A Study of Lightweight Cryptographic Algorithms for IoT · A Study of Lightweight Cryptographic Algorithms for IoT ... into two main classical structures: SPNs and Feistel-type ...

26 P. Nandhini, Dr. V.Vanitha

International Journal of Innovations & Advancement in Computer Science

IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

A Study of Lightweight Cryptographic Algorithms for IoT

P. Nandhini1, Dr.V.Vanitha

2

PG Scholar1, Professor

2

Department of Computer Science and Engineering,

Kumaraguru College of Technology, Coimbatore,

Tamilnadu, India.

ABSTRACT: The life is changing tremendously,

especially in information technology, data innovation

and the needs of security system to protect data are

becoming crucial. The Smart objects like smart cards,

RFID tags and sensor nodes that are used for smart

electricity meters public transport and anti-

counterfeiting is become the main point for Internet of

things and embedded systems. Hence, the choice of

security algorithms of resource-limited devices by

consideration the implementation costs, amount of power

and Symmetric-key algorithms. Especially block ciphers

still play an important role for the security of the Smart

objects. For security and performance concerns,

typically sensors are equipped with hardware

implementation of AES-128. But for resource-

constrained devices, AES could be too expensive. So a

compact hardware and software efficient block cipher

could be the most promising candidate for security in

such those devices. Therefore a new branch of

cryptography called lightweight cryptography with major

idea in finding a compromise between low resource

requirements, performance and strength of

cryptographic primitives. Here branch of the modern

lightweight cryptography like HISEC, OLBCA, PRINCE,

PRINT, PRESENT , KLEIN, TWINE are discussed

through following factors algorithm specifications,

cryptanalysis.

Keywords: PRESENT, LBlock, TWINE, KLEIN,

MIBS, LED, PRINCE, Piccolo, ITUbee, EPCBC,

PRINT cipher, RFID, IOT

1. INTRODUCTION

IoT[1] is an emerging technology in this expanding

era of smart things. Smart things can be any

physical objects like phone, laptop, refrigerator,

AC, charger and many more. IoT can be defined as

a network of uniquely identifiable, accessible, and

manageable smart things that are capable of

communication, computation and ultimate decision

making. Things in IoT can be connected using

wireless connections. IoT is an integrated part of

Future Internet and could be defined as a dynamic

global network infrastructure with self configuring

capabilities based on standard and interoperable

communication protocols where physical and

virtual „things‟ have identities, physical attributes,

and virtual personalities and use intelligent

interfaces, and are seamlessly integrated into the

information network.

The IoT requires components to enable

communication between devices and objects.

Objects need to be augmented with an Auto-ID

technology, typically an RFID tag[2], so that the

object is uniquely identifiable. RFID tag allows the

object to wirelessly communicate certain types of

information, which leads us to another requirement

– the ability to monitor data.

RFID tags can be passive, active, or battery-assisted

passive tags .An active tag has an onboard battery

and periodically transmits its ID signal and stored

information. An active reader‟s working range can

be adjusted from 1m to tens of meters, allowing

flexibility in applications such as asset supervision

and management. Owing to its multi object

recognition, non line of sight, and high cost-

effectiveness, RFID has been widely used for

indoor localization to IoT real-time locating

applications.

The real-life risks and services provided by RFID

systems are best protected by cryptographically

secure Light weight algorithms. The main risks and

services addressed by the deployment of

cryptographically secure RFID tags include

1. Counterfeit goods. Cryptography is used to

make RFID tags difficult to clone or modify. The

entire counterfeit aircraft engines; the risks and

liability issues involved are difficult to even

measure.

http://www.atlasrfidstore.com/tags_RFID_chips_s/14.htm



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

2. Secure logging. Tamper resistant recording of

environmental information such the temperature is

vital in supply chain management of products such

as fresh goods and medical supplies.

3. Privacy protection. The Electronic Product

Code (EPC) used in Gen2 differs from product bar

codes in that it is indeed unique. It may be used to

track an individual tag. This cause raise in serious

privacy issues if such tags are attached to personal

items. Therefore the RFID tag should also identify

the reader as trusted before traceable information.

4. Antitheft. Data is written to the tag to indicate to

an exit portal whether or not that item has been

sold. Persistent memory write and locking

operations must be protected to prevent theft.

