SIT: A Lightweight Encryption Algorithm for Secure Internet of Things

The Internet of Things (IoT) being a promising technology of the future is expected to connect billions of devices. The increased number of communication is expected to generate mountains of data and the security of data can be a threat. The devices in the architecture are essentially smaller in size and low powered. Conventional encryption algorithms are generally computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a lightweight encryption algorithm named as Secure IoT (SIT). It is a 64-bit block cipher and requires 64-bit key to encrypt the data. The architecture of the algorithm is a mixture of feistel and a uniform substitution-permutation network. Simulations result shows the algorithm provides substantial security in just five encryption rounds. The hardware implementation of the algorithm is done on a low cost 8-bit micro-controller and the results of code size, memory utilization and encryption/decryption execution cycles are compared with benchmark encryption algorithms. The MATLAB code for relevant simulations is available online at https://goo.gl/Uw7E0W.


I. INTRODUCTION
The Internet of Things (IoT) is turning out to be an emerging discussion in the field of research and practical implementation in the recent years. IoT is a model that includes ordinary entities with the capability to sense and communicate with fellow devices using Internet [1]. As the broadband Internet is now generally accessible and its cost of connectivity is also reduced, more gadgets and sensors are getting connected to it [2]. Such conditions are providing suitable ground for the growth of IoT. There is great deal of complexities around the IoT, since we wish to approach every object from anywhere in the world [3]. The sophisticated chips and sensors are embedded in the physical things that surround us, each transmitting valuable data. The process of sharing such large amount of data begins with the devices themselves which must securely communicate with the IoT platform. This platform integrates the data from many devices and apply analytics to share the most valuable data with the applications. The IoT is taking the conventional internet, sensor network and mobile network to another level as every thing will be connected to the internet. A matter of concern that must be kept under consideration is to ensure the issues related to confidentiality, data integrity and authenticity that will emerge on account of security and privacy [4].

A. Applications of IoT:
With the passage of time, more and more devices are getting connected to the Internet. The houses are soon to be equipped with smart locks [5], the personal computer, laptops, tablets, smart phones, smart TVs, video game consoles even the refrigerators and air conditioners have the capability to communicate over Internet. This trend is extending outwards and it is estimated that by the year 2020 there will be over 50 billion objects connected to the Internet [6]. This estimates that for each person on earth there will be 6.6 objects online. The earth will be blanketed with millions of sensors gathering information from physical objects and will upload it to the Internet.
It is suggested that application of IoT is yet in the early stage but is beginning to evolve rapidly [7], [8]. An overview of IoT in building automation system is given in [9]. It is suggested in [10] that various industries have a growing interest towards use of IoT. Various applications of IoT in health care industries are discussed in [11], [12] and the improvement opportunities in health care brought in by IoT will be enormous [13].
It has been predicted that IoT will contribute in the making the mining production safer [14] and the forecasting of disaster will be made possible. It is expected that IoT will transform the automobile services and transportation systems [15]. As more physical objects will be equipped with sensors and RFID tags transportation companies will be able to track and monitor the object movement from origin to destination [16], thus IoT shows promising behavior in the logistics industry as well.
With so many applications eying to adapt the technology with the intentions to contribute in the growth of economy, www.ijacsa.thesai.org 1 | P a g e health care facility, transportation and a better life style for the public, IoT must offer adequate security to their data to encourage the adaptation process.

B. Security Challenges in IoT:
To adopt the IoT technology it is necessary to build the confidence among the users about its security and privacy that it will not cause any serious threat to their data integrity, confidentiality and authority. Intrinsically IoT is vulnerable to various types of security threats, if necessary security measures are not taken there will be a threat of information leakage or could prove a damage to economy [17], [18]. Such threats may be considered as one of the major hindrance in IoT [19], [20].
IoT is extremely open to attacks [21], [22], for the reasons that there is a fair chance of physical attack on its components as they remain unsupervised for long time. Secondly, due to the wireless communication medium, the eavesdropping is extremely simple. Lastly the constituents of IoT bear low competency in terms of energy with which they are operated and also in terms of computational capability. The implementation of conventional computationally expensive security algorithms will result in the hindrance on the performance of the energy constrained devices.
It is predicted that substantial amount of data is expected to be generated while IoT is used for monitoring purposes and it is vital to preserve unification of data [23]. Precisely, data integrity and authentication are the matters of concern.
From a high level perspective, IoT is composed of three components namely, Hardware, Middleware and Presentation [1]. Hardware consists of sensors and actuators, the Middleware provides storage and computing tools and the presentation provides the interpretation tools accessible on different platforms. It is not feasible to process the data collected from billions of sensors, context-aware Middleware solutions are proposed to help a sensor decide the most important data for processing [24]. Inherently the architecture of IoT does not offer sufficient margin to accomplish the necessary actions involved in the process of authentication and data integrity. The devices in the IoT such as RFID are questionable to achieve the fundamental requirements of authentication process that includes constant communication with the servers and exchange messages with nodes.
In secure systems the confidentiality of the data is maintained and it is made sure that during the process of message exchange the data retains its originality and no alteration is unseen by the system. The IoT is composed of many small devices such as RFIDs which remain unattended for extended times, it is easier for the adversary to access the data stored in the memory [25]. To provide the immunity against Sybil attacks in RFID tags, received signal strength indication (RSSI) based methodologies are used in [26], [27], [28] and [29].
Many solutions have been proposed for the wireless sensor networks which consider the sensor as a part of Internet connected via nodes [30]. However, in IoT the sensor nodes themselves are considered as the Internet nodes making the authentication process even more significant. The integrity of the data also becomes vital and requires special attention towards retaining its reliability.

