A dynamic data encryption method based on addressing the data importance on the internet of things

The rapid growth of internet of things (IoT) in multiple areas brings research challenges closely linked to the nature of IoT technology. Therefore, there has been a need to secure the collected data from IoT sensors in an efficient and dynamic way taking into consideration the nature of collected data due to its importance. So, in this paper, a dynamic algorithm has been developed to distinguish the importance of data collected and apply the suitable security approach for each type of data collected. This was done by using hybrid system that combines block cipher and stream cipher systems. After data classification using machine learning classifiers the less important data are encrypted using stream cipher (SC) that use rivest cipher 4 algorithm, and more important data encrypted using block cipher (BC) that use advanced encryption standard algorithm. By applying a performance evaluation using simulation, the proposed method guarantees that it encrypts the data with less central processing unit (CPU) time with improvement in the security over the data by using the proposed hybrid system

Toward Lightweight Cryptography: A Survey

The main problem in Internet of Things (IoT) security is how to find lightweight cryptosystems that are suitable for devices with limited capabilities. In this paper, a comprehensive literature survey that discusses the most prominent encryption algorithms used in device security in general and IoT devices in specific has been conducted. Many studies related to this field have been discussed to identify the most technical requirements of lightweight encryption systems to be compatible with variances in IoT devices. Also, we explored the results of security and performance of the AES algorithm in an attempt to study the algorithm performance for keeping an acceptable security level which makes it more adaptable to IoT devices as a lightweight encryption system

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements

FPGA-based Assessment of Midori and GIFT Lightweight Block Ciphers

Lightweight block ciphers are today of paramount importance to provide security services in constrained environments. Recent studies have questioned the security properties of PRESENT, which makes it evident the need to study alternative ciphers. In this work we provide hardware architectures for Midori and GIFT, and compare them against implementations for PRESENT and GIMLI under fair conditions. The hardware description for our designs is made publicly available

Hardware security design from circuits to systems

The security of hardware implementations is of considerable importance, as even the most secure and carefully analyzed algorithms and protocols can be vulnerable in their hardware realization. For instance, numerous successful attacks have been presented against the Advanced Encryption Standard, which is approved for top secret information by the National Security Agency. There are numerous challenges for hardware security, ranging from critical power and resource constraints in sensor networks to scalability and automation for large Internet of Things (IoT) applications. The physically unclonable function (PUF) is a promising building block for hardware security, as it exposes a device-unique challenge-response behavior which depends on process variations in fabrication. It can be used in a variety of applications including random number generation, authentication, fingerprinting, and encryption. The primary concerns for PUF are reliability in presence of environmental variations, area and power overhead, and process-dependent randomness of the challenge-response behavior. Carbon nanotube field-effect transistors (CNFETs) have been shown to have excellent electrical and unique physical characteristics. They are a promising candidate to replace silicon transistors in future very large scale integration (VLSI) designs. We present the Carbon Nanotube PUF (CNPUF), which is the first PUF design that takes advantage of unique CNFET characteristics. CNPUF achieves higher reliability against environmental variations and increases the resistance against modeling attacks. Furthermore, CNPUF has a considerable power and energy reduction in comparison to previous ultra-low power PUF designs of 89.6% and 98%, respectively. Moreover, CNPUF allows a power-security tradeoff in an extended design, which can greatly increase the resilience against modeling attacks. Despite increasing focus on defenses against physical attacks, consistent security oriented design of embedded systems remains a challenge, as most formalizations and security models are concerned with isolated physical components or a high-level concept. Therefore, we build on existing work on hardware security and provide four contributions to system-oriented physical defense: (i) A system-level security model to overcome the chasm between secure components and requirements of high-level protocols; this enables synergy between component-oriented security formalizations and theoretically proven protocols. (ii) An analysis of current practices in PUF protocols using the proposed system-level security model; we identify significant issues and expose assumptions that require costly security techniques. (iii) A System-of-PUF (SoP) that utilizes the large PUF design-space to achieve security requirements with minimal resource utilization; SoP requires 64% less gate-equivalent units than recently published schemes. (iv) A multilevel authentication protocol based on SoP which is validated using our system-level security model and which overcomes current vulnerabilities. Furthermore, this protocol offers breach recognition and recovery. Unpredictability and reliability are core requirements of PUFs: unpredictability implies that an adversary cannot sufficiently predict future responses from previous observations. Reliability is important as it increases the reproducibility of PUF responses and hence allows validation of expected responses. However, advanced machine-learning algorithms have been shown to be a significant threat to the practical validity of PUFs, as they can accurately model PUF behavior. The most effective technique was shown to be the XOR-based combination of multiple PUFs, but as this approach drastically reduces reliability, it does not scale well against software-based machine-learning attacks. We analyze threats to PUF security and propose PolyPUF, a scalable and secure architecture to introduce polymorphic PUF behavior. This architecture significantly increases model-building resistivity while maintaining reliability. An extensive experimental evaluation and comparison demonstrate that the PolyPUF architecture can secure various PUF configurations and is the only evaluated approach to withstand highly complex neural network machine-learning attacks. Furthermore, we show that PolyPUF consumes less energy and has less implementation overhead in comparison to lightweight reference architectures. Emerging technologies such as the Internet of Things (IoT) heavily rely on hardware security for data and privacy protection. The outsourcing of integrated circuit (IC) fabrication introduces diverse threat vectors with different characteristics, such that the security of each device has unique focal points. Hardware Trojan horses (HTH) are a significant threat for IoT devices as they process security critical information with limited resources. HTH for information leakage are particularly difficult to detect as they have minimal footprint. Moreover, constantly increasing integration complexity requires automatic synthesis to maintain the pace of innovation. We introduce the first high-level synthesis (HLS) flow that produces a threat-targeted and security enhanced hardware design to prevent HTH injection by a malicious foundry. Through analysis of entropy loss and criticality decay, the presented algorithms implement highly resource-efficient targeted information dispersion. An obfuscation flow is introduced to camouflage the effects of dispersion and reduce the effectiveness of reverse engineering. A new metric for the combined security of the device is proposed, and dispersion and obfuscation are co-optimized to target user-supplied threat parameters under resource constraints. The flow is evaluated on existing HLS benchmarks and a new IoT-specific benchmark, and shows significant resource savings as well as adaptability. The IoT and cloud computing rely on strong confidence in security of confidential or highly privacy sensitive data. As (differential) power attacks can take advantage of side-channel leakage to expose device-internal secrets, side-channel leakage is a major concern with ongoing research focus. However, countermeasures typically require expert-level security knowledge for efficient application, which limits adaptation in the highly competitive and time-constrained IoT field. We address this need by presenting the first HLS flow with primary focus on side-channel leakage reduction. Minimal security annotation to the high-level C-code is sufficient to perform automatic analysis of security critical operations with corresponding insertion of countermeasures. Additionally, imbalanced branches are detected and corrected. For practicality, the flow can meet both resource and information leakage constraints. The presented flow is extensively evaluated on established HLS benchmarks and a general IoT benchmark. Under identical resource constraints, leakage is reduced between 32% and 72% compared to the baseline. Under leakage target, the constraints are achieved with 31% to 81% less resource overhead