5. Returns. When a tag is returned to a store or

manufacturer an authenticated reset/write

mechanism allows it to be reused. The tags maintain

some amount of persistent memory; read, write and

lock operations to this memory must be

authenticated to prevent tamper and unauthorized

modification. Authenticated reads allow data to be

visible only for the tags owner.

1.1 Lightweight Cryptography

Lightweight cryptography[5] is a cryptographic

algorithm tailored for implementation in

constrained environments including RFID tags,

sensors, contactless smart cards, health-care devices

and so on. In hardware implementations, chip size

and energy consumption are the important measures

to evaluate the lightweight properties. In software

implementations, the smaller code and/or RAM size

are preferable for the lightweight applications.

The implementation properties, the lightweight

primitives are superior to conventional

cryptographic ones. Lightweight cryptography also

delivers adequate security. Lightweight

cryptography does not always exploit the security-

efficiency trade-offs. The report of recent

technologies of lightweight cryptographic

primitives. Nowadays, in the area of lightweight

block cipher some of the lightweight block ciphers

are proposed, such as PRESENT, LBlock, TWINE ,

KLEIN, MIBS, LED, PRINCE, Piccolo, ITUbee ,

EPCBC, PRINT cipher and RECT- ANGLE[3].

Structures of these lightweight ciphers as like

traditional block ciphers are generally developed

into two main classical structures: SPNs and

Feistel-type structures.

The SPN structure[6] is developed using round

function on the whole data block. The slow

diffusion of the traditional Feistel- type structures

has some security problems. Therefore, to solve

these problems the ciphers in traditional Feistel-type

structures a lot of rounds in contrast to the ciphers

based on SPNs is needed; thus, this increases

energy consumption. Nevertheless, compared to

SPNs, the traditional feistel-type structures have

more features.

It has a small and simple round function.

It has the same program for encryption and

decryption processes to reduce decryption

implementation cost.

Why is lightweight cryptography needed for

IoT?

“Lightweight Cryptography”, in the IoT needed for

two reasons:

1. Reliability of end-to-end communication:

In order to achieve end-to-end security, end nodes

have an implementation of a symmetric key

algorithm. For the low resource-devices, e.g.

battery-powered devices, the cryptographic

operation with a limited amount of energy

consumption is important..

2. Applicability to lower resource devices: The lightweight cryptographic primitives are

smaller than the conventional cryptographic ones.

The lightweight cryptographic primitives would

open possibilities of more network connections with

lower resource devices. However, lowest cost

devices can embed only application-specific ICs

due to limited cost and power consumption, where

hardware properties are crucially important.

2. ANALYSIS OF CRYPTOGRAPHIC

ALGORITHM

2.1 SIMON

The Simon[7] block cipher follows a

balanced Feistel cipher with an n-bit word, and

therefore the block length is 2n. The key length is a

multiple of n by 2, 3, or 4, which is the value m.

The implementation of Simon cipher is denoted as

Simon2n/nm. For example, Simon64/128 refers to

the cipher operating on a 64-bit plaintext block

(n=32) that uses a 128-bit key. Though the key

generation logic is dependent on the implementation

of 2, 3 or 4 keys, the block component of the cipher

is uniform between the Simon implementations.

https://en.wikipedia.org/wiki/Feistel_cipher



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

The round functions for Simon 2n and Speck 2n

each take as input of n-bit round key k, together

with two n-bit intermediate cipher text words. For

Simon, the round function is the 2-stage Feistel map

Rk (x, y) = (y ⊕ f (x) ⊕ k, x),

where f (x) = (Sx &S8

x) ⊕ S2

x and k is the round

key.

For Speck, the round function is the (Feistel based)

map

Rk (x, y) = ((S−α

x + y) ⊕ k, Sβ

y ⊕ (S−α

x + y) ⊕ k),

with α = 7 and β = 2 as rotation amounts if n = 16

(block size = 32) and α = 8 and β = 3 otherwise.