C. Motivation And Organization of Paper
Recently a study by HP reveals that 70% of the devices in IoT are vulnerable to attacks [31]. An attack can be performed by sensing the communication between two nodes which is known as a man-in-the-middle attack. No reliable solution has been proposed to cater such attacks. Encryption however could lead to minimize the amount of damage done to the data integrity. To assure data unification while it is stored on the middle ware and also during the transmission it is necessary to have a security mechanism. Various cryptographic algorithms have been developed that addresses the said matter, but their utilization in IoT is questionable as the hardware we deal in the IoT are not suitable for the implementation of computationally expensive encryption algorithms. A trade-off must be done to fulfil the requirement of security with low computational cost.
In this paper, we proposed a lightweight cryptographic algorithm for IoT named as Secure IoT (SIT). The proposed algorithm is designed for IoT to deal with the security and resource utilization challenges mentioned in section I-B. The rest of the paper is organized as follows, in section II, a short literature review is provided for the past and contemporary lightweight cryptographic algorithms, in section III, the detail architecture and functioning of the proposed algorithm is presented. Evaluation of SIT and experimental setup is discussed in section V. Conclusion of the paper is presented in section VII.

II. CRYPTOGRAPHIC ALGORITHMS FOR IOT:
The need for the lightweight cryptography have been widely discussed [32], [33], [34], also the shortcomings of the IoT in terms of constrained devices are highlighted. There in fact exist some lightweight cryptography algorithms that does not always exploit security-efficiency trade-offs. Amongst the block cipher, stream cipher and hash functions, the block ciphers have shown considerably better performances.
A new block cipher named mCrypton is proposed [35]. The cipher comes with the options of 64 bits, 96 bits and 128 bits key size. The architecture of this algorithm is followed by Crypton [36] however functions of each component is simplified to enhance its performance for the constrained hardware. In [37] the successor of Hummingbird-1 [38] is proposed as Hummingbird-2(HB-2). With 128 bits of key and a 64 bit initialization vector Hummingbird-2 is tested to stay unaffected by all of the previously known attacks. However the cryptanalysis of HB-2 [39] highlights the weaknesses of the algorithm and that the initial key can be recovered. [40] studied different legacy encryption algorithms including RC4, IDEA and RC5 and measured their energy consumption. They computed the computational cost of the RC4 [41], IDEA [42] and RC5 ciphers on different platforms. However, various existing algorithms were omitted during the study.
TEA [43], Skipjack [44] and RC5 algorithms have been implemented on Mica2 hardware platform [45]. To measure the energy consumption and memory utilization of the ciphers Mica2 was configured in single mote. Several block ciphers including AES [46], XXTEA [47], Skipjack and RC5 have been implemented [48], the energy consumption and execution time is measured. The results show that in the AES algorithm the size of the key has great impact on the phases of encryption, decryption and key setup i-e the longer key size results in extended execution process. RC5 offers diversified parameters i-e size of the key, number of rounds and word size can be altered. Authors have performed variety of combinations to find out that it took longer time to execute if the word size is increased. Since key setup phase is not involved in XXTEA and Skipjack, they drew less energy but their security strength is not as much as AES and RC5. [49] proposed lightweight block cipher Simon and Speck to show optimal results in hardware and software respectively. Both ciphers offer a range of key size and width, but atleast 22 numbers of round require to perform sufficient encryption. Although the Simon is based on low multiplication complexity but the total number of required mathematical operation is quite high [50], [51] III. PROPOSED ALGORITHM The architecture of the proposed algorithm provides a simple structure suitable for implementing in IoT environment. Some well known block cipher including AES (Rijndael) [46], 3-Way [52], Grasshopper [53], PRESENT [54], SAFER [55], SHARK [56], and Square [57] use Substitution-Permutation (SP) network. Several alternating rounds of substitution and transposition satisfies the Shannon's confusion and diffusion properties that ensues that the cipher text is changed in a pseudo random manner. Other popular ciphers including SF [58], Blowfish [59], Camelia [60] and DES [61], use the feistel architecture. One of the major advantage of using feistel architecture is that the encryption and decryption operations are almost same. The proposed algorithm is a hybrid approach based on feistel and SP networks. Thus making use of the properties of both approaches to develop a lightweight algorithm that presents substantial security in IoT environment while keeping the computational complexity at moderate level.
