With the new era of the Internet of Things (IoT) technology, many devices with limited resources are utilized. Those devices are susceptible to a significant number of new malware and other risks emerging rapidly. One of the most appropriate methods for securing those IoT applications is cryptographic algorithms, as cryptography masks information by eliminating the risk of collecting any meaningful information patterns. This ensures that all data communications are private, accurate, authenticated, authorized, or non-repudiated. Since conventional cryptographic algorithms have been developed specifically for devices with limited resources; however, it turns out that such algorithms are not ideal for IoT restricted devices with their current configuration. Therefore, lightweight block ciphers are gaining popularity to meet the requirements of low-power and constrained devices. A new ultra-lightweight secret-key block-enciphering algorithm named “LBC-IoT” is proposed in this paper. The proposed block length is 32-bit supporting key lengths of 80-bit, and it is mainly based on the Feistel structure. Energy-efficient cryptographic features in “LBC-IoT” include the use of simple functions (shift, XOR) and small rigid substitution boxes (4-bit-S-boxes). Besides, it is immune to different types of attacks such as linear, differential, and side-channel as well as flexible in terms of implementation. Moreover, LBC-IoT achieves reasonable performance in both hardware and software compared to other recent algorithms. LBC-IoT’s hardware implementation results are very promising (smallest ever area “548” GE) and competitive with today’s leading lightweight ciphers. LBC-IoT is also ideally suited for ultra-restricted devices such as RFID tags.
Secure and reliable cyberspace is one of the most critical issues facing humanity. The fragility and insecurity in cyberspace have exposed businesses and individuals to unexpected and dangerous attacks. Achieving safe cyberspace requires a careful balance between technologies and social needs to resolve significant scientific obstacles and achieve safety and trust in cyberspace. New advances in cyberspace technologies, social change, and new spaces would also require reevaluating privacy, security, and cyberspace trust relationships. Cybersecurity is also one of the hot topics of today’s research. It refers to the array of instruments, devices, procedures, security principles, protection safeguards, guidelines, risk management techniques, programs, planning, best practice, surveillance, processes, systems, and cyberattack controls. At the same time, the corporate and customer properties, including devices, staff, services, networks, technology, applications, utilities, telecommunications systems, and now connected through the Internet, and their information is shared and/or stored in the virtual world. Moreover, cybersecurity is a critical issue when political, military, private, financial, and medical institutions collect and store their data on computers and other devices. Consequently, sensitive information, like financial and personal data, or some other form of information for which improper entry or distribution could have adverse consequences on a large portion of that information [
In modern digital communication technologies, cryptography has become the primary method for maintaining the necessary digital security. It guarantees the core protection components such as authorization, authentication, confidentiality, non-repudiation, and integrity to all cyberspace data exchanges. In other words, the data produced by countless tiny networked devices such as the Internet of Things (IoT) would need a new class of cryptographic protections against cyber-attacks [
Many modern cryptography algorithms were applied to resource-restricted devices; however, the results were not acceptable. The transition from desktop to small and tiny computers raises a variety of security problems and privacy concerns. It is still a challenge to implement desktop cryptographic algorithms on resource-limited devices where reliability and efficiency are still important for their applications. Lightweight encryption is a subfield of cryptography that is developed especially for resource-limited devices [
This paper proposes a new ultra-lightweight cryptographic algorithm for IoT applications, named LBC-IoT. The algorithm differs from our previous work [
The paper begins with a summary of the literatures in Section 2, while the LBC-IoT architecture and its functionalities are discussed in Section 3. The implementation description is discussed in Section 4, while the output analysis is provided in Section 5. The paper conclusion is depicted in Section 6.
Many Lightweight Block Cipher systems were designed in the last two decades to achieve performance advantages over NIST’s Advanced Encryption Standard (AES) [ Adaptive algorithms: They are based on a modified version of the well-investigated and trusted ciphers. Progressive algorithms: this means that new ciphers are designed to have low hardware implementation costs.