Simon superior performance in software is due in

part to the fact that it‟s possible to implement it

entirely with in-place operations, and so moves are

unnecessary. This can be seen for a round of Simon:

x = RCS ( x , α ) x = x + y x = x ⊕ k y = LCS ( y , β ) y

= y ⊕ x

Simon requires some moves, because multiple

operations are done on a single word of

intermediate ciphertext, and copies need to be

made. This fact (combined with the fact that Simon

uses a weaker nonlinear function than Speck, and so

more rounds are required), makes Simon

outperform in software.

2.2 KLEIN:

KLEIN[8] is a family of block ciphers, with a fixed

64-bit block size and variable key length - 64, 80 or

96-bits. According to the different key length, will

denote the ciphers by KLEIN-64/80/96,

respectively. The key length and the block size are

two important factors for a block cipher in the

trade-offs between security and performance. As

considering the performances issues in key registers

low-resource implementations and intermediate

results have a significant effect on its footprint.

Moreover, in ubiquitous computing, data flows are

unlikely to be a high-speed throughput, for which of

large block size or key length might be

unnecessarily for data encryption and

authentication.

Fig 1 : grouping and subgrouping of S-Box

For security reason, key lengthof 64-bit might be

vulnerable if one considers attack models based on

pre-computation and large amounts of available

storage. The recommend KLEIN-64 to be used for

constructing hash functions of single (double) block

length or message authentication codes and KLEIN-

80 and KLEIN-96 to be used for data encryption in

any of the operation modes. The structure of

KLEIN is a typical Substitution-Permutation

Network (SPN), which is also used in many

advanced block ciphers, e.g. AES and PRESENT.

In our first estimation for obtaining a reasonable

security margin and asymmetric iteration, choose

the number of rounds NR as 12/16/20 for KLEIN-

64/80/96 respectively.

A high-level description of the KLEIN encryption

routine is as follows

sk1 Ã KEY;

STATE Ã PLAINTEXT;

for i = 1 to NR do

Add RoundKey(STATE; ski);

Sub Nibbles(STATE);

Rotate Nibbles(STATE);

Mix Nibbles(STATE);

ski+1 = Key Schedule(ski; i);

end for

CIPHERTEXT Ã

AddRoundKey(STA E; skNR+1)

Note that many lightweight block ciphers are

proposed to use only the filter counter mode and

hence, the implementation costs of decryptions can

be avoided. In the design of KLEIN, its lightweight

property should also take the decryption algorithm

into consideration without fixing on any cipher

mode.

2.3 PICOLO

Piccolo[9] is a 64-bit block cipher supporting 80

and 128-bit keys. The 80 and the 128-bit key mode

are referred as Piccolo-80 and Piccolo-128,

respectively. Both ciphers consist of a data

processing part and a key scheduling part. The

differences between two key modes lie in the

number of rounds for the data processing part and

the key scheduling part.



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

Fig 2: Sponge Construction for 4 block padded message

Algorithm

Gr(X(64),wk0, ...,wk3, rk0, ..., rk2r−1) :

X0(16)|X1(16)|X2(16) |X3(16) ← X(64)

X0 ← X0 wk0, X2 ← X2 wk1

for i ← 0 to r − 2 do

X1 ← X1 F(X0) r k2i, X3 ← X3 F(X2)

rk2i+1 X0|X1|X2|X3 ← RP(X0|X1|X2|X3)

X1 ← X1 F(X0) rk2r−2, X3 ← X3 F(X2) r

k2r−1

X0 ← X0 wk2

A permutation based key schedule which can

significantly reduce the required number of gates.

For instance, the registers for storing keys are not

required and it leads the almost same gate

requirement for each key size, in contrast to a key

schedule requiring key state. While the drawback is

security concern, by carefully choosing the

permutation, it has enough immunity against attacks

exploiting weakness of the key schedule such as

related-key differential and MITM attacks.

Note that, in our evaluation, key inputs are not

required to be hard-wired, but are assumed to hold

its values during the block operation. A permutation

based key schedule which can significantly reduce

the required number of gates. For instance, the

registers for storing keys are not required and it

leads the almost same gate requirement for each key

size, in contrast to a key schedule requiring key

state.

While the drawback is security concern, by

carefully choosing the permutation, it has enough

immunity against attacks exploiting weakness of the

key schedule such as related-key differential and

MITM attacks. Note that, in our evaluation, key

inputs are not required to be hard-wired, but are

assumed to hold its values during the block

operation.

