A Cryptographic Technique for Communication among IoT Devices using Tiger192 and Whirlpool

—The heterogeneous standards and operational platforms of IoT devices, introduce additional security loopholes into the network thereby increasing the attack surface for the IoT. Most of the devices used in these IoT systems are not secure by design. Such vulnerable devices pose a great threat to the IoT system. In recent times, there have been a lot of research works on improving existing mechanisms for securing IoT data at both the software and hardware levels. Although there exist cryptographic research solutions to secure data at the node level in IoT systems, there is not a lot of these security solutions that target securing both the IoT data and validating IoT nodes. The Authors propose a cryptographic solution that uses double hashing to provide improved security for IoT node data and validating nodes in IoT system. A cryptographic mechanism that is composed of the Tiger192 cryptographic hash and the whirlpool hash function is proposed in authenticating IoT data and validating devices in this paper. The use of digital ledger technology and cryptographic double hashing algorithm provided enhanced security, privacy, and integrity of data among IoT nodes. It also assured the availability of IoT data.


I. INTRODUCTION
This paper extends an earlier conference paper submitted to the international Conference on Communications, Signal Processing and Networks / International Conference on Cyber Security and Internet-of-Things ICCSPN/ICSIoT. In our previous paper, we proposed and used a cryptographic primitive that involved the RC4 cryptographic algorithm and the whirlpool protocol in encrypting and validation of data within IoT systems [1]. The capacity of the internet of things to process large streams of data in real-time and its flexible adaptation for all environments makes it a widely adopted technology option for the collection, analysis and storage of critical data across many industrial fields as well as academia and Government installations. The spike in the adoption of the Internet of Things (IoT) across these various sectors makes it also a good target for cyber-attackers to exploit the vulnerabilities in the network. Internet-of-Things (IoT) can stream and support the creating of real time data to create new value propositions for small to large businesses, academia and governments. This unique quality of IoT system makes it one of the preferred technology of choice across all sectors of life [2]. The benefits of the innovation that IoT systems offer have been a good motivation for a lot more businesses, governments, and society to embrace in expanding access and increasing inclusiveness in the total monitoring, processing, storage, and communication of critical data in these sectors of life. The benefits that IoT systems offer have equally motivated and attracted the incidences of cyber-attacks on these systems towards the exploitation of the vulnerabilities in these connected systems.
Internet-of-Things involves several edge devices that connect to either a centralized node or distributed edge nodes to help aggregate critical data that is sensed from the immediate environments of these edge devices. The sensed data is therefore communicated through different communication protocols to the nodes. There exist several communication protocols that IoT devices adopt in transmitting data from one node to the other. These protocols include Bluetooth, WiFi, Satellite, Radio Frequency Identification (RFID), Near Field Communication (NFC). Most IoT systems use a combination of these communication protocols to connect and communicate data between each other because of the different connection requirements and capabilities from these edge devices of which sensors and actuators are the main actors in that category. These various communication protocols have their strengths as well as security vulnerabilities [3].
There are several cryptographic primitives that are used to provide privacy, integrity and confidentiality enhancements to data in IoT systems. These primitives have unique hardware as well as software platform requirements that need to be met in order to fully and effectively secure the data. Although some of these primitives have been around for decades, their ability to secure data is still relevant in recent times. The availability of modern hardware device with their heterogeneous design and www.ijacsa.thesai.org operational specifications has resulted in creating incompatibilities in the dependencies for platform execution that affect the latency and throughput of these cryptographic primitives. Some classical ciphers have been broken and that makes them weak and ineffective. Such ciphers intend introduce additional vulnerabilities to any network that adopt them to secure its data. This is because, these ciphers then serve as a weak link through which cyber-attacks could be launched on the network. Man-in-the-middle attacks and its associated threats have become common place in recent IoT cyber security incidence reports. At both the system and application levels, hacking activities have resulted in data corruption, illegal data transfer and in some cases destruction of critical hardware.
There have been recent developments of several cryptographic based solutions to address IoT device security challenges that satisfy the unique operational environments of the devices to support these devices to secure communication of sensed data even with obvious operational and environmental challenges of these devices including limited computational power and storage [4].
Several security interventions continue to be proposed to secure IoT systems. Although hash functions help in protecting the integrity of data, a weak hash function is equally as dangerous as not securing the data in the first place. There is therefore the need for a strong cipher that is energy efficient and yet effective to be deployed in maintaining the needed privacy, integrity and confidentiality to assure the security of data [5]. Most ciphers secure IoT systems with particular emphasis to either the software or application layer, whiles others target the hardware or the physical layer to ensure adequate security for IoT nodes are provided to complement firewall solutions.
Several security interventions continue to be proposed to secure IoT systems. Although hash functions help in protecting the integrity of data, a weak hash function is equally as dangerous as not securing data in the first place. There is therefore the need for a strong cipher that is energy efficient and yet strong or effective to be deployed in maintaining the needed privacy, integrity and confidentiality to assure the security of data [5]. Most ciphers secure IoT systems with particular emphasis to either the software or application layer, whiles others target the hardware or the physical layer to ensure adequate security for IoT nodes are provided to complement firewall solutions.
The use of a cryptographic solution that involves using hashing functions and digital signature scheme to provide security to node data as well as device validation is lacking in existing reviewed works.
The paper proposes a secure cryptographic solution that ensures non-repudiation of sending activities to help with device authentication, and message validation for constrained devices in IoT systems.
The cryptographic solution consisting of Tiger192, and whirlpool hashing algorithm provide message authentication and source data validation for the communicating nodes among IoT devices. The double hashing mechanism increases resistance to hash collisions of the cryptographic solution, thus used to increase the difficulty levels in guessing the content of the messages particularly brute force attacks and dictionary attacks. The Tiger192 cryptographic hash was used because it generates a shorter digest that maps to even longer messages.
The paper is organized into five sections. Section 2 describes background notions for the paper. The review of related works relevant to the paper is done in Section 2. Section 3 describes the methodology used in the paper. Section 4 discusses the results and section 5 concludes the paper and presents expected future work.

