Lightweight Cryptography Algorithms for IoT

Devices: Open issues and challenges

Salim Ganiev Zarif Khudoykulov
Department of Information Security Department of Cryptology
Tashkent University of Information Technologies Tashkent University of Information Technologies
Tashkent, Uzbekistan Tashkent, Uzbekistan
[email protected] [email protected]

Abstract— IoT have become popular in recent years with it’s B. Security Concerns of IoT Devices: Challenges and
widespread use in a variety of environments. In this system, the Security Requirements
2021 International Conference on Information Science and Communications Technologies (ICISCT) | 978-1-6654-3258-0/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICISCT52966.2021.9670281

data collected from the sensors is transmitted over a network.

In this case, reliable network protection mechanisms are
Numerous scientific studies have been conducted on the
required. This article presents the open issues and problems that security requirements in IoT systems. Each of the identified
exist in the design and implementation of LWC (Lightweight security requirements is aimed at preventing general security
Cryptography) algorithms that serve to ensure security in IoT problems or specific problems [5, 6, 7, 8, 9]. In particular, the
systems. In addition, the tools used in the implementation of interrelationship of security requirements and problems has
LWC algorithms in different environments, the results of the been cited by Thakor et al. [1]. According to him,
implementation of existing LWC algorithms in the software and cryptographic mechanisms are used to ensure security
hardware environment are given detailed. requirements, confidentiality, data integrity and
authentication & authorization (Fig. 1). This requires the
Keywords— IoT, lightweight, cryptography, Low-resource creation and selection of cryptographic algorithms, taking into
devices, cipher, Security. account the limitations of IoT devices.
I. INTRODUCTION IoT Challenges Security Requirements of IoT

Cyber Security

A. IoT overview Interoperability

Confidentiality

The function of the Internet of Things (IoT) is based on the

System
Updates Data Integrity Cryptography

interaction between different smart Longevity & Support

IoT security
Requirements

devices/equipment/applications using wireless, Technologies

Privacy & Authentication

radiofrequency technology [2]. These devices, which can be Regulatory &

Standards Authorization

part of a larger system, act like smart devices that make

Intelligent Analysis & Actions
Availability

decisions in a specific context, using the ability to share and

Figure 1. IoT security challenges
gather information with other objects. Currently, IoT
technology is used in agriculture, public transport regulation, In particular, cryptographic algorithms designed for
smart home, healthcare, and many other fields [3]. conventional computing devices (personal computers), hence
cannot be used directly in IoT systems because they require
IoT integrates a number of technologies, embedded
high computing resources and power. Therefore, using their
systems, computer networks, mobile networks, wireless
lightweight variants, lightweight cryptographic algorithms, an
communication, sensor networks, data analysis, cloud
attempt is made to build a secure connection on IoT systems
technology, and the following factors play an important role
with limited resources.
in the rapid development of IoT [4]:
C. Key Challenges While Implementing Conventional
- development of microelectronics;
- development of wireless networks; Cryptography in Resource-Constrained IoT Devices
- increased data generation and storage capabilities; The key challenges while implementing conventional
- use of software tools and platforms in the data cryptography in IoT devices are as follows [1]:
processing.
 Limited memory (registers, RAM, ROM): To prolong
IoT technology consists of three levels, and the battery life, IoT devices typically possess low
technologies for each level are listed in Table 1 below [5]. processing capabilities, limited memory and storage on
flash or RAM and minimal network protocol support.
TABLE I. IoT LAYERS AND COMPATIBLE It is a significant challenge for IoT device
TECHNOLOGIES manufacturers and software developers to design
IoT layer Technologies complex and comprehensive security measures within
Edge layer Sensors networks, RFID, camera, radars a memory footprint of 64KB to 640KB.
and etc.  Lower power sources and capacity: Power in IoT
Network layer ZigBee, Bluetooth, Wi-Fi, 6LoPAN, devices is a crucial factor, in which their battery
mobile networks, GPS, etc. cannot easily charge, so the capacity is limited and
Application Smart home, energy/ power management, thus failure of the network due to an insufficient
layer self-driving machines, cloud technologies, battery of the device. Besides, energy efficiency is
etc. a significant challenge in the development of IoT
devices and their communication protocols.
Therefore, energy sources are of great importance,
especially in sensor units that have a battery
powered.