Adaptive algorithms are one type of algorithms that could be suitable for limited-resource devices. Poschmann et al. [
On the other hand, Progressive algorithms represent another class that suggests new techniques suitable for limited-resource devices. Large number of algorithms proposed within this class in the last few years such as PRESENT [
PRESENT [
There are also algorithms from the 1990s, such as TEA, XTEA, and XXTEA [
Cipher | Cryptographic properties | Implementation properties | |||||
---|---|---|---|---|---|---|---|
Block size | Key size | Struct. | Rounds | Attacks | Tech. used | Area (#GE) | |
AES | 128 | 128 | SPN | 10 | 0.13 |
3100 | |
192 | 12 | – | – | ||||
256 | 14 | – | – | ||||
CLEFIA | 128 | 128 | GFN | 18 | 0.09 |
4950 | |
192 | 22 | – | – | ||||
256 | 26 | – | – | ||||
DESL | 64 | 56 | Feistel | 16 | 0.18 |
1848 | |
DESLX | 64 | 184 | Feistel | 16 | 0.18 |
2168 | |
GOST revisited | 64 | 256 | Feistel | 32 | 0.18 |
651/1017 | |
HIGHT | 64 | 128 | GFS | 32 | 3048 | ||
KLEIN | 64 | 64 | SPN | 12 | 0.18 |
1360/2032 | |
80 | 16 | 1530/2202 | |||||
96 | 20 | 1700/2372 | |||||
KATAN | 32 | 80 | Stream-cipher-like | 254 | 0.13 |
802 | |
48 | – | – | |||||
64 | 0.13 |
1054 | |||||
KTANTAN | 32 | 80 | stream-cipher-like | 254 | 0.13 |
462 | |
48 | – | – | |||||
64 | 0.13 |
688 | |||||
256 | 32 | ||||||
LED | 64 | 64 | SPN | 32 | 0.18 |
966 | |
128 | 48 | 1265 | |||||
mCrypton | 64 | 64 | SPN | 12 | 0.13 |
2420 | |
96 | 2681 | ||||||
128 | 2949 | ||||||
Piccolo | 64 | 80 | GFN | 25 | – | 683/1136 | |
128 | 31 | – | 758/1196 | ||||
PRESENT | 64 | 80 | SPN | 31 | 0.18 |
1075/1570 | |
128 | 1391/1884 | ||||||
PRINCE | 64 | 128 | SPN | 12 | 0.09 |
3286/3491 | |
SIMECK | 32 | 64 | Feistel | 32 | 0.13 |
549/765 | |
48 | 96 | 36 | 778/1117 | ||||
64 | 128 | 44 | 1005/1484 | ||||
SIMON | 32 | 64 | Feistel | 32 | – | – | |
48 | 72/96 | 36 | – /763 | ||||
64 | 96/128 | 42/44 | 838/1000 | ||||
96 | 96/144 | 52/54 | 984/ – | ||||
128 | 128/192/256 | 68/69/72 | 1317/–/– | ||||
SPECK | 32 | 64 | ARX | 22 | – | – | |
48 | 72/96 | 22/23 | –/884 | ||||
64 | 96/128 | 26/27 | 984/1127 | ||||
96 | 96/144 | 28/29 | 1134/– | ||||
128 | 128/192/256 | 32/33/34 | 1396/–/– | ||||
XTEA | 64 | 128 | Feistel | 64 | 0.13 |
3490 |
In this section, we specify the overall structure of LBC-IoT and its design principles. The selection of each component of LBC-IoT is motivated to achieve a well-balanced trade-off between security, performance, and resource requirements for specific resource-constrained IoT devices. It is also designed to achieve strictness against the various forms of attacks.
LBC-IoT is a symmetric enciphering scheme in which both the enciphering and deciphering procedures use the same key. The only distinction between the two processes is the reverse order of the subkeys. In LBC-IoT, two essential design issues are taken into consideration, security and simplicity. It achieves immunity against the exhaustive search attack using NIST recommendations report for key length (key
An LBC-IoT block cipher is characterized by using 32-bit plaintext of blocks manipulated by an 80-bit key. This algorithm’s design’s fundamental feature is to have the smallest footprint area suitable for the different IoT applications. The framework was designed to be simply implemented in both software and hardware. Also, LBC-IoT consists of 32 rounds using 32 subkeys, each of 16-bit produced from the 80-bit key.