A. Whirlpool Hash Function
The whirlpool function is composed of iteration of compression function with 512-bit key space to produce a 512bit block dedicated cipher. To encrypt data of any size, the data is padded. It is adoptable to hardware implementations on both 8-bit and 64-bit platforms. It uses a substitution box where it generates randomly its 512-bit keys to provide digital signature to data [6].

B. The Tiger 192 Hash Function
This hash function uses large translation tables and runs well on 64-bit platforms to produce a much stronger 24 bytes long output hash. It includes an internal state size of 192 bits, and block size of 512 bit. The 192-bit key size provides a stronger and better encryption. It also supports the secure exchange of keys through the internet for encryption and authentication between two communicating parties.
The Tiger and its variant hash functions consumed less energy and yet provided an enhanced security among its peers. The cost in terms of energy consumption requirements for the Tiger192 is light weight as compared to other hash functions in its category, but it produces an efficient and effective hash value that is suitable for enhancing the security of data [7]. In [8], the Tiger hash was adopted to ensure the privacy and integrity of patients' critical health data. Machine learning techniques together with a Tiger hash based cryptographic protocol were implemented to secure the communication of critical medical data of patients across several mobile medical devices and systems. Secure cloud communication scheme was based on the Tiger hash cryptographic algorithm to support secure access of cloud data. The Tiger hash was adopted at the device or the physical layer level for cloud user enrolling phases for authenticating and granting the appropriate access rights to verified users to access cloud data or services [9].