SIT is a symmetric key block cipher that constitutes of 64-bit key and plain-text. In symmetric key algorithm the encryption process consists of encryption rounds, each round is based on some mathematical functions to create confusion and diffusion. Increase in number of rounds ensures better security but eventually results in increase in the consumption of constrained energy [62]. The cryptographic algorithms are usually designed to take on an average 10 to 20 rounds to keep the encryption process strong enough that suits the requirement of the system. However the proposed algorithm is restricted to just five rounds only, to further improve the energy efficiency, each encryption round includes mathematical operations that operate on 4 bits of data. To create sufficient confusion and diffusion of data in order to confront the attacks, the algorithm utilizes the feistel network of substitution diffusion functions. The details of SIT design is discussed in section III-A and III-B.
Another vital process in symmetric key algorithms is the generation of key. The key generation process involves complex mathematical operations. In WSN environment these operations can be performed wholly on decoder [58], [63], [64], on the contrary in IoT the node themselves happens to serve as the Internet node, therefore, computations involved in the process of key generation must also be reduced to the extent that it ensures necessary security. In the sub-sections the process of key expansion and encryption are discussed in detail. Some notations used in the explanation are shown in Table I Notation Function XOR XNOR + +, Concatenation  The most fundamental component in the processes of encryption and decryption is the key. It is this key on which entire security of the data is dependent, should this key be known to an attacker, the secrecy of the data is lost. Therefore necessary measures must be taken into account to make the revelation of the key as difficult as possible. The feistel based encryption algorithms are composed of several rounds, each round requiring a separate key. The encryption/decryption of the proposed algorithm is composed of five rounds, therefore, we require five unique keys for the said purpose. To do so, we introduce a key expansion block which is described in this section.
To maintain the security against exhaustive search attack the length of the true key k t must be large so that it becomes beyond the capability of the enemy to perform 2 kt−1 encryptions for key searching attacks. The proposed algorithm is a 64bit block cipher, which means it requires 64-bit key to encrypt 64-bits of data. A cipher key (Kc) of 64-bits is taken as an input from the user. This key shall serve as the input to the key expansion block. The block upon performing substantial operations to create confusion and diffusion in the input key will generate five unique keys. These keys shall be used in the encryption/decryption process and are strong enough to remain indistinct during attack.
The architecture of the key expansion block is shown in Fig. 1. The block uses an f -function which is influenced by tweaked Khazad block cipher [65]. Khazad is not a feistel cipher and it follows wide trial strategy. The wide trial strategy is composed of several linear and non-linear transformations that ensures the dependency of output bits on input bits in a complex manner [66]. Detailed explanation of the components of key expansion are discussed below: • In the first step the 64-bit cipher key (Kc) is divided into the segments of 4-bits. • The f -function operates on 16-bits data. Therefore four f -function blocks are used. These 16-bits for each ffunction are obtained after performing an initial substitution of segments of cipher key (Kc) as shown in equation (1).
where i = 1 to 4 for first 4 round keys as shown in Fig.  1. • The next step is to get Ka i f by passing the 16-bits of Kb i f to the f -function as shown in equation (2).