A detailed framework of LBC-IoT can be illustrated by looking at the internal configuration of one round. Here, the 32-bit input is divided into equal sixteen-bit halves, known as
LBC-IoT is designed with NIST recommendations in mind. As can be noticed, the LBC-IoT cipher involves S-Boxes as the only nonlinear building blocks of the LBC-IoT cipher. Besides, there was a recommendation for the replacement of
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | 8 | 6 | D | 5 | F | 7 | C | 4 | E | 2 | 3 | 9 | 1 | B | A |
Based on the previous table, the 4-bit S-box is selected with optimal bit-slice representation in the core function of the LBC-IoT. Bit-slice representation is proved to be strong against linear and differential properties as well as it has the lowest area footprint of 4-bit S-boxes [
Let S be a S is a bijection.
Therefore, three major properties are considered in the design of the S-Box which are bijection, linearity, and differentially.
For an
To test LBC-IoT resistance to linear cryptanalysis, the Linear Approximation Table (LAT) needs to be defined first. For the given S-box generated from a mapping of
where
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | 8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
1 | 0 | 0 | 0 | 0 | 4 | 0 | 0 | 4 | 0 | 0 | −4 | 0 | 0 | 4 | 0 | 0 |
2 | 0 | 0 | 4 | 0 | 0 | 0 | 0 | 0 | 4 | 4 | 0 | 0 | 0 | 0 | −4 | 0 |
3 | 0 | 4 | 0 | 0 | 2 | 0 | 0 | 2 | 0 | −2 | 2 | 4 | 2 | −2 | −2 | −2 |
4 | 0 | 0 | 2 | −4 | 0 | 2 | 4 | 0 | 2 | −2 | 0 | 2 | −2 | 0 | 2 | 2 |
5 | 0 | 0 | 4 | 0 | 0 | 0 | 0 | 0 | −4 | 0 | 0 | 0 | 4 | 0 | 0 | 4 |
6 | 0 | 4 | 0 | 0 | 2 | 0 | 0 | 2 | 0 | 2 | 2 | −4 | −2 | −2 | 2 | 2 |
7 | 0 | 0 | −2 | 0 | 4 | −2 | 0 | −4 | 2 | 2 | 0 | 2 | 2 | 0 | 2 | 2 |
8 | 0 | 4 | 0 | 0 | −2 | 4 | 0 | −2 | 0 | 2 | −2 | 0 | 2 | 2 | 2 | −2 |
9 | 0 | 0 | −2 | 4 | 0 | 2 | 4 | 0 | −2 | 2 | 0 | 2 | −2 | 0 | −2 | 2 |
A | 0 | 0 | 2 | 4 | −2 | −2 | 0 | 2 | 2 | 0 | −2 | 2 | 0 | −2 | 4 | 0 |
B | 0 | −4 | 0 | 0 | 2 | 4 | 0 | 2 | 0 | 2 | 2 | 0 | 2 | −2 | 2 | −2 |
C | 0 | 0 | 2 | 0 | 0 | −2 | 0 | 0 | −2 | 2 | 4 | 2 | −2 | 4 | 2 | −4 |
D | 0 | 0 | −2 | 0 | −2 | 2 | −4 | 2 | 2 | 0 | 2 | 2 | 0 | 2 | 0 | 4 |
E | 0 | 0 | 2 | 4 | 2 | 2 | 0 | −2 | 2 | −4 | 2 | −2 | 0 | 2 | 0 | 0 |
F | 0 | 0 | −2 | 0 | −2 | −2 | 4 | 2 | 2 | 0 | 2 | −2 | 4 | 2 | 0 | 0 |
Once more, to verify the resistance of LBC-IoT to differential cryptanalysis, the Differential Distribution Table (DDT) needs to be defined first. For a specified S-box built from a mapping of
where
The entry
I/O XOR Diff. | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | 16 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
1 | 0 | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 4 | 0 | 4 | 4 | 0 | 0 | 0 | 0 |
2 | 0 | 0 | 4 | 2 | 0 | 2 | 4 | 0 | 0 | 0 | 0 | 2 | 0 | 2 | 0 | 0 |
3 | 0 | 0 | 0 | 2 | 0 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 0 |
4 | 0 | 4 | 0 | 0 | 0 | 2 | 0 | 2 | 0 | 4 | 0 | 0 | 0 | 2 | 0 | 2 |
5 | 0 | 0 | 0 | 0 | 0 | 2 | 0 | 2 | 4 | 0 | 4 | 0 | 0 | 2 | 0 | 2 |
6 | 0 | 0 | 4 | 2 | 4 | 0 | 0 | 2 | 0 | 0 | 0 | 2 | 0 | 0 | 0 | 2 |
7 | 0 | 0 | 0 | 2 | 0 | 2 | 0 | 0 | 2 | 2 | 2 | 0 | 2 | 0 | 2 | 2 |
8 | 0 | 0 | 0 | 0 | 4 | 0 | 4 | 0 | 0 | 0 | 0 | 0 | 4 | 0 | 4 | 0 |
9 | 0 | 0 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | 0 | 0 | 0 | 2 | 2 | 2 | 2 |
A | 0 | 0 | 4 | 2 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 2 | 0 | 2 | 4 | 0 |