Fig 3: Architecture of PICOLO and its components

Active F-function Each differentially/linearly

active F-function reduces differential/linear

probability ⇒ minimum number of active F-

function implies the security against differential

and linear type attacks Counted the number of

active F-functions by exhaustively searching all

possible differential/linear trails

2.4 BORON

BORON[10] is a substitution permutation network

which has a total of 25 rounds. The block length is

64 bits and supports 80 and 128-bit key lengths.

BORON consists of an S-box which acts as a

nonlinear layer followed by a block shuffle of 4

bits. The shuffle bits are fed to the round

permutation „XOR‟ operation are followed by a

Twenty-five different keys are generated from the

80/128 bit key register and these are applied in each

round of the BORON cipher. One extra key will be

generated which will be „XOR-ed‟ to produce the

final cipher text.

Pseudo code for the BORON cipher is given as:

A = a63 ...a0

RoundKeys()

for i = 0 to 24 do

Add_round_key (A , Ki)

S_Box_Layer (A)

Block_Shuffle (A)

Round_Permutation(A)

Xor_Operation(A)

End for

Add_round_key (A, K25)



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

Fig4: Permutation rounds in BORON

The Design criteria of the S-box, which have used

in designing of the BORON Cipher, is given below,

1. For any nonzero input difference A ∈ F and

output differences B ∈ F2 respectively have:

DC (A, B) = # {a + F24 |S (a) - S (a⊕A) =B}≤ 4

2. For any nonzero input differences �A∈ F2 and

output differences �B ∈ F2 such that

Hw(�A) =Hw(B) = 1, where Hw(x) denote

Hamming weight of x, have:

SetDC = DC (�A, �B) = # {a + F24 |S (a) S

(a+�A) =�B} = 0

Cardinality of SetDC can be given as CarDC, have:

CarDC = 0.

Z output mask such that B ∈ F2 4 so have:

LC (A, B) LC (A, B) = # {a ∈ F24|A • a = B • S(a)}

- 8| ≤ 4

4. For any nonzero input mask A∈ F24 and output

mask such that B ∈ F24, such that

Hw(A) = Hw(B) = 1, have: SetLC = LC (A, B) =

#{x ∈ F24|A • x = B • S(x)} - 8| ≠0Cardinality of

SetLC can be given as CarLC, have: CarLC = 4.

5. Bijective i.e. S (a) ≠ S(b) for all values of a ≠b.

6. No static point i.e. S (a) ≠ a for all values of a∈

F24.Strength of the S-box depends on cardinality,

for example in the case of PRESENT cipher S-box

2.5 KATAN

KATAN[11] is a family of lightweight block

ciphers consists of three ciphers denoted by

KATANn for n = 32, 48, 64 indicating the block

size. All instances accept a 80-bit key. KATANn

has a state of n bits consisting of two non-linear

feedback shift registers. For n = 32, the registers

have lengths 13 and 19, respectively. They are

initialized with the plaintext:

The key is expanded to 508 bits according to the

linear recursion

ki+80 = ki + ki+19 + ki+30 + ki+67, 0 _ i < 428,

where k0, . . . , k79 are the bits of k. At each round

of the encryption process two consecutive bits of

the expanded key are used. The round updates

further depend on a bit ci. The sequence of ci is

produced by an 8-bit linear feedback shift register

which is used as a counter. It is initialized by

(c0, . . . , c7) = (1, . . . , 1, 0) and expanded

according to

ci+8 = ci + ci+1 + ci+3 + ci+5.

Round i corresponds to the following

transformation of the state:

t1 s31 + s26 + s27s24 + s22ci + k2i

t2 s18 + s7 + s12s10 + s8s3 + k2i+1

(s0, . . . , s18) (t1, s0, . . . , s17)

(s19, . . . , s31) (t2, s19, . . . , s30)

After 254 rounds, the state is output as the cipher

text. All three members of the KATAN family use

the same key expansion and the same sequence of

ci. The algebraic structure of the non-linear update

functions is the same. They differ in the length of

the registers and the tap positions. All members

perform 254 rounds, but for KATAN48 the non-

linear registers are updated twice per round and for

KATAN64 even thrice (using the same ci and ki for

all updates at the

same round).