B. Encryption
After the generation of round keys the encryption process can be started. For the purpose of creating confusion and diffusion this process is composed of some logical operations, left shifting, swapping and substitution. The process of encryption is illustrated in Fig. 3. For the first round an array of 64

Fig. 3: Encryption Process
bit plain text (Pt) is first furcated into four segments of 16 bits P x 0−15 , P x 16−31 , P x 32−47 and P x 48−63 . As the bits progresses in each round the swapping operation is applied so as to diminish the data originality by altering the order of bits, essentially increasing confusion in cipher text. Bitwise XNOR operation is performed between the respective round key K i obtained earlier from key expansion process and P x 0−15 and the same is applied between K i and P x 48−63 resulting in Ro 11 and Ro 14 respectively. The output of XNOR operation is then fed to the f -function generating the result Ef l1 and Ef r1 as shown in Fig. 1.
The f -function used in encryption is the same as of key expansion, comprised of swapping and substitution operations the details of which are discussed earlier in section III-A.
Bitwise XOR function is applied between Ef l1 & P x 32−47 to obtain Ro 12 and Ef r1 & P x 16−31 to obtain Ro 13 .
Finally a round transformation is made in such a way that for succeeding round Ro 11 will become P x 16−31 , Ro 12 will become P x 0−15 , Ro 13 will become P x 48−63 and Ro 13 will become P x 32−47 as shown in Fig. 3.
Same steps are repeated for the remaining rounds using equation (12). The results of final round are concatenated to obtain Cipher Text (Ct) as shown in equation (13).

IV. SECURITY ANALYSIS
The purpose of a cipher is to provide protection to the plaintext. The attacker intercepts the ciphertext and tries to recover the plain text. A cipher is considered to be broken if the enemy is able to determine the secret key. If the attacker can frequently decrypt the ciphertext without determining the secret key, the cipher is said to be partially broken. We assume that the enemy has complete access of what is being transmitted through the channel. The attacker may have some additional information as well but to assess the security of a cipher, the computation capability of the attacker must also be considered.
Since the proposed algorithm is a combination of feistel and uniform substitution -combination network, it benefits from existing security analysis. In the following a the existing security analysis of these two primitives are recalled and their relevancy with the proposed algorithm is discussed.

A. Linear and Differential Cryptanalysis
The f -function is inspired by [65] whose cryptanalysis shows that differential and linear attacks does not have the succeed for complete cipher. The input and output correlation is very large if the linear approximation is done for two rounds. Also the round transformation is kept uniform which treats every bit in a similar manner and provides opposition to differential attacks.

B. Weak Keys
The ciphers in which the non-linear operations depend on the actual key value maps the block cipher with detectable weakness. Such case occurs in [66]. However proposed algorithm does not use the actual key in the cipher, instead the is first XORed and then fed to the f -function. In the f -function all the non-linearity is fixed and there is no limitation on the selection of key.
www.ijacsa.thesai.org Pre-Print Version, Original article is available at (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017

C. Related Keys
An attack can be made by performing cipher operations using unknown or partially known keys. The related key attack mostly relies upon either slow diffusion or having symmetry in key expansion block. The key expansion process of proposed algorithm is designed for fast and non-linear diffusion of cipher key difference to that of round keys.

D. Interpolation Attacks
These attacks are dependent upon the simple structures of the cipher components that may yield a rational expression with a handy complexity. The expression of the S-box of the proposed algorithm along with the diffusion layer makes such type of attack impracticable.

E. SQUARE Attack
This attack was presented by [65] to realize how efficiently the algorithm performs against it. The attack is able to recover one byte of the last key and the rest of keys can be recovered by repeating the attack eight times. However to be able to do so, the attack requires 2 8 key guesses by 2 8 plaintexts which is equal to 2 16 S-box lookups.

A. Evaluation Parameters
To test the security strength of the proposed algorithm, the algorithm is evaluated on the basis of the following criterion. Key sensitivity, effect of cipher on the entropy, histogram and correlation of the image. We further tested the algorithm for computational resource utilization and computational complexity. For this we observe the memory utilization and total computational time utilized by the algorithm for the key generation, encryption and decryption.
1) Key Sensitivity: An encryption algorithm must be sensitive to the key. It means that the algorithm must not retrieve the original data if the key has even a minute difference from the original key. Avalanche test is used to evaluate the amount of alterations occurred in the cipher text by changing one bit of the key or plain text. According to Strict Avalanche Criterion SAC [67] if 50% of the bits are changed due to one bit change, the test is considered to be perfect. To visually observe this effect, we decrypt the image with a key that has a difference of only one bit from the correct key.
2) Execution Time: One of the fundamental parameter for the evaluation of the algorithm is the amount of time it takes to encode and decode a particular data. The proposed algorithm is designed for the IoT environment must consume minimal time and offer considerable security.
3) Memory Utilization: Memory utilization is a major concern in resource constrain IoT devices. An encryption algorithm is composed of several computational rounds that may occupy significant memory making it unsuitable to be utilized in IoT. Therefore the proposed algorithm is evaluated in terms of its memory utilization. Smaller amount of memory engagement will be favourable for its deployment in IoT.