C. Internet of Things Security
Most of the devices that are used in the IoT systems were not originally built for large scale and massive data streaming purposes, yet these devices end up being used in networks that stream massive data posing a lot of security risk onto these networks. The devices then become and create a weak security link where hackers compromise such systems using such weak links as point of entry. These devices with weak security qualities and requirements have contributed to the rising number in the man-in-the-middle and it related attacks suffered by IoT networks in recent times [1] [10]. www.ijacsa.thesai.org In [11] the authors underscored the need for an appropriate security intervention that is efficient and scalable to help address the unique security challenges of IoT systems that cut across privacy concerns, inadequate authentication and authorizations, insecure interface designs for web, mobile and cloud as well as the absence of a security encryption at the transport layer for communication of IoT data. These devices and system vulnerabilities in IoT makes it susceptible to mandin-the-middle attacks and other associated security incidences.
The authors identified the various implementation environments for IoT and their unique security requirements for an appropriate implementation of these security schemes to enhance the security of IoT systems. Blockchain based cryptographic mechanism was proposed to help detect and validate devices to maintain data integrity within an IoT system [12].
Every IoT security solution must include an architecture that supports cryptographic protocols and algorithms for data verification to ensure integrity and secure management of all devices and objects connected to the IoT [13].

D. Cryptographic Communication
The authors in [14] used a privacy preserving cryptographic protocol in securing location-based information as well as user critical data communicated to the cloud. The Elliptic Curve cryptographic protocol was used in exchanging and establishing secure keys between the sensor nodes in the vehicles as well as the parking areas to ensure secure and effective parking of vehicles. Zero-knowledge prove system was used to ensure the privacy of communicated information between the gateways and the cloud as vehicles searched for vacant slots to park.
In [15], an inbuilt authentication IoT platform was adopted for inventory automation. The security framework in their platform used secure and energy efficient cipher to support authentication, integrity, and confidentiality of data.
In [16], a distributed authentication encryption mechanism that is lightweight and energy efficient as well as effective at providing security for IoT was adopted and used. This encryption technique offered secure authentication and access mechanism for the IoT network. The Cipher block Chaining-Message CCM algorithm was proposed and used to encrypt data for transmission. The algorithm allowed the receiver to create a token for each sender during transmission. These tokens had expiration time to be used to help check against impersonation attacks.
A 64-bit block cipher consisting of the Feistel and a constant substitution-permutation network to encrypt data was used by the authors in [17]. The algorithm adopted fever rounds of encryption making it lightweight for IoT devices and it provided a secure framework for the IoT network to achieve their targeted results.
In [18][19] [20], the privacy of sensor data was preserved using blockchain and cryptographic schemes to guide the design approach of an IoT system. In their design approach, a blockchain concept was adopted in preserving the data through the generation, procession, and exchange of data across storage location. The use of blockchain was adopted in ensuring a tamperproof distributed and decentralized storage of sensor data for edge devices as hosting environment in IoT.
In [21][22] [23], key pairs are used for the generation of the HMAC (Hash Message Authentication Code). HMAC assured message authentication as well as node validation for the sender node. The Tiger 192 hashing function served as the authentication function in providing integrity for IoT data from the source nodes to the receiver node.

III. METHODOLOGY
In Fig. 1, several edge devices are connected to a centralized node to coordinate device enrolment, authentication and authorization towards the communication of sensed data from the edge devices. The various edge devices are identified using their unique IP addresses. The centralized node helps with registering and authenticating all the edge nodes. These connected edge devices collect critical data from their environment and transmit it to the centralized node. The centralized node has enhanced computing power to process the transmitted data by intelligently measuring, analyzing and interpreting the sensed data from the edge devices.
The node serves as a hub for group enrollment of all sensors by adopting a common authentication mechanism to share a configuration for these sensors ( 1 − ∞ ) . The node coordinates and manages symmetric key certificate for encryption of data. The sensor and the node employed the same pre-shared encryption keys for secured communication between them.
At the application layer level on these nodes is implemented a blockchain-based digital ledger that records the unique attributes and data across all the connected nodes. All the edge nodes are cryptographically linked to store the updated state of all the validated data, distributed across the nodes.
Edge device enrolment onto the dedicated centralized node happens in two steps. The device gets registered on the centralized node using a key exchange protocol used to provide the needed credentials. The registration and certificate authorities are implemented on the centralized node to help coordinate device enrolment as well as authentication of edge devices. The enrollment and authentication occur through device provisioning. The just-in-time provisioning approach is adopted.   Table I, the distributed ledger to be implemented on the centralized nodes with its composition is displayed. It contains the various fields and components that constitute the digital ledger.