Attack Procedure

Given a plaintext / cipher text pair (p, c) an attacker

proceeds as follows:

1. Compute a list of 2d values qv obtained by

encrypting p through the rounds 0 to s − 1 under

key k _ v for v 2 V .

2. Compute a list of 2d values qu obtained by

decrypting c through the rounds N − 1 to N − s

under the key k _ u for u 2 U.

3. For each pair (qu, qv) check if qu decrypts to qv

through the rounds N −s+1 to s under key k _ u _ v.

If yes, save k _ u _ v as a candidate key. Check

candidate keys with one or two additional text pairs.

2.6 LBLOCK

LBlock[12] is a new lightweight block cipher uses

80-bit keys and 64-bit blocks and is based on a

modified 32- round Feistel structure. The modified

Feistel round of L Block (the numbering



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

corresponds with the nibble ordering notation). The

round function F first computes Xi _ki and then

applies a transformation S (composed of 8 parallel

applications of 8 different 4-bit bijective S-boxes)

and a permutation P (that exchanges the places of

the permutation P seen as nibble level. The key

schedule takes as input a master key K seen as a key

register and outputs 32 round sub keys ki. It repeats

the following steps for i = 1 to 31 knowing that k1

is initialized with the 32 leftmost bits of the key

register K:

K <<< 29

[K79K78K77K76]=S9[K79K78K77K76]

where S9 is the ninth S-box.

[K75K74K73K72]=S8[K75K74K73K72]

where S8 is the eighth S-box.

[K50K49K48K47]=[K50K49K48K47] _ [i]2

ki+1 is selected as the leftmost 32 bits of the

key register K.

2.7 TWINE

TWINE[14] is a 64-bit block cipher with two

supported key lengths, 80 and 128 bits. If the key

length is needed to be specified, write TWINE-80

or TWINE-128 to denote the corresponding version.

The global structure of TWINE is a variant of Type-

2 GFS with 16 4-bit sub-blocks. Given a 64-bit

plaintext, P(64), and a round key, RK(32×36), the

cipher produces the cipher text C(64). Round key

RK(32×36) is derived from the secret key, K(n)

with n ∈ {80, 128}, using the key schedule. A round

function of TWINE consists of a nonlinear layer

using 4-bit S-boxes and a diffusion layer, which

permutes the 16 blocks. Unlike Type-2 GFS, the

diffusion layer is not a circular shift and is designed

to provide a better diffusion that the circular shift.

This round function is iterated for 36 times for both

key lengths, where the diffusion layer of the last

round is omitted. The S-box, S, is a 4-bit

permutation. The permutation of block indexes, π :

{0, . . . , 15} → {0, . . . , 15}, where j-th sub-block

(for j = 0, . . . , 15) is mapped to π[j]-th sub-block.

Algorithm:

TWINE.Enc(P(64),RK(32_36),C(64))

X1(64)← PRK1(32)∥ . . . ∥ RK35

(32)← RK(32_36)

for i ← 1 to 35

do

Xi0(4)∥ Xi1(4)∥ .∥ Xi14(4)∥ Xi15(4)← Xi

(64)

RKi0(4)∥ RKi1(4)∥ . . . ∥ RKi6(4)∥ RKi 7(4)←

RKi(32)

for j ← 0 to 7

do Xi2

j+1← S(Xi2j RKij)Xi2j+1

for h ← 0 to 15

do Xi+1

[h]← Xih

Xi+1 ← Xi+1

0∥ Xi+11∥ . . . ∥ Xi+114∥ Xi+115

for j ← 0 to 7

do X36

2j+1← S(X362j + RK36j ) /X36

2.8 PRINT

PRINT[15] cipher is a block cipher with b-bit

blocks, b ∈ {48, 96}, and an effective key length of

53 × b bits. The essential structure of PRINT cipher

is that of an 3-bit S-boxes from one round to the

next. The first XOR uses first sub key in the round

counter which is denoted RCi, while key-dependent

permutations are used at the input to each S-box.

PRINT cipher: A Block Cipher for IC-Printing 19

SP-network with r = b rounds. It follows that

PRINT cipher-48 operates on 48-bit blocks, uses an

80-bit key and consists of 48 rounds while PRINT

cipher- 96 uses a 160-bit key and consists of 96

rounds and operates on 96-bit blocks.