4) Image Histogram:
A method to observe visual effect of the cipher is to encrypt an image with the proposed algorithm and observe the randomness it produces in the image. To evaluate the generated randomness, histogram of the image is calculated. A uniform histogram after encryption depicts appreciable security.

5) Image Entropy:
The encryption algorithm adds extra information to the data so as to make it difficult for the intruder to differentiate between the original information and the one added by the algorithm. We measure the amount of information in terms of entropy, therefore it can be said that higher the entropy better is the performance of security algorithm. To measure the entropy (H) for an image, equation (14) is applied on the intensity (I) values P (I i ) being the probability of intensity value I i .
6) Correlation: The correlation between two values is a statistical relationship that depicts the dependency of one value on another. Data points that hold substantial dependency has a significant correlation value. A good cipher is expected to remove the dependency of the cipher text from the original message. Therefore no information can be extracted from the cipher alone and no relationship can be drawn between the plain text and cipher text. This criterion is best explained by Shannon in his communication theory of secrecy systems [68].
In this experiment we calculated the correlation coefficient for original and encrypted images. The correlation coefficient γ is calculated using equation (15). For ideal cipher case γ should be equal to 0 and for the worst case γ will be equal to 1.
where cov(x, y), D(x) and D(y) are covariance and variances of variable x and y respectively. The spread of values or variance of any single dimension random variable can be calculated using equation (16). Where D(x) is the variance of variable x.
For the covariance between two random variables the equation (16) can be transformed into equation (17). Where cov(x, y) is the covariance between two random variables x and y. www.ijacsa.thesai.org In equation (16) and (17) E(x) and E(y) are the expected values of variable x and y. The expectation can be calculated using equation (18).
where N is the total pixels of the image, N = row × col, x is a vector of length N and x i is the ith intensity values of the original image.

B. Results
The simulation of the algorithm is done to perform the standard tests including Avalanche and image entropy and histogram on Intel Core i7-3770@3.40 GHz processor using MATLAB R . To evaluate the performance in the real IoT environment we implemented the algorithm on ATmega 328 based Ardinuo Uni board as well. The memory utilization and execution time of the proposed algorithm is observed. The execution time is found to be 0.188 milliseconds and 0.187 milliseconds for encryption and decryption respectively, the proposed algorithm utilizes the 22 bytes of memory on ATmega 328 platform. We compare our algorithm with other algorithms being implemented on hardware as shown in table IV. Block and key size is in bits while code and RAM is in bytes. The cycles include key expansions along with encryption and decryption.
The Avalanche test of the algorithm shows that a single bit change in key or plain text brings around 49% change in the cipher bits, which is close to the ideal 50% change. The results in Fig. 4 show that the accurate decryption is possible only if the correct key is used to decrypt image, else the image remains non recognizable. For a visual demonstration of avalanche test, the wrong key has a difference of just bit from the original key, the strength of the algorithm can be perceived from this result. To perform entropy and histogram tests we have chosen five popular 8-bits grey scale images. Further in the results of histogram in Fig. 5 for the original and encrypted image, the uniform distribution of intensities after the encryption is an indication of desired security. An 8-bits grey scale image can achieve a maximum entropy of 8 bits. From the results in table V, it can be seen that the entropy of all encrypted images is close to maximum, depicting an attribute of the algorithm.
Finally the correlation comparison in Fig. 6 illustrates the contrast between original and encrypted data. Original data, which in our case is an image can be seen to be highly correlated and detaining a high value for correlation coefficient. Whereas the encrypted image does not seem to have any correlation giving strength to our clause in section V-A6  For future research, the implementation of the algorithm on hardware and software in various computation and network environment is under consideration. Moreover, the algorithm can be optimized in order to enhance the performance according to different hardware platforms. Hardware like FPGA performs the parallel execution of the code, the implementation of the proposed algorithm on an FPGA is expected to provide high throughput. The scalability of algorithm can be exploited for www.ijacsa.thesai.org

VII. CONCLUSION
In the near future Internet of Things will be an essential element of our daily lives. Numerous energy constrained devices and sensors will continuously be communicating with each other the security of which must not be compromised. For this purpose a lightweight security algorithm is proposed in this paper named as SIT. The implementation show promising results making the algorithm a suitable candidate to be adopted in IoT applications. In the near future we are interested in the detail performance evaluation and cryptanalysis of this algorithm on different hardware and software platforms for possible attacks.