978-1-6654-3258-0/21/$31.00 ©2021 IEEE

Authorized licensed use limited to: Somaiya University. Downloaded on April 04,2025 at 06:20:17 UTC from IEEE Xplore. Restrictions apply.
  Small physical area to implement the assembly: Most keys on the device use only read mode, only simple operations
IoT devices are small, and thus the embedded are required to generate round keys. While energy efficiency
technology must be small. The amount of space is a key factor in device implementation, latency and
required for memory processing must also be kept to a execution time are also important in the implementation of
minimum, as the more silicon wafer space required, lightweight cryptographic algorithms.
the more costs go up.
Software implementation. Important metrics such as the
 Real-time response: IoT data streaming facilitates real- amount of RAM consumed, the size of the code, and the
time decision-making that is critical to many number of bytes processed per cycle are used to evaluate the
operations. Organizations must have tools to collect implementation of lightweight cryptographic algorithms. For
data from sensors and devices, process the data and examples, the FELICS framework [10] and the FELICS-AE
transfer it to a database for analysis and real-time framework [11]. The frameworks record results based on code
outcomes. size, RAM, and time measurement when implementing
stream, block (+ authenticated) encryption algorithms on a
D. Lightweight Cryptographic Primitives variety of devices. In general, the results are displayed in a
In the development of a lightweight version of single unit of measurement, Figure of Merit (FoM) (a smaller
cryptographic algorithms, great attention is paid mainly to value is better). The results of these frameworks are presented
symmetric cryptographic systems: symmetric block, stream in a number of scientific studies [12].
ciphers, hash functions and message authentication codes.
Since the implementation of public key cryptographic systems Numerous scientific papers have presented the results of
is directly related to computing resource and power, using the implementation of LWC algorithms in hardware and
them in lightweight cryptographic systems is not considered software [5, 17, 18], and the results obtained in an article
appropriate. In each case, a weak cryptographic algorithm is published by Bassam et al. are shown in Fig. 3 and 4 [15]. In
not considered a lightweight version of the cryptographic conclusion, while the AES algorithm is most suitable for
implementation in software, it can be seen that different
algorithm. Rather, it is intended to design cryptographic
algorithms for different metrics are effective when
algorithms with the best balance between security,
implemented in hardware.
performance, and resource consumption for an environment.
In particular, Fig. 2 shows the cryptographic algorithms and Throughput
the types of design used to create lightweight cryptographic Clefia
algorithms based on them. Prince, LEA, Klein
mCrypton
Hummingbird2
Cryptography Armadillo
Present, Picollo, Khudra
Xtea mCrypton, Prince, LED
Asymmetric Symmetric Present, Klien, Khudra
(Public Key) (Private Key) Hight Iceberg
Katan, Hight AES Klein
Ktantan Katan Present
Hash Functions & LED Present Katan
Block Ciphers Stream Ciphers
MAC PrintCipher Neokeon Hight
Area Prince Power
- Smaller block sizes; mCrypton
- Minimal - Smaller internal state and
- Smaller key sizes; implementations; output sizes; Klein
- Simpler rounds; - Simpler key schedules; - Smaller message size; Energy
- Simpler key schedules; - Low power LFSR design; - Smaller tag size.
- Minimal
implementations. Figure 3. Comparative graph for hardware performance categories
Throughput (Speed)
Figure 2. Structure wise classification of LWC and lightweight design
choices Tea/Xtea

Since block ciphers ensure the confidentiality, integrity, AES Klein

and message authentication, most research on lightweight Neokeon DESXL

cryptographic algorithms has focused on block cipher Idea Hight Misty

Misty
Tea/Xtea
Klein
algorithms. DESXL Neokeon AES
Code Size Energy
E. Design Challenges in Lightweight Cryptography Tea/Xtea Neokeon Hight
Idea Sea
Although extensive work has been done on the hardware Katan Present Lblock Sea

and software implementation of cryptographic algorithms, the Klien Present Katan

results of the research show that there is a contrast between
Tea/Xtea
them.
RAM
Hardware implementation. Factors such as memory
Figure 4. Comparative graph for software performance categories
consumption, code size, and power consumption are among
the first factors to consider when implementing a hardware. II. LIGHTWEIGHT CRYPTOGRAPHY ALGORITHMS
The exact type of chip allows an accurate measurement of a
lightweight cryptographic algorithm (e.g., ASIC). However, Lightweight cryptography is a part of cryptography that
the simulation results differ from the results on different aims to create cryptographic algorithms that have high speed
devices. Therefore, there is no standard for comparing and efficiency for environments with limited computing and
hardware implementation of different algorithms. Therefore, power resources, but, can also be used instead of traditional
when designing lightweight cryptographic algorithms, it is cryptographic algorithms. Here, the term “lightweight” is used
necessary to try to use a small-sized block, a small-length key, to refer to the smallness of the key length , the amount of
depending on the memory consumption. Since the “engine” memory required, and the execution time.

Authorized licensed use limited to: Somaiya University. Downloaded on April 04,2025 at 06:20:17 UTC from IEEE Xplore. Restrictions apply.
A. Requirements of LWC algorithms are currently awaiting their solution. The most
Based on the problems in designing the above important of these are listed below:
cryptographic algorithms, it can be seen that lightweight 1. Select the number and efficiency of tables S and P,
algorithms have a smaller block size (32, 48 or 64 bits) and a which are the main operationss in the composition of
key size (less than 96 bits) than traditional ciphers. According symmetric algorithms, by the capabilities of the device. While
to the NIST requirement, the length of the key must be 112 increasing the number of S tables improves the level of
bits [13]. In addition, the lightweight feature for each platform security, the memory and power consumption to store it will
[14] is detailed in the source. In particular, for hardware- also be large accordingly. Balancing these three dimensions is
implemented algorithms, chip size and power consumption one of the most obvious challenges today.
are considered primary requirements, while code size and 2. While the development of an algorithm for generating
small RAM memory are important factors when implemented sufficiently round keys with a small length key is an important
in software view. factor, there is currently no fixed solution for its
B. Hardware and software performance metrics implementation.
3. The increase in the number of rounds will have a serious
Several metrics are used to compare the results obtained impact on both implementation and cost, along with
when performing various lightweight cryptographic improving security. Therefore, reducing the number of rounds
algorithms. In particular, the evaluation profiles of algorithms without reducing the level of implementation and security is
by NIST are divided into 3 groups [16]: another open challenge now.
• Physical characteristics: 4. The lack of a single style of writing LWC algorithms
area (in GEs, logic blocks, or in mm2);
o usually affects the level of efficiency and security. Writing a
memory (RAM / ROM);
o cryptographic algorithm for a hardware or software
implementation type (hardware, software or both);
o environment, determining the style of code generation with a
energy (J);
o minimum amount of memory, is another open problem that
• Implementation characteristics: currently exists.
o latency (in clock cycles or time period);
o power (W); III. CONCLUSION
• Security characteristics: In this paper, the open issues in the implementation of
o minimum security strength (bits); LWC algorithms that play an important role in information
o attack models (e.g., releated-key, multi-keys); security in IoT systems are given. In practice, there are many
o side channel resistance requirements. LWC algorithms that have different features when
implemented in a software and hardware. Therefore, it is
Information about how to measure and calculate each of necessary to analyze LWC algorithms before using them. This
the metrics is given in the papers [5, 15]. article also presents the existing problems in the
C. Recommendations for the implementation of LWC implementation of LWC algorithms in the hardware and
algorithms software, features and recommendations that need to be
considered when implementing cryptographic algorithms in
The following are recommended for secure and efficient
the LWC environment.
implementation of LWC algorithms:
1. Minimize the cipher’s basic parameters, block size, key REFERENCES
length, and internal state of the algorithm in the algorithm as [1] V. Thakor, M. Razzaque and M. Khandaker, "Lightweight
much as possible. Cryptography Algorithms for Resource-Constrained IoT
Devices: A Review, Comparison and Research Opportunities",
2. LWC algorithms should be built based on common and
IEEE Access, vol. 9, pp. 28177-28193, 2021. Available:
analyzed elements. 10.1109/access.2021.3052867.
3. Use simplification changes similar to reducing ROM [2] P. Sethi and S. Sarangi, "Internet of Things: Architectures,
requirements. Protocols, and Applications", Journal of Electrical and Computer
4. Use of low-cost shift registers and other similar Engineering, vol. 2017, pp. 1-25, 2017. Available:
components. 10.1155/2017/9324035.
[3] P. Goyal, A. Sahoo, T. Sharma and P. Singh, "Internet of Things:
5. Use of simple key schedule algorithms. Applications, security and privacy: A survey", Materials Today:
6. When building LWC algorithms, should be taken to Proceedings, vol. 34, pp. 752-759, 2021. Available:
have a large number of rounds with simple operations. 10.1016/j.matpr.2020.04.737.
7. Implement LWC algorithms that consist of operations [4] B. Katalin, "Possibilities and Security Challenges of Using IoT
that are pre-existing or appropriate to the target device. For Military Purposes", Hadmérnök, vol. 13, no. 3, pp. 378-390,
2018. [Accessed 9 September 2021].
8. Minimize the code size in the implementation of the [5] H. HaddadPajouh, A. Dehghantanha, R. M. Parizi, M. Aledhari
algorithm. and H. Karimipour, "A survey on internet of things security:
9. Minimize the variables size in the algorithms (e.g., Requirements, challenges, and solutions", Internet of Things, vol.
S box) as much as possible. 14, p. 100129, 2021. Available: 10.1016/j.iot.2019.100129.
[6] S. Babar, P. Mahalle, A. Stango, N. Prasad and R. Prasad,
D. Open research issues "Proposed Security Model and Threat Taxonomy for the Internet
of Things (IoT)", Recent Trends in Network Security and
The ideal LWC algorithm should reflect the correct Applications, pp. 420-429, 2010. Available: 10.1007/978-3-642-
relationship in terms of cost, implementation, and level of 14478-3_42 [Accessed 9 September 2021].
security [5]. While it is easy to maintain a balance for two of [7] J. Singh, T. Pasquier, J. Bacon, H. Ko and D. Eyers, "Twenty
these factors, but, cannot be said for three factors. Therefore, Security Considerations for Cloud-Supported Internet of Things",
several open research problems in the development of LWC IEEE Internet of Things Journal, vol. 3, no. 3, pp. 269-284, 2016.
Available: 10.1109/jiot.2015.2460333.

Authorized licensed use limited to: Somaiya University. Downloaded on April 04,2025 at 06:20:17 UTC from IEEE Xplore. Restrictions apply.
[8] S. Jaiswal and D. Gupta, "Security Requirements for Internet of
Things (IoT)", Advances in Intelligent Systems and Computing,
pp. 419-427, 2017. Available: 10.1007/978-981-10-2750-5_44
[Accessed 9 September 2021].
[9] S. Pal, M. Hitchens, T. Rabehaja and S. Mukhopadhyay,
"Security Requirements for the Internet of Things: A Systematic
Approach", Sensors, vol. 20, no. 20, p. 5897, 2020. Available:
10.3390/s20205897 [Accessed 9 September 2021].
[10] “CryptoLUX > FELICS”, Cryptolux.org, 2021. [Online].
Available: https://www.cryptolux.org/index.php/FELICS.
[Accessed: 09- Sep- 2021].
[11] K. Le Gouguec, "FELICS-AE: a framework to benchmark
lightweight authenticated block ciphers", Csrc.nist.gov, 2021.
[Online]. Available:
https://csrc.nist.gov/CSRC/media/Events/lightweight-
cryptography-workshop-2019/documents/papers/felics-ae-
lwc2019.pdf. [Accessed: 09- Sep- 2021].
[12] L. Shamala, D. Zayaraz, D. Vivekanandan and D. Vijayalakshmi,
"Lightweight Cryptography Algorithms for Internet of Things
enabled Networks: An Overview", Journal of Physics:
Conference Series, vol. 1717, p. 012072, 2021. Available:
10.1088/1742-6596/1717/1/012072.
[13] E. Barker and A. Roginsky, "Transitions: Recommendation for
Transitioning the Use of Cryptographic Algorithms and Key
Lengths", NIST, 2021. [Online]. Available:
https://www.nist.gov/publications/transitions-recommendation-
transitioning-use-cryptographic-algorithms-and-key-lengths-0.
[Accessed: 09- Sep- 2021].
[14] "ISO/IEC 29192-2:2012", ISO, 2021. [Online]. Available:
https://www.iso.org/standard/56552.html. [Accessed: 09- Sep-
2021].
[15] B. Mohd, T. Hayajneh and A. Vasilakos, "A survey on
lightweight block ciphers for low-resource devices: Comparative
study and open issues", Journal of Network and Computer
Applications, vol. 58, pp. 73-93, 2015. Available:
10.1016/j.jnca.2015.09.001.
[16] K. McKay, L. Bassham, M. Turan and N. Mouha, "Report on
Lightweight Cryptography", NIST, 2021. [Online]. Available:
https://www.nist.gov/publications/report-lightweight-
cryptography. [Accessed: 09- Sep- 2021].
[17] S. Kerckhof, F. Durvaux, C. Hocquet, D. Bol and F. Standaert,
"Towards Green Cryptography: A Comparison of Lightweight
Ciphers from the Energy Viewpoint", Cryptographic Hardware
and Embedded Systems – CHES 2012, pp. 390-407, 2012.
Available: 10.1007/978-3-642-33027-8_23 [Accessed 9
September 2021].
[18] L. Malina, V. Clupek, Z. Martinasek, J. Hajny, K. Oguchi and V.
Zeman, "Evaluation of Software-Oriented Block Ciphers on
Smartphones", Foundations and Practice of Security, pp. 353-
368, 2014. Available: 10.1007/978-3-319-05302-8_22 [Accessed
9 September 2021].

Authorized licensed use limited to: Somaiya University. Downloaded on April 04,2025 at 06:20:17 UTC from IEEE Xplore. Restrictions apply.