Each round of encryption consists of the following

steps:

1. The cipher state is combined with a round key

using bitwise exclusive-or (XOR).

2. The cipher state is shuffled using a fixed linear

diffusion layer.

3. The cipher state is combined with a round

constant using bitwise XOR.

4. The three-bit entry to each S-box is permuted in a

key-dependent permutation layer.

5. The cipher state is mixed using a layer of non-

linear S-box substitutions.

The four S-boxes in PRINT cipher are closely

related. As an example, S-box 0 and S-box 1

produce the same output for each of four inputs and

similarly for S-boxes 2 and 3 and for S-boxes 4 and

5.



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

Fig 5: flow of PRINT cipher

Consider two keys different only in the selection of

one S-box, say, the leftmost one[18]. Assume

further that one key selects S-box V0 and the other

key selects S-box V1. It follows that for one round

of encryption, the encryption function induced by

the two keys will be equal for half the inputs.

Consequently, the encryption functions over s

rounds can be expected to produce identical cipher

texts for one in 2s texts.

There are other related keys. Consider two keys

different only in XOR halves and only in the input

to one S-box. For such two keys[30] it may be

possible to specify a keyed differential

characteristic where the differences in the texts are

canceled by the differences in the XOR key in every

second round.

The key schedule

The design criteria of 80-bit (resp. 128-bit) key

schedule are as follows: 1. The union of sub key

bits of any 2 (resp.4) consecutive rounds depends

on each of the 80 bits of the seed key.

2. The 1-round 5-subblock (resp. 4-subblock)

generalized Feistel transformation is used to provide

appropriate diffusion.

3. Use round constants to eliminate symmetries.

The 128-bit register used in the key schedule

algorithm contains the master key value both before

and after running the algorithm. So, only one 128-

bit register is required for both encryption and

decryption processes. The whitening keys are used

in the first and the last rounds of HIGHT. If the

whitening keys are not used, then the inputs to F0

and F1 in the first and the last rounds are directly

revealed from plaintexts and ciphertexts.

The sequence δ0, ・・・ , δ127 generated by the

linear feedback shift register h enhances

randomness of subkey bytes. It also provides the

resistance against slide attack. a block cipher

HIGHT[27] with 64-bit block length and 128-bit

key length. HIGHT was designed to be proper to the

implementation in the low resource environment

such as RFID tag or tiny ubiquitous devices. From

security analysis, sure that HIGHT has enough

security. Implementation circuit processes one

HIGHT encryption with 34 clock and requires 3048

gates. The data throughput of the circuit is about

150.6 Mbps under the operating frequency 80 MHz.

During our design[23], several key observations

were uppermost in our mind. Practically all modern

block cipher proposals have reasonable security

arguments; but few offer much beyond (potentially

thorough) ad hoc analysis. Here there is hope to

provide a more complete security treatment than is

usual.

In particular, related key attacks are often dismissed

from consideration for the application areas that

typically use such constrained devices, e.g. RFID

tags. In practice this is often perfectly reasonable.

However, researchers will continue to derive

cryptanalytic results in the related-key model and

there has been some research on how to modify or

strengthen key schedules. So having provable levels

of resistance to such attacks would be a bonus and

might help confusion developing in the

cryptographic literature.[19]While block ciphers are

an important primitive, and arguably the most

useful in a constrained environment, there has also

been much progress in the design of stream ciphers

very recently, in lightweight hash functions.

3. DISCUSSION

The below Table 1 illustrates the Comparison of Light weight Cryptographic Algorithms



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

Ciphers Function Architecture Structure Key size Block

size

Rounds Cycles

PRINT

Encryption &

Decryption

Serialized

SPN

80

48

48

768

SIMON

Encryption &

Decryption

Round-based

LFSR

80

32

254

1872

KATAN

Encryption

Serialized

Fiestel

56

32

254

255

PICOLO

Decryption

Serialized

Fiestel

64

80

144

2309

BORON

Encryption

Round-based

LFSR

64

36

36

178

TWINE

Encryption &

Decyption

Serialized

Fiestel

80

64

12

1304

KLEIN

Encryption

Round-based

LFER

64

254

255

1528

LBLOCK

Encryption &

Decryption

Serialized

Fiestel

32

254

255

335

4. CONCLUSION

In this paper, an analysis [22] has been made of the

majority of lightweight block cipher algorithms in

terms of their Algorithm specification and security.