B | 0 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 0 | 0 | 0 | 0 | 2 |
C | 0 | 4 | 0 | 0 | 0 | 2 | 0 | 2 | 0 | 4 | 0 | 0 | 0 | 2 | 0 | 2 |
D | 0 | 4 | 0 | 0 | 2 | 0 | 2 | 0 | 0 | 0 | 0 | 4 | 2 | 0 | 2 | 0 |
E | 0 | 0 | 4 | 2 | 0 | 0 | 0 | 2 | 0 | 0 | 0 | 2 | 4 | 0 | 0 | 2 |
F | 0 | 0 | 0 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | 2 | 0 | 0 | 2 | 0 | 0 |
LBC-IoT S-Box | D |
L |
---|---|---|
4 |
Moreover, the beauty of the selected S-box is the simple hardware implementation, where it consists of 3 AND gates, 1 OR gate, and 4 XOR gates. Besides, its algebraic degree is 3, with differential probability 2−2 and linear probability 2−1, which provide a high rigidity profile against the most effective cryptanalyses attacks linear and differential cryptanalysis. In addition, bit-slice implementation supports immunity against side-channel attacks.
In general, the permutation is a rearrangement process. In order to enhance the diffusion of the standard Feistel structure, along with the two-half swapping owing to the design of the Feistel structure between rounds, LBC-IoT uses two permutation boxes P1 and P2 between rounds. Here, the permutation is the last phase of the LBC-IoT function. The permutation box accepts 16-bit and permutes them using a certain rule producing a 16-bit output. The permutation process is given in
Permutation | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | |
P1 ( |
13 | 10 | 7 | 12 | 9 | 14 | 3 | 2 | 5 | 16 | 15 | 4 | 1 | 6 | 11 | 8 |
P2 ( |
5 | 8 | 16 | 12 | 3 | 11 | 2 | 13 | 4 | 1 | 14 | 6 | 9 | 15 | 7 | 10 |
In this paper, the FIPS conventions have been considered where FIPS number of bits from left to right starts at 1. When choosing a mixing layer, our emphasis on hardware reliability includes a linear layer that can be applied with a minimal number of processing components, i.e., transistors. Besides, for simplicity, a standard bit-permutation with no fixed point is chosen to avoid linearity analysis.
For 32 rounds and a block of 32-bit, 32 sub-keys (16-bit) are generated from the 80-bit encryption key (see The first five sub-keys, labeled K1, K2, K3, K4, and K5 are taken directly from the original key, with K1 is equal to the first (least significant) 16-bits, K2 corresponding to the next 16-bits, and so on. Then, the 80-bit key passes to a divider that results in two 40-bit quantities, labeled At each round,
The decryption process is the same as that of encryption LBC-IoT decryption is done using ciphertext as an input to the same LBC-IoT structure. On the other hand, the decryption sub-key is applied in the reverse order with another sub-key selection.
One of the critical issues of lightweight encryption architecture is hardware implementation. The architecture challenge is minimizing the algorithm implementation area. The plaintext and the encryption key occupy a fixed size of the memory depending on the technology used, while the encryption algorithm (Round Function, Key schedule, and Control logic) is the main challenge in the implementation, as can be seen in
Circuit area and power are the essential hardware resources. The area is usually computed in gate.
Generally, a round-based implementation of ciphers can be done straightforwardly, while a serialized implementation creates some challenges for a hardware designer. Although these obstacles exist, intelligent cost-wise implementation of LBC-IoT with a data path width of 4-bit is given.