As shown in
ID -Denotes the unique identifier to each connecting edge device or node in the IoT. It usually represents the component or part identification number of the sensor. For easy identification on a connected system, every object or connected device is assigned a unique sequence of hexadecimal values or alphanumeric value. The 1 − denote the identifier of the first connected device to the last identifier respectively of the connected devices to the IoT. These identification labels are uniquely generated strings to represent each connected device [24]. SN -Represents the sensor or device name. IoT devices are named using various conventions and standardization criterion [25] [26].
Data -This describes the message or information to be communicated. It is a plaintext data collected by an edge device or sensor from its immediate environment. It could be a temperature, hygrometer, electric voltage or other physical measurement value.
Timestamp -The timestamp component in the hash table denotes the specific date and time that the data or message arrived at the device. The timestamp consists of the date and time components that records the actual date and time the message or data arrived at the at the centralized node [27] [28]. Whirlpool -The message digest of the data to be communicated is produced using the whirlpool cryptographic hash function. The message digest is then stored in the whirlpool field, for each data.
Tiger192 -The digital fingerprint value or digital signature of the encrypted message is created using the Tiger192 cryptographic hash for each message. The digital fingerprint for message digest is stored in the Tiger192 field.
The whirlpool hash is computed using: Hash (Data, Device Name, Timestamp, Previous Hash) The plaintext message to be hashed is segmented into blocks.  The output hash code for the whirlpool cryptographic algorithm is a 512-bit size message digest [29].
The Tiger hashing algorithm is used to implement a Hash Message Authentication Code (HMAC).
Three main components constituted the Tiger 192 hashing algorithm. Key generation algorithm, Signing Algorithm, Verifying Algorithm [30].
The key generation phase: The key generator ensures the generation of the private and public keys for the two nodes.
The private key of the sender node is used to generate the digital signature for the message using the resultant hash code value of the whirlpool hash and the sender private key as the input strings.
H --is the Tiger192 Hashing Algorithm.
Ht --denotes the hash value code, a resultant message digest.
Sig1 is the digital signature or the Hash Message Authentication Code (HMAC) for the message digest from the node originating the data to be communicated. The message to be sent to the receiver is a composition of the sig1 and Ht.
At the receiver node, The Private key of the receiver node (RPrK) is used to decrypt the signature.
H --is the Tiger192 Hashing Algorithm.
Ht --denotes the hash value code, a resultant message digest.
The resultant hash from the decryption is compared with the hash of the message.

A. Signature Verification Process
The signature verification process is performed using the private key of the receiver node, the hash value (Ht) and the signing algorithm in Tiger192. It is carried out at the base station serving at the sink nodes (T1 and T2) using the sig1 and sig2 values.
1) Obtain hash code value H(M) and sig1 (HMAC) from source node.
2) Apply private key of receiver node on the hash code to obtain sig2 (HMAC).
3) Compare the sig1 and sig2. HMAC and HMAC values for source and receiver nodes respectively. 4) Check for same. strings in the sig1 and sig2. If fails, reject signature and message. 5) Otherwise, use the reverse whirlpool on the hash to regenerate the message.