An intensive analysis has been performed in this

paper which has provided a detailed picture

concerning the design of encryption algorithms. As

discussed in this paper, some of lightweight block

cipher algorithms use a Feistel network [26] while

the others used the SPN and each one has their own

properties. Moreover, in researching and analyzing

the existing lightweight block cipher algorithms it

was found that the algorithms with many S-boxes

meant that the security is good but the cost is high.

Furthermore, in the event the algorithm has enough

number of S-boxes and also has well designed

linear operations, then the security is high and the

cost is dependent upon the design.

5. REFERENCES

[1] Biplob R. Ray, Member, Morshed Chowdhury,

and Jemal Abawajy, “Secure Object Tracking

Protocol for the Internet of Things” in IEEE

Internet Of Things Journal, vol. pp, no. 99, 25

May 2016.

[2] Henry H. Bi and Dennis K. J. Lin, ” RFID-

Enabled Discovery of Supply Networks” in

IEEE Transactions On Engineering Management

, vol. 56, no. 1, February 2009 .

[3] Lang Li, Botao Liu , Hui Wang, ” QTL: A new

ultra-lightweight block cipher” in Elseiver, April

2016.



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

[4] Isha and Ashish Kr. Luhach, ”Analysis of

Lightweight Cryptographic Solutions for Internet

of Things”, Indian Journal of Science and

Technology, vol. 56, no. 1,July 2016.

[5] Stankovic, JA , “Research Directions for the

Internet of Things”, IEEE Internet of Things,

vol. 16, no.2, May 2015.

[6] Amendola, S, Lodato, R, Manzari, S, Occhiuzzi,

C & Marrocco, G, “RFID Technology for IoT-

Based Personal Healthcare in Smart Spaces”,

IEEE Internet of Things, Vol. 03, no.04, March 2014.

[7] Yang, P, “Radio Frequency Identification (RFID)

in Health Care: Privacy and Security Concerns

Limiting Adoption”, IEEE Internet of Things,

vol. 2, no. 1, January 2014.

[8] Sye Loong, K, Kumar, SS & Tschofenig, H,

”Securing the Internet of Things: A

Standardization Perspective”, IEEE Internet of

Things, vol. 8, no. 4, October 2014.

[9] Zheng Gong, Svetla Nikova and Yee-Wei Law,”

KLEIN: A New Family of Lightweight Block

Ciphers”, Cryptography and Communications,

Springer, vol. 02, no.1, April 2015.

[10] Sicari S, Cappiello C, Pellegrini F, Miorandi D,

Coen-Porisini A,”A security-and quality-aware

system architecture for Internet of Things”,

Information Systems Frontiers, vol.6, no.3,

March 2014.

[11] Lee J, Lim D,”A light weight block cipher -

picolo”, International Journal of Security and its

Application”, vol.5, no.5, January, 2014.

[12] Deukjo Hong, Jaechul Sung, Seokhie Hong,

Jongin Lim,”Present – an ultra lightweight Block

cipher”, Journal Networking and

Parallel/Distributed Computing, vol. 1, no.2, May

2015.

[14] M. Feldhofer, J. Wolkerstorfer, and V. Rijmen,

“AES Implementation on a Grain of Sand,” IEEE

Proceedings on Information Security, Vol 152, No 1,

pp. 13–20, April, 2005.

[15] A. Bogdanov et al., „„PRESENT: An Ultra-

Lightweight Block Cipher,‟‟ Proc. Workshop

Cryptographic Hardware and Embedded Systems

(CHES 07),Springer, vol pp. 450-466,sep 2012.

[16] N. Saxena and A. Sadeghi, editors. Radio Frequency

Identification: Security and Privacy Issues -RFIDSec

2014, volume 8651 of LNCS. Springer, 2014.

[17] S. Sun, L. Hu, P. Wang, K. Qiao, X. Ma, and

L. Song,” Automatic Security Evaluation and

(Related-key) Differential Characteristic Search:

Application to SIMON, PRESENT, LBlock,

DES(L) and Other Bit-oriented Block Ciphers”,

in Advances In Cryptology -ASIACRYPT, vol.