The Gate Equivalent (GE) depends on a particular cell library. To check on the efficiency of the LBC-IoT design, ARM standard cell library for the IBM 8RF (0.13 micron) ASIC process is utilized [
The round structure consists of the following three sub-functions (XOR, S-box, and permutation):
Besides, the standard round of LBC-IoT requires three 2-to-1 MUXes and a single 4-to-1 MUX; a single 2-to-1 MUX cost 2.25 GE and 4-to-1 MUX costs 6.25 GE. Consequentially, the multiplexing (selecting) process requires (
Component | Gate Count |
---|---|
Registers | |
Left register (16-bit) | |
Right register (16-bit) | |
Round function | |
Xor | |
Muxes | |
Substitution layer | 13 GE |
Total | |
178 GE |
The key-scheduling architecture consists of four sub-functions (XOR, S-box, permutation, and shifting).
Finally, a single 2-to-1 MUX is required to select between the input key and the result that appears at the bottom of the previous round’s data-path; a single 2-to-1 MUX costs 2.25 GE. Consequentially, GEs calculations of this architecture for its hardware implementation are shown in
Component | Gate count |
---|---|
Shift registers | |
Left register (40-bit) | |
Right register (40-bit) | |
Key function | |
Xor | |
Mux | |
Substitution layer | 13GE |
Total | |
370.25 GE |
This section focuses on the efficient software implementation of
For processors with a restricted set of instructions (i.e., AND, OR, MOVE, XOR, NOT operations), we suggest low-cost encryption schemes (i.e., tiny code size and memory) [
Instruction | Expression |
---|---|
=¿ A |
|
=¿ B |
|
=¿ C |
|
=¿ D |
In this section, LBC-IoT cryptographic strength is described as follows:
The hardware implementation result of LBC-IoT is shown in
Algorithm | Block size (bits) | Key length (bit) | Tech. ( |
Network structure | Area in GE |
---|---|---|---|---|---|
AES-128 [ |
128 | 128 | 0.13 | SPN | 3100 |
CLEFIA [ |
128 | 128 | 0.13 | GFN | 2488 |
NOEKEON [ |
128 | 128 | 0.13 | SPN | 2880 |
LED [ |
64 | 128 | 0.13 | SPN | 3194 |
PRINCE [ |
64 | 128 | 0.13 | SPN | 2953 |
SIMON [ |
64 | 128 | 0.13 | SPN | 1026 |
SPECK [ |
64 | 128 | 0.13 | SPN | 1005 |
XTEA [ |
64 | 128 | 0.13 | Feistel | 2521 |
Piccolo-128 [ |
64 | 128 | 0.13 | GFN | 758 |
SEA [ |
96 | 96 | 0.13 | Feistel | 2,562 |
mCrypton-96 | 64 | 96 | 0.13 | GFN | 2681 |
mCrypton-128 | 64 | 96 | 0.13 | GFN | 2949 |
SIMON [ |
48 | 96 | 0.13 | SPN | 796 |
SPECK [ |
48 | 96 | 0.13 | SPN | 778 |
PRESENT-80 [ |
64 | 80 | 0.13 | SPN | 2195 |
RECTANGLE [ |
64 | 80 | 0.13 | SPN | 1111 |
Piccolo-80 [ |
64 | 80 | 0.13 | GFN | 683 |
mCrypton-64 [ |
128 | 64 | 0.13 | SPN | 2420 |
KLEIN [ |
64 | 64 | 0.13 | SPN | 1432 |
SIMON [ |
32 | 64 | 0.13 | SPN | 562 |
SPECK [ |
32 | 64 | 0.13 | SPN | 549 |
A proposed lightweight cryptography algorithm entitled “LBC-IoT” has been introduced in this paper. The goal of the proposed algorithm was to provide a practical and secure cipher for low-resource applications. The benefit of the proposed LBC-IoT is its simplicity in terms of the used functions and the utilized compact S-boxes. Based on our analysis of LBC-IoT, we are confident to conclude that LBC-IoT hardware implementation has a minimum GE among the current algorithms reported in the literature. Besides, the algorithm has a minimum software footprint, which makes it suitable for limited-resource devices. Moreover, LBC-IoT follows the recent standards and up-to-date recommendations. Nevertheless, it has high immunity against the different attacks, including linear, nonlinear, side-channel attacks, etc. The future work involves examining LBC-IoT in IoT applications such as healthcare and the military, where data is critical to be transferred through wireless channels. Hardware implementation is planned on FPGA and other recent programmable devices such as Arduino and Raspberry Pi.