High throughput FPGA Implementation of Data Encryption Standard with time variable sub-keys

The Data Encryption Standard (DES) was the first modern and the most popular symmetric key algorithm used for encryption and decryption of digital data. Even though it is nowadays not considered secure against a determined attacker, it is still used in legacy applications. This paper presents a secure and high-throughput Field Programming Gate Arrays (FPGA) implementation of the Data Encryption Standard algorithm. This is achieved by combining 16 pipelining concept with time variable sub-keys and compared with previous illustrated encryption algorithms. The sub-keys vary over time by changing the key schedule permutation choice 1. Therefore, every time the plaintexts are encrypted by different sub-keys. The proposed algorithm is implemented on Xilinx Spartan-3e (XC3s500e) FPGA. Our DES design achieved a data encryption rate of 10305.95 Mbit/s and 2625 number of occupied CLB slices. These results showed that the proposed implementation is one of the fastest hardware implementations with much greater security

Enhanced image encryption scheme with new mapreduce approach for big size images

Achieving a secured image encryption (IES) scheme for sensitive and confidential data communications, especially in a Hadoop environment is challenging. An accurate and secure cryptosystem for colour images requires the generation of intricate secret keys that protect the images from diverse attacks. To attain such a goal, this work proposed an improved shuffled confusion-diffusion based colour IES using a hyper-chaotic plain image. First, five different sequences of random numbers were generated. Then, two of the sequences were used to shuffle the image pixels and bits, while the remaining three were used to XOR the values of the image pixels. Performance of the developed IES was evaluated in terms of various measures such as key space size, correlation coefficient, entropy, mean squared error (MSE), peak signal to noise ratio (PSNR) and differential analysis. Values of correlation coefficient (0.000732), entropy (7.9997), PSNR (7.61), and MSE (11258) were determined to be better (against various attacks) compared to current existing techniques. The IES developed in this study was found to have outperformed other comparable cryptosystems. It is thus asserted that the developed IES can be advantageous for encrypting big data sets on parallel machines. Additionally, the developed IES was also implemented on a Hadoop environment using MapReduce to evaluate its performance against known attacks. In this process, the given image was first divided and characterized in a key-value format. Next, the Map function was invoked for every key-value pair by implementing a mapper. The Map function was used to process data splits, represented in the form of key-value pairs in parallel modes without any communication between other map processes. The Map function processed a series of key/value pairs and subsequently generated zero or more key/value pairs. Furthermore, the Map function also divided the input image into partitions before generating the secret key and XOR matrix. The secret key and XOR matrix were exploited to encrypt the image. The Reduce function merged the resultant images from the Map tasks in producing the final image. Furthermore, the value of PSNR did not exceed 7.61 when the developed IES was evaluated against known attacks for both the standard dataset and big data size images. As can be seen, the correlation coefficient value of the developed IES did not exceed 0.000732. As the handling of big data size images is different from that of standard data size images, findings of this study suggest that the developed IES could be most beneficial for big data and big size images