8874 of LNCS, pages 158–178. Springer, June

2014.

[18] C. D. Cannière, O. Dunkelman, and M.

Knezevic,” KATAN and KTANTAN -A Family

of Small and Efficient Hardware-Oriented Block

Ciphers”, In Cryptographic Hardware and

Embedded Systems -CHES, vol 5747 of LNCS,

pages 272–288, Springer, March 2009.

[19] Lim, C., Korkishko, T.: mCrypton,” A

Lightweight Block Cipher for Security of Low-

cost RFID Tags and Sensors”, in Proceedings of

the First International IEEE Security in Storage

Workshop”, LNCS, vol. 3786, pp. 243–258. ,

March 2006.

[20] Mace, F., Standaert, F.-X., Quisquater, J.-

J,”ASIC Implementations of the Block Cipher

SEA for Constrained Applications”, in RFID

Security Workshop Record, Malaga, Spain, pp.

103–114, Feb 2007.

[21] Matsui, M,”New Structure of Block Ciphers

with Provable Security against Differential and

Linear Cryptanalysis”, in Gollmann, D. (ed.)

Springer, Heidelberg, FSE 1996. LNCS, vol.

1039, pp. 205–218, Nov 2015.

[22] Shibutani, Takanori Isobe, Harunaga Hiwatari,

Atsushi Mitsuda, Toru Akishita, and Taizo

ShiraiB. Preneel and T. Takagi, “Piccolo: An

Ultra-Lightweight Blockcipher “,in International

Association for Cryptologic Research, LNCS

6917, pp. 342–357, Dec 2012.

[23] W. Wu and L. Zhang, "LBlock: A

Lightweight Block Cipher Applied Cryptography

and Network Security." In Springer Berlin /

Heidelberg, Vol. 6715, pp. 327-344, Aug 2012.

[24] T. Suzaki, et al., "TWINE: A Lightweight

Block Cipher for Multiple Platforms," in

Selected Areas in Cryptography, in Springer

Berlin Heidelberg ,vol. 7707, no 3, pp. 339-

354,Dec 2013.

[25] J. Guo, T. Peyrin, A. Poschmann, and M.

Robshaw, "The LED Block Cipher Cryptographic

Hardware and Embedded Systems – CHES

2011", in Springer Berlin Heidelberg, Vol. 6917,

2011, pp. 326-341, May 2011

[26] J. Borghoff, et al., "PRINCE – A Low-

Latency Block Cipher for Pervasive Computing

Applications," in Advances in Cryptology –

ASIACRYPT,in Springer Berlin Heidelber , vol.

7658, pp. 208-225, July 2013.

[27]. L. Knudsen, et al., "PRINTcipher: A Block

Cipher for IC-Printing," in Cryptographic

Hardware and Embedded Systems, CHES 2010.

vol. 6225, in Springer Berlin Heidelberg, pp. 16-

32, March 2010



IJIACS

ISSN 2347 – 8616

Volume 6, Issue 1

January 2017

[28]. A. Bogdanov, L. Knudsen, G. Leander, C.

Paar, A. Poschmann, M. Robshaw, Y. Seurin,

and C. Vikkelsoe, "PRESENT: An Ultra-

Lightweight Block Cipher Cryptographic

Hardware and Embedded Systems – CHES”, in

Springer Berlin / Heidelberg, Vol. 4727, pp.

450-466, March 2013.

[29]. Z. Gong, S. Nikova, and Y. Law, "KLEIN: A

New Family of Lightweight Block Ciphers

RFID. Security and Privacy." In Springer Berlin

/ Heidelberg,Vol. 7055, , pp. 1-18, June 2012.

[30] J.-S. Kang, et al., "Practical and Provable

Security against Differential and Linear

Cryptanalysis for Substitution-Permutation

Networks," in ETRI Journal, vol. 23, pp. 158-

167, June 2011.

A Study of Lightweight Cryptographic Algorithms for IoT · A Study of Lightweight Cryptographic Algorithms for IoT ... into two main classical structures: SPNs and Feistel-type ...

Documents