Review articleLightweight cryptography in IoT networks: A survey
Introduction
The Internet of Things (IoT) refers to everyday things that are readable, addressable, locatable, and identifiable via data sensing devices and manageable through the Internet. IoT devices are accessible by communication techniques such as RFID, wireless, wired, or other methods. Everyday objects not only include high-tech electronic devices such as mobile phones and vehicles, but things that we do not generally consider as electronic at all, like food items, animals, clothing, water, waste bins, trees, and so on. The IoT objective is to allow things to be communicated anywhere, anytime, with anything, preferably applying any network or service. In the last few years, the IoT has grown exponentially and now occupies our lives in areas as diverse as cities, agriculture, hospitals, the environment, homes, roads, etc. IoT end devices are usually equipped with different types of sensors and actuators, which collect numerous data and send the accumulated data through cyberspace to monitor, analyse, control, and reach various conclusions [1]. Most of these data are real-time data and help us make correct decisions in different service domains. However, this Internet-driven raw data needs to be transferred securely and switched to human-understandable information to gather knowledge and use this knowledge in various domains such as the smart city, agriculture, the environment, interactive transport, and electricity grids.
The smart city is one example of an IoT domain that has security problems that can be overcome by improving cryptography. Seventy percent of smart city services are currently provided in three fields: traffic, safety, and power [2]. Fig. 1 shows the leading smart city model around the globe. The United Nations Population Fund indicates that more than half of the world’s population now resides in a city. By 2050, this is expected to increase to about 68% [3]. In China, more than 200 smart city developments are in progress [4]. However, smart city domains create numerous security and privacy challenges due to various weaknesses in each layer of a smart city’s network architecture. For example, in 2015, approximately 230,000 Ukrainian residents experienced an extended period of power interruption when intruders hacked into the electricity grid [5]. The IoT plays a crucial role in predicting and managing natural disasters such as bushfires, earthquakes, hurricanes, and tsunamis. Various IoT sensors can help avoid and control damage to life and the environment from forest fires. The sensors can be installed around the edges of the forest and can continuously monitor the temperature and carbon content in the region. In cases of emergency, the IoT can aid an immediate response by preparing and distributing the environment report. The 2019–2020 bushfires in Australia burned 46 million acres and cost 2.9 billion USD [6]. According to United Nations Food and Agriculture, the world will be need 70% more food production in 2050 [7]. Smart agriculture will play a decisive factor in this growing market. For instance, in Chile, using remote sensors reduces 70% of the water requirement in blueberry production [8]. A possible security attack in an agricultural business could result in significant human and financial consequences. In June 2017, the ‘NotPetya’ malware attack in one agricultural-related organisation cost about half a billion U.S. dollars [9]. The enormous data shared in IoT-enabled environments can be exploited by malicious attackers, which creates a security challenge [10]. Hence, addressing and minimising these security and privacy risks by promoting efficient security solutions is crucial for the success of IoT domains.
Ensuring privacy in IoT end devices is challenging for several reasons. First, the CPU in IoT devices is minimal and cannot compute complex algorithms [11], [12], [13], [14], [15], [16], [17], [18]. Second, the power consumption of the security algorithm should be low since most IoT devices are battery-powered [12], [14], [15], [16], [18], [19], [20], [21], [22]. Third, simple sensors are connected to cover a large physical network [18], [20]. Finally, implementing the security algorithm needs to be cost-effective by deploying as few devices as possible [1], [13], [23], [24], [25]. Conventional cybersecurity cryptography such as AES (Advanced Encryption Standard), RSA (Rivest–Shamir–Adleman), DES (Data Encryption Standard), Blowfish, and RC6 cannot be used immediately in these smart domains because of the heterogeneity, scalability, and dynamic features of the IoT. Most of these algorithms consume more energy while operating. For example, AES uses 2.9 kB of flash and 1.2 kB of RAM [21]. Researchers have compared several WSN sensor motes and found that resource-constrained devices have as low as 2 kilobytes (kB) and 1 kB of Random Access Memory (RAM) and Electrically Erasable Programmable Read-Only Memory (EEPROM), respectively [21]. Such sensors cannot use the resource-consuming conventional security approaches [26], [27]. Hence, secure communication is one of the most significant concerns in Low Power and Lossy Systems. This undoubtedly defines the necessity to develop Lightweight Cryptographic (LWC) algorithms for IoT security.
With growing interest in the IoT, the fundamental research question is: What lightweight cryptography has been developed to address the many IoT security issues?
This question must be addressed if researchers are to develop and execute secure and efficient IoT networks. A literature review on lightweight cryptography algorithms was deemed essential to ensure IoT communication security. Hence, this paper focuses on the following main research questions:
- 1.
What lightweight cryptography has been developed to address the IoT security issues?
- 2.
How can lightweight cryptography secure an IoT structure?
- 3.
What consequences do the findings have on the future of IoT research?
This paper addresses the most current state state-of-the-art research in lightweight cryptography for the years 2019 and 2020. It also presents a comparative analysis of most current lightweight algorithms, such as LCC, LWHC, Modified PRESENT and SAT_Jo. The paper also evaluates the most recent protocols using a set of matrices like block size, key length, gate area, technology value, number of encryptions or decryptions, latency, and throughput. This comprehensive evaluation demonstrates the requirements of lightweight cryptography ciphers. This paper is organised into seven sections. Section 1 introduces the IoT and the need for the development of LWC in IoT systems. The IoT architecture and threats are presented in Section 2. Section 3 discusses IoT architecture and devices used according to the structure. Section 4 describes security mechanisms in IoT systems. The most recent lightweight cryptography developments in the IoT are discussed in Section 5. Section 6 presents a critical analysis of lightweight ciphers, identifies the research gaps and suggests further research. Finally, the conclusion is presented in Section 7.
Section snippets
IoT architecture and threats
This section examines the different layers of the IoT architecture, according to a device’s functionality and possible exposure to various attacks. IoT domains show enormous possibility. However, IoT networks connect with heterogeneous devices with mixed operating systems and different communication protocols, such as wireless, Zigbee, and mobile technology, which can create considerable security and privacy threats [28]. In this section, we outline IoT architecture and discuss the different
Devices in different IoT layers
IoT devices are present in all architectural layers with limited proficiency due to low memory, internal storage, computational capability and power. The IoT environment comprises various service architectures, protocols, and network designs to deal with billions of IoT nodes that exchange information. IoT devices can be generally divided into three categories, Class 0, Class 1, and Class 2 [56], [57].
Class 0 or low-end IoT devices often have constrained resources like memory, power, and
Securing the IoT system
Section 4 concisely discusses lightweight algorithms used to secure IoT network communications. Furthermore, this part classifies the latest developments in lightweight algorithms. Fig. 2 illustrates different types of the most recent lightweight cryptography, which is primarily split into two categories, symmetric and asymmetric algorithms. The symmetric lightweight algorithms are further divided into Lightweight Block Ciphers (LWBC) and Lightweight Stream Ciphers (LWSC). Elliptic curve
Recent lightweight cryptography for IoT security
This section briefly reviews the latest lightweight cryptographic protocols to secure IoT networks in resource-restricted systems.
Prakash, Singh, and Khatri [42] developed a new hybrid algorithm called lightweight hybrid cryptography (LWHC) that uses a combination of LED and PRESENT ciphers with a compact key scheduling algorithm SPECK. This system used RECTANGLE S-Box to make it faster and more robust. Encryption is done using LED, PRESENT and RECTANGLE S-Box. However, the SPECK algorithm is
Discussion and limitations of existing lightweight cryptography
Recently developed cryptography can be split into two types, symmetric and asymmetric. Block cipher and stream cipher represent a symmetric algorithm, whereas ECC represents the asymmetric cipher. Symmetric ciphers use reduced key length compared to the asymmetric algorithm. Hence, they are vulnerable to security attacks because of their less complex nature. Asymmetric ciphers use more complexity to secure IoT network communications, but the larger key length makes them slower. Studying these
Conclusion
We have analysed contemporary research on lightweight cryptographic techniques used in IoT networks to keep data communication secure. Each algorithm has merits and demerits in terms of ensuring security while exchanging information in the IoT environment. Some algorithms demand more storage space but have fewer computational requirements and vice versa. Several algorithms are lightweight in terms of energy, computational power, and cost-effectiveness; however, they do not demonstrate
CRediT authorship contribution statement
Muhammad Rana: Conceived the model and the conceptual framework, Analysed the data, Developed the theory and investigation, Contributed to the interpretation of the results, Provided critical feedback and helped shape the research, analysis, and manuscript. Quazi Mamun: Analysed the data, Verified the analytical methods, Supervised the findings of this work, Provided critical feedback and helped shape the research, analysis, and manuscript. Rafiqul Islam: Verified the analytical methods,
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Muhammad Rana is a Ph.D. candidate at Charles Sturt University, Australia, with a particular interest in the Internet of Things, Cryptographic Algorithm and Network Security. He currently works on resource-constrained IoT devices, the security problem of IoT network, and simulation techniques in a different lightweight algorithm. Muhammad received BC in Computer Science at Charles sturt University. He received his Master degree from Federation University. Authentication, security algorithms of
References (105)
- et al.
Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities
J. Netw. Comput. Appl.
(2018) - et al.
Perception layer security in Internet of Things
Future Gener. Comput. Syst.
(2019) - et al.
Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework
Future Gener. Comput. Syst.
(2020) - et al.
Raspberry Pi as a Sensor Web node for home automation
Comput. Electr. Eng.
(2015) - et al.
SFN: A new lightweight block cipher
Microprocess. Microsyst.
(2018) - et al.
Security issues in IoT: A survey
- et al.
Cyber attack scenarios on smart city and their ripple effects
World Urbanization Prospects: The 2018 Revision, Department of Economic and Social Affairs
(2018)- et al.
The development of smart cities in China
- et al.
Security and privacy in smart cities: Challenges and opportunities
IEEE Access
(2018)
Compound natural disasters in Australia: a historical analysis
Environ. Hazards
Survey on security threats in agricultural IoT and smart farming
Sensors
Security and privacy in smart farming: Challenges and opportunities
IEEE Access
Cyber Risk and Security Implications in Smart Agriculture and Food SystemsWhite Paper
Security and the smart city: A systematic review
Sustainable Cities Soc.
An experimental analysis of security vulnerabilities in industrial IoT devices
ACM Trans. Internet Technol.
A survey on security and privacy issues in internet-of-things
IEEE Internet Things J.
Current research on Internet of Things (IoT) security: A survey
Comput. Netw.
Comparative study of lightweight hashing functions for resource constrained devices of IoT
A lightweight cellular automata based encryption technique for IoT applications
IEEE Access
A survey on technologies and security protocols: Reference for future generation IoT
J. Netw. Comput. Appl.
Internet of Things security: A survey
J. Netw. Comput. Appl.
G-TBSA: A generalized lightweight security algorithm for IoT
A qualitative comparison of different logical topologies for wireless sensor networks
Sensors
A systematic mapping study on internet of things challenges
Next generation lightweight cryptography for smart IoT devices: Implementation, challenges and applications
Security in Internet of Things: issues, challenges, taxonomy, and architecture
Telecommun. Syst.
IoT soil moisture monitoring and irrigation system development
Cryptographic technologies and protocol standards for Internet of Things
Internet Things
A survey on lightweight ciphers for IoT devices
A roadmap for security challenges in the Internet of Things
Digit. Commun. Netw.
A privacy-preserving cryptosystem for IoT E-healthcare
Inform. Sci.
Lightweight cryptography: A solution to secure IoT
Wirel. Pers. Commun.
Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics
J. Netw. Comput. Appl.
Security threats in the application layer in IOT applications
User privacy risk analysis for the internet of things
Blockchain’s adoption in IoT: The challenges, and a way forward
J. Netw. Comput. Appl.
Mitigating DoS attacks in publish–subscribe IoT networks
Performance analysis of denial of service DoS and distributed DoS attack of application and network layer of IoT
A lightweight IDS based on J48 algorithm for detecting DoS attacks on IoT middleware
Defenses against perception-layer attacks on IoT smart furniture for impaired people
IEEE Access
Demonstrating the effect of insider attacks on perception layer of internet of things (IoT) systems
A survey on SDN based security in internet of things
Adv. Intell. Syst. Comput.
A new model of light weight hybrid cryptography for internet of things
Lightweight stream cipher scheme for resource-constrained IoT devices
Analytical model for sybil attack phases in internet of things
IEEE Internet Things J.
Decentralized intrusion detection in wireless sensor networks
Intrusion detection in homogeneous and heterogeneous wireless sensor networks
IEEE Trans. Mob. Comput.
Security of the Internet of Things: Perspectives and challenges
Wirel. Netw.
Cited by (77)
Lightweight block ciphers for resource-constrained environments: A comprehensive survey
2024, Future Generation Computer SystemsAn innovative approach for dynamic key dependent S-Box to enhance security of IoT systems
2023, Measurement: SensorsTrends and challenges in AIoT implementation for smart home, smart buildings, and smart cities in cloud platforms
2024, Artificial Intelligence of Things (AIoT) for Productivity and Organizational Transition
Muhammad Rana is a Ph.D. candidate at Charles Sturt University, Australia, with a particular interest in the Internet of Things, Cryptographic Algorithm and Network Security. He currently works on resource-constrained IoT devices, the security problem of IoT network, and simulation techniques in a different lightweight algorithm. Muhammad received BC in Computer Science at Charles sturt University. He received his Master degree from Federation University. Authentication, security algorithms of IoT and wireless communication is his research curiosity.
Dr Mamun is a Senior Lecturer of Computing in the School of Computing and Mathematics, Faculty of Business, Justice and Behavioural Sciences, Charles Sturt University. He earned a B.Sc. Engineering degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET), a Masters degree (by research) in Global Information and Telecommunication Studies from Waseda University Japan, and a Ph.D. degree with a specialisation in distributed computing from Monash University, Australia. Before joining CSU, Quazi has worked as a sessional academic and guest Lecturer in the Faculty of Information Technology of Monash University. Quazi’s research interests include, but not limited to, distributed systems, ad hoc and sensor networks, wireless networks, privacy and security in information networks. He is an active member of the Advanced Networks Research Lab (ANRL) and ICT Security Group of Charles Sturt University.
Dr Rafiqul Islam is working as an Associate Professor at the School of Computing and Mathematics, Charles Sturt University, Australia. Dr Islam has a strong research background in cybersecurity, focusing on malware analysis and classification, Authentication, security in the cloud, privacy in social media, IoT and Dark Web. He led the Cybersecurity research team and has developed a strong background in leadership, sustainability, collaborative research in the area. He has a strong publication record and has published more than 170 peer-reviewed research papers, book chapters and books. Dr Islam is the associate editor of the International Journal of Computers and Applications and guest editors of various reputed journals. He is the senior member of IEEE.