Farooq et al.

EURASIP Journal on Wireless Communications and

Networking (2019) 2019:210
https://doi.org/10.1186/s13638-019-1531-0

R ES EA R CH Open Access

Efficient adaptive framework for

securing the Internet of Things devices
Umer Farooq* , Najam Ul Hasan, Imran Baig and Naeem Shehzad

Abstract
The research on the Internet of Things (IoT) has made huge strides forward in the past couple of years. IoT has its
applications in almost every walk of life, and it is being regarded as the next big thing that can change the way
humans perceive about their daily life. Smart IoT devices of heterogeneous nature make an essential part of modern
day IoT-based systems. The security of these devices is of paramount importance as they handle an enormous
amount of critical data and its breach can lead to potentially life-threatening situations. To secure the IoT devices of
heterogeneous nature, we formulated a weighted optimization problem in this work. The objective function of this
problem is to secure the IoT devices while finding the best trade-off between their resource usage and throughput.
To achieve the objective, we consider a pool of five different implementations of Advanced Encryption Standard (AES)
cryptographic schemes that offer varied resources and throughput numbers. These implementation schemes are
mapped to IoT devices of heterogeneous nature. The mapping is performed through a novel adaptive framework that
can consider different weights for resources and throughput to eventually find the best trade-off between the
resources and throughput of an IoT-based system. This framework considers the resource and throughput
requirements of different IoT devices and uses the Hungarian algorithm to adaptively map different AES
implementations on them. Extensive experimentation is performed where the best trade-off is found through varying
resource and throughput weight combinations. The comparison of the proposed framework with random and
greedy approaches is also performed. Comparison results show that the proposed framework adaptively secures the
IoT-based system while providing better resource usage and throughput results. The proposed framework provides,
on average, 11% and 17% better throughput and 3% and 13% better resource usage results as compared to random
and greedy approach, respectively.
Keywords: IoT, Security, Adaptive Framework, AES algorithm, Cryptography

1 Introduction is further aided by ever improving design process and

The Internet of Things (IoT) is a paradigm that has miniaturizing processing technologies [3]. The improved
seen enormous popularity in last few years. A formal communication protocols and better design process have
definition of IoT does not exist yet. However, a loose resulted in devices with increased computing capabilities,
interpretation of IoT is that it provides internet-based higher data rate, and more energy storage capacities. At
services that involve human-to-thing, thing-to-thing, and the same time, the IoT devices are becoming smaller in
thing-to-things communications [1]. Entities of varied size and more efficient in terms of performance. The tech-
nature can interact with each other through IoT. These nological advances in software as well as hardware have
entities include humans, sensors, computing devices, or tremendously increased the number of smart devices con-
potentially anything that can give/receive services [2]. nected to the internet, and this number is expected to
The striking emergence of IoT is a result of the rapid grow exponentially in future with the advent of new com-
advancement in various communication protocols which munication technologies. The importance of these devices
and the level of services that could be provided by them
*Correspondence: [email protected] in the future is limited by human imagination only. Some
Department of Electrical and Computer Engineering, Dhofar University, of the possible applications of IoT are smart vehicles,
Salalah, Oman

© The Author(s). 2019 Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0
International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and
reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the
Creative Commons license, and indicate if changes were made.
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 2 of 13