IV. RESULT
As shown in Fig. 2, nodes 1 2 are IoT nodes that have adequate computational and storage capacity to support the provision of connectivity for edge devices mainly sensors.
Both nodes adopted a centralized approach towards device enrollment and authentication for the IoT device provisioning. Registration and Certificate authorization mechanisms were implemented on these nodes ( 1 2 ) to help them manage, coordinate and control the smooth enrollment and management of all the edge devices that were connected to them. The node serves as a hub for group enrollment of all sensors by adopting a common authentication mechanism to share a configuration for these sensors ( 1 − ∞ ). The node coordinates and manages symmetric key certificate for encryption of data. The sensor and the node employ the same pre-shared encryption keys for secured communication between them.
Sensor data from the edge devices are hashed using the whirlpool cryptographic hash function. The encrypted data is stored on the centralized node on each of the two nodes ( 1 2 ). The stored encrypted data is stored in a blockchain-based digital ledger. The distributed ledger technology implemented on the two connected nodes ensured the replication of storage of encrypted data across the two connected nodes. The use of the digital ledger and the subsequent duplication across the connected nodes eliminate the occurrences of single point of failure that would result in data loss in the IoT. Table II represents data storage of hashes in the digital ledger and the duplication of storage on the blockchain digital ledger across the connected sink nodes.
The system in Fig. 2 demonstrated a digital ledger containing encrypted data which is based on the blockchain digital signature concepts. The hash table with their content is shared across the two connected nodes; thus, a source node and a destination node. The hash function ensured that the data and the unique components of the hash function were not tampered with, since any alteration of any of the hashing components will result in a different hash. The distributed storage of the digital ledger between the source and the destination nodes is compared for detection of tampering of IoT messages. The hash tables of both nodes must produce same values. Any modification of the message will produce a different output for the hash table. The use of the cryptographic algorithm and the hash function guaranteed the security, privacy, confidentiality, and availability of the IoT data. The Tiger192 cryptographic hash generated a digital signature for each content of the message. The private key of the sending device is used in generating the digital signature of the content of the message. The digital signature produces a shorter message digest that maps onto the content of messages. The Tiger 192 generated a digital signature for each cryptographic encryption produced. The digital signature assists in authentication of the content of messages. The Tiger 192 signed messages provided nonrepudiation in validating the authenticity of the sending node. The public key of the sending node can be publicly verified even by unintended recipients within the network. The digital signature is based on the content of the message being signed. Both the ciphertext and digital signature are communicated between the communicating nodes.
Message integrity and authenticity is verified using the HMAC (keyed-hash message authentication code). The shared secret between the communicating nodes (T1 and T2) provided data origin authentication as well as message integrity.

V. CONCLUSION AND FUTURE WORK
This paper adopted a hybrid cryptographic scheme that included the Tiger192 cryptographic algorithm and the whirlpool hash function to support secure communication of IoT devices. Data to be communicated was hashed using the whirlpool cryptographic hashing function. The Tiger 192 hashing function was used to generate a digital signature, a shorter digest that tagged and mapped onto the content of messages. The whirlpool hash served as the building block for encrypted message and the message authentication code or digital signature is then communicated between the source node and the destination node. The security and strength of a cryptosystem is based on the length of the key size. The 192bits key size assured a stronger and produced a shorter mapped digest for all messages particularly for longer messages. The use of the Tiger cryptographic algorithm provided a complementary security layer to assure message authentication using the HMAC. Tampering of data incidences are detected and addressed since the digital ledger replicates storage of encrypted data across all connected nodes. The storage of data across the connected sink nodes assured data availability since single point of failure incidences were eliminated with the digital ledger technology. Node authentication assuring the identity of the source of the data is enforced using the key public key of the sender node to enforce non-repudiation. It also protected the integrity of data by validating the genuineness of the data communicated using integrity authentication through the comparing of the digital signature tags on the sender and receiver nodes. The double hashing used increased the resistance to hash collisions of the cryptographic solution, thus used to increase the difficulty levels in guessing the content of the messages particularly brute force attacks and dictionary attacks. The double hashing cryptographic mechanism consisting of the Tiger192 cryptographic hashing scheme, and the whirlpool hash function increased the security, privacy, and integrity of IoT data. The use of the digital ledger technology assured availability of data.
The use of the digital signature assisted in authenticating IoT data whereas the validating devices in this paper. The use of digital ledger technology and cryptographic scheme of double hashing algorithm provided enhanced security, privacy, and integrity of data among IoT nodes. It also assured the availability of IoT data.
The key pairs used for the generation of the HMAC assured message authentication as well as node validation for the sender node. The public key of the sender node helped in enforcing non-repudiation of the origin of data as well as device verification. The authentication function provided by the Tiger 192 provided integrity for data from the source nodes to the receiver node. Since the public key of the sending device is available within the network, the source of the message can be validated enforcing non-repudiation.
An implementation of this combined cryptographic algorithm on an IoT platform would be explored for future works.