried out in four different architectures using the ready Target xc7z030-
Errors: No Errors
calculated s-box. Chip configuration is shown in Fig. 2. Device: 3fbg676
Assuming that speed is -3, voltage 0.970000 and temperature Device Utilization Summary
85.000000. Slice Logic Utilization Used Available Utilization
Number of Slice LUTs 0 78,600 0%
Number of occupied Slices 0 19,650 0%
Number of bonded IOBs 17 250 6%
Number of
1 530 1%
RAMB18E1/FIFO18E1s
Number of BUFG/BUFGCTRLs 1 32 3%

B. S-box implementation using Architecture-2

The IP core generator tool of Xilinx has been used in
architecture-2 to design a ROM block from Memories and
interfaces with 255 read width and 8 output widths. The
chosen ROM block gives 8-bit address lines and 8-bit data
lines, in addition to the clka and ena inputs that are used in a
minimum configuration of generating the ROM IP Core as
shown in Fig. 4. This configuration gives 18 bonded IOBs in
architecture-2 as explained above and given in Table III, other
resources are exactly the same as the ROM design in
architecture-1, however the use of IP core component ensures
saving the time of coding and the accuracy of design that
already had been tested.

Fig. 2. Chip Design Configuration

A. S-box implementation using Architecture-1

The s-box architecture-1 design is based on ROM
architecture as shown in the top-down module of Fig. 3. The
design consumes zero slice LUTs and occupied slices;
however it consumes one RAMB18E1/FIFO18E1s, and one
BUFG/BUFGCTRLs. The numbers of bonded IOBs in the
four architectures are nearly the same, which are 16 in
addition to the clk input in the ROM architecture as given in
Table II.
Fig. 4. Top-Down Module for Architecture-2
TABLE III. DEVICE UTILIZATION SUMMARY FOR ARCHITECTURE-2

S-box Design for Architecture-2 (05/29/2017 - 22:12:26)

Project File: sbox.xise Parser Errors: No Errors

Implementation Placed and
Module Name: S_Box_IP
State: Routed

xc7z030-
Target Device: Errors: No Errors
3fbg676

Device Utilization Summary Fig. 5. Top-Down Module for Architecture-3

Slice Logic Utilization Used Available Utilization D. S-box implementation using Architecture-4
Number of Slice LUTs 0 78,600 0% The s-box design in architecture-4 is done based on using
Number of occupied Slices 0 19,650 0% the case statement, where the case condition is the input value
and then the output is assigned according to the transformed
Number of bonded IOBs 18 250 7%
value from the s-box table. The top-down module of
Number of architecture-4 is exactly the same as architecture-3, where
1 530 1%
RAMB18E1/FIFO18E1s
both of them are using Mram_Dataout1 building block as
Number of
1 32 3% shown in Fig. 6. The device utilization summary is also the
BUFG/BUFGCTRLs same as architecture-3, where both of them consumed the
same resources as seen in Table V.
C. S-box implementation using Architecture-3
In architecture-3, the s-box design has been carried out by
writing VHDL description using select statement, where the
selector is the input value and then the output is assigned
according to the transformed value from the s-box table. The
top-down module for architecture-3 is shown in Fig. 5, where
the inputs are 8-bits and outputs are 8-bit given a total of 16
bonded IOBs as seen in Table IV. The other consumed
resources are: 32 Slice LUTs; 32 used as logic; 8 occupied
Slices; and 32 unused Flip Flops.
Fig. 6. Top-Down Module for Architecture-4

TABLE IV. DEVICE UTILIZATION SUMMARY FOR ARCHITECTURE-3 TABLE V. DEVICE UTILIZATION SUMMARY FOR ARCHITECTURE-4

S-box Design for Architecture-3 (05/29/2017 - 22:31:33) S-box Design for Architecture-4 (05/29/2017 - 22:22:05)

Project File: sbox.xise Parser Errors: No Errors Project File: sbox.xise Parser Errors: No Errors
Module Implementation Module Implementation
sboxSelect Placed and Routed sboxCase Placed and Routed
Name: State: Name: State:
Target xc7z030- Target xc7z030-
Errors: No Errors Errors: No Errors
Device: 3fbg676 Device: 3fbg676

Device Utilization Summary Device Utilization Summary

Slice Logic Utilization Used Available Utilization Slice Logic Utilization Used Available Utilization
Number of Slice LUTs 32 78,600 1% Number of Slice LUTs 32 78,600 1%
Number used as logic 32 78,600 1% Number used as logic 32 78,600 1%
Number of occupied Slices 8 19,650 1% Number of occupied Slices 8 19,650 1%
Number of bonded IOBs 16 250 6% Number of bonded IOBs 16 250 6%
Number with an unused Flip Number with an unused Flip
32 32 100% 32 32 100%
Flop Flop
 VI. RESULTS AND DESCUSSION
The device utilization summary of s-box component in AES
for the implemented architectures have same consumed
resources for the architectures designed using VHDL except
when ROM is designed using VHDL. In case of using ROM
memory for implementing the s-box, there is a saving in Slice
LUTs, occupied Slices, and used as logic components, which
can be used for other components of the AES architecture. In
general, the use of memory consumes from the available block
memory in all of today’s FPGA chips saving other resources.
However the use of IP core ROM ensures short time to market
by saving the consumed time in coding, in addition to the
accuracy of design that has already been tested. Moreover, the
peak memory usage and PAD to PAD time for the considered
architectures were also compared. Table VI summarizes the
peak memory usage and average time PAD to PAD. As
shown in Table VI, architecture-4 requires less PAD to PAD
time; however it requires more memory usage. Architecture-2,
the IP core ROM design requires less peak memory usage,
however it requires more PAD to PAD time.
TABLE VI. PEAK MEMORY USAGE AND AVERAGE TIME PAD TO PAD
Design Peak Memory Average time PAD to
Usage PAD
Architecture-1 686 MB Around 8ns
Architecture-2 681 MB Around 8ns
Architecture-3 686 MB Around 5ns
Architecture-4 809 MB Around 3ns
VII. CONCLUSION AND FUTURE WORK
This paper discusses the complexity issue of cyber security
architecture for IoT based healthcare systems; the study
compares the consumed resources for different architectures.
The IP core architecture is considered to have more advantages
compared to other architecture; however more analysis is
needed to optimize the AES design for low complexity and
minimum area. All implementations have been carried out on
Zynq FPGA board targeting Zynq-7000 XC7Z010clq225-3
FPGA device.
View publication stats
REFERENCES
[1] S. Banik, A. Bogdanov, T. Fanni, C. Sau, L. Raffo, F.
Palumbo, and F. Regazzoni, "Adaptable AES
implementation with power-gating support," in
Proceedings of the ACM International Conference on
Computing Frontiers, 2016, pp. 331-334.
[2] K. P. Singh and S. Dod, "An Efficient Hardware design and
Implementation of Advanced Encryption Standard (AES)
Algorithm," IACR Cryptology ePrint Archive, vol. 2016, p.
789, 2016.
[3] S. M. Soliman, B. Magdy, and M. A. A. El Ghany,
"Efficient implementation of the AES algorithm for
security applications," in System-on-Chip Conference
(SOCC), 2016 29th IEEE International, 2016, pp. 206-210.
[4] V.-L. Dao, A.-T. Nguyen, V.-P. Hoang, and T.-A. Tran,
"An ASIC implementation of low area AES encryption
core for wireless networks," in Communications,
Management and Telecommunications (ComManTel), 2015
International Conference on, 2015, pp. 99-102.
[5] N. Ahmad, R. Hasan, and W. M. Jubadi, "Design of AES
S-Box using combinational logic optimization," in
Industrial Electronics & Applications (ISIEA), 2010 IEEE
Symposium on, 2010, pp. 696-699.
[6] H. Mohan and A. R. Reddy, "Revised AES and Its Modes
of Operation," International Journal of Information
Technology, vol. 5, pp. 31-36, 2012.
[7] L. Zhang and C.-H. Chang, "Secure Licensing of IP Cores
on SRAM-Based FPGAs," in Secure System Design and
Trustable Computing, ed: Springer, 2016, pp. 391-418.
[8] D. Saha and S. Sur-Kolay, "FPGA-Based IP and SoC
Security," in Fundamentals of IP and SoC Security, ed:
Springer, 2017, pp. 167-197.