smart buildings, health monitoring systems, environmen- Advanced Encryption Standard (AES) is a commonly used
tal monitoring, and food supply chain [3]. cryptographic scheme that uses a symmetric cipher to
The aforementioned applications of IoTs indicate that achieve the highest possible security level. AES has robust
IoT-based systems have to handle an enormous amount security properties, and its implementation is simple both
of data which includes information about smart cars, in software as well as hardware. It is an iterative, round-
industrial plants, health monitoring systems, and smart based, and symmetric algorithm that supports different
buildings [4]. The amount and type of data handled by key sizes. Standard implementation of AES requires a
IoTs require efficient algorithms for data processing and large number of hardware resources and is not normally
analysis [5, 6]. Authors in [7] have proposed smart solu- recommended for resource-limited IoT edge nodes. How-
tions for big data collection, processing, and analysis of ever, nowadays, the logic capacity of the IoT devices is
IoT-based systems. Moreover, the simple data collection larger than ever before. This is because of the optimized
and analysis for IoT-based systems is not enough. This design process and miniaturized processing technologies.
is because of the fact that the type of data usually han- Moreover, the efficient implementations of AES [22, 23]
dled by IoTs is of very critical nature and this makes have made it a suitable candidate that can offer a solution
IoT-based systems an interesting target for different kinds to the security challenges of IoT-based systems. In this
of adversaries. For example, potential attackers might be regard, authors in [24] have presented an efficient imple-
interested in stealing location information, financial infor- mentation of AES for IoT devices. Authors in [14] also
mation, or health-related records from IoT-based systems. proposed the use of AES for IoT devices. But, both afore-
Furthermore, they can compromise the IoT components mentioned propositions are static in nature. Both propo-
to subsequently launch security attacks against third- sitions consider only single AES implementation and do
party entities. The theft/compromise of any information not take into account the heterogeneous nature of IoT
may result in poor confidentiality, lower integrity, and devices. This kind of approach can be unjustified owing
smaller availability of IoT devices. This could eventually to the varied constraints of the different IoT devices.
lead to even life-threatening situations [8–11]. There- Furthermore, these implementations neither consider any
fore, for safe and reliable operation of IoT-based systems, reference IoT system model and nor take into account any
security becomes the fundamental enabler where the con- resource/throughput constraints of the IoT-based system.
fidentiality, authenticity, and integrity of the IoT data is Contrary to the aforecited work, in this work, we pro-
ensured [12]. pose an adaptive framework that considers five differ-
There is no doubt that the security is of paramount ent AES implementation schemes [22] for IoT devices.
importance in the IoT devices. However, the way to best Based on their implementation, these schemes offer dif-
implement the security in IoT-based systems is debatable ferent resource and throughput values. In order to best
[13]. IoT-based systems have normally multiple layers. exploit the diverse resource and throughput requirements
The number of layers may vary depending upon the refer- of IoT devices, we propose an optimization model that
ence model under consideration. But, all of them usually finds the best scheme owing to a weighted distribu-
have at least three common layers called the application tion of resource and throughput numbers. To get the
layer, the network layer, and the edge side layer [14]. The best trade-off between resource and throughput, we map
application and network layers can be protected through the optimization problem to a bipartite graph which is
firewalls and other well-established security protocols. solved using the Hungarian algorithm [25] subsequently.
But, the security of the deeply embedded edge side nodes To validate our results, we compare our schemes to those
is a challenging task. This situation is further aggravated obtained through the random and greedy approach as
because of the heterogeneous nature, varied resources, well. To the best of our knowledge, this is the first work
and different performance requirements of these nodes of its kind in the context of IoT-based systems. Although
[15]. Edge side nodes are normally susceptible to differ- some static implementations of AES algorithm can be
ent kinds of security attacks. Some examples of these found in literature [14, 24], they are very limited in their
attacks are hardware trojans [16], side-channel attacks scope and they do not take into account the heteroge-
[17], denial-of-service (DoS) attacks [18], and node repli- neous nature of IoT devices. In the context of security for
cation attacks [19]. There are several countermeasures like IoT devices, Table 1 presents a summary of the compar-
side-channel analysis, isolation, blocking, and implemen- ison between the proposed framework and the existing
tation of cryptographic schemes [14, 20, 21]. To secure the state-of-the-art work. In this table, column 1 gives the ref-
edge nodes, these countermeasures can be used against erence number and year of publication of the reference
the security attacks. Among these countermeasures, cryp- work. Column 2 describes the objective of each reference
tographic schemes are particularly popular. The cryp- work. Columns 3, 4, and 5 indicate the measures takes to
tographic schemes are generic, hardware independent, achieve the objective of the work. It can be seen from this
and offer high-level robustness to the IoT-based systems. table that our proposed framework is the only work that
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 3 of 13

Table 1 Summary of related work

Reference O1 E2 A3 H4 Remarks
[8], 2014 Identification of possible threats to wearable Discussion without proposing any solution
devices
[9], 2011 Mitigating passive attacks like  Rolling cryptographic protocol is used
eavesdropping and active attacks like
control of wearable devices
[10], 2008 Alleviating software attacks on wearable Zero power mitigation is used
devices
[13], 2017 Highlighting security issues in architecture Discussion on possible architectural threats
elements of IoTs without any solutions
[15], 2013 Identification of security challenges to Discussion without providing any solutions
embedded platforms
[16], 2016 To reduce the susceptibility of a circuit Vulnerability analysis of hardware circuit layout
layout to hardware trojan insertion is carried out
[17], 2016 To cope with the information leakage in Identified the reasons for physiological
wearable devices information leakage and suggested
countermeasures such as signal strength
reduction, information reduction and noise
addition
[18], 2013 To reduce the effect of DoS attacks Proposed modification in network routing
protocol by Parno et al [19]
[20], 2013 To increase the trojan detection sensitivity in   Use thermal and power maps for trojan
ICs detection
[21], 2004 To provide secured authentication for RFID   Used AES algorithm as a cryptographic
systems primitive
[22], 2017 Efficient implementation of AES for   Comparison of different AES implementation
embedded devices techniques for embedded devices
This work, 2018 Efficient resource and area throughput    Used matching algorithm to find the
based encryption scheme selection for encryption scheme
heterogeneous IoT devices
1
Objective
2
Encryption
3
AES
4
Hybrid

adaptively uses the AES cryptographic encryption scheme of resource and throughput constraints of IoT devices in
for the security of IoT devices of heterogeneous nature. an IoT-based system. Section 4 discusses the proposed
The main contributions of this work are also summarized adaptive framework that uses the weighted equations
as follows: and maps their values to a modified bipartite graph.
In this section, details about the optimization equation,
• An adaptive framework is proposed that considers weighted distribution, and optimization algorithm are
different AES implementation schemes for the given. Section 5 presents the experimental setup and
security of heterogeneous IoT devices. gives details about the five AES schemes that we consider
• The proposed framework finds the best trade-off for experimentation. This section also presents the com-
between the resources and throughput of an IoT- parison of proposed approach with random and greedy
based system through a mathematical optimization approaches. The paper is finally concluded in Section 6
model and a modified bipartite matching algorithm. with some discussion on the future work.
• Extensive experimentation is done and comparison is
performed with random and greedy approaches. 2 Reference IoT model
Different IoT models have been discussed in the past in
The rest of the paper is organized as follows. Section 2 various research publications but no standard model for
details the different reference models in the state-of-the- IoTs exists yet. For example, authors in [26] present a
art. This section also discusses the reference system model three-layered IoT model which was an extension of wire-
that we consider in this work. Section 3 discusses the less sensor networks (WSNs) and it was among the first
mathematical equations that consider the weighted values reference models for IoT-based systems. A more detailed
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 4 of 13

model was presented in [2] which was comprehensively end users. Finally, we have applications that collect the
extended by CISCO in 2014 [27] and has the potential analyzed data from a data center and provide the inter-
to be standardized for IoT-based systems. A three-layered pretation of that data which is then used by end users for
fog-based detection system was presented by [28] that specific purposes.
used a trust evaluation mechanism to detect internal To have a secure IoT-based system, considering a ref-
attacks at data level. In this work, however, we consider a erence IoT model is of pivotal importance. Without a
reference model similar to CISCO reference model and its reference IoT model it becomes quite difficult to have
pictorial presentation is given in Fig. 1. It can be seen from a global picture of an IoT-based system. Moreover, it
this figure that it is a multi-layered model. In this model, becomes even more challenging to identify the levels
at the bottom level, we have sensors that are attached where cryptographic schemes are required to be imple-
to different IoT devices. These devices are assumed to mented. In the reference model of Fig. 1, security at the
be heterogeneous in nature with different resource and higher levels can be ensured through network firewalls
performance requirements. In a secure IoT-based system, and well-developed protocols. Moreover, the devices at
these devices are of critical importance as the integrity and higher levels normally operate in protected environments
authenticity of data starts from this level upwards. It can and they are well beyond the reach of malicious attack-
be seen from the figure that next we have a gateway that ers. However, as we move towards the lower levels, the
sends/receives data from a public or private cloud. At the issue of security exacerbates and it becomes more chal-
gateway level, essential processing/computation of data is lenging to secure IoT devices. Specially from the gateway
also performed so that load on the lower level is reduced level onwards, we have to take into account the heteroge-
and a high response rate is ensured. Next in the level, we neous nature of IoT devices which usually have different
have data accumulation and data abstraction points. At resource capacities and diverse throughput constraints.
this level, data is stored and analyzed for upper level com- Furthermore, the lower level devices are usually in direct
puting servers. At this level, the data is stored, analyzed, access of attackers which makes them an attractive target
and formatted in such a way that the additional process- for all kinds of security attacks [16–19]. A few crypto-
ing on the data becomes easier; hence, eventually making graphic countermeasures against these attacks have been
it more meaningful for the higher level applications and proposed by [14, 24]. But these propositions are static

Fig. 1 Multi-layered reference IoT model

Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 5 of 13

in nature as they do not adapt as per the target IoT of IoT servers are needed to be deployed. Therefore, it
device requirements. Furthermore, they do not consider can be assumed that each IoT device is associated with
any IoT reference model. The static nature of these propo- one of these servers. The communication between the IoT
sitions can not justify different resource and throughput devices and servers takes place over the wireless link. To
requirements of various IoT nodes. In this work, we con- ensure a secure channel between the IoT device and the
sider the reference model shown in Fig. 1 and propose to IoT server, the data must be encrypted. But the heteroge-
use five different implementations [22] of AES algorithm. neous nature of IoT devices renders a uniform encryption
These techniques use different hardware implementation for all these devices infeasible. Therefore, IoT servers are
optimizations. For example, we use optimizations like assigned with an additional task of selecting the appropri-
pipe-lining, loop unrolling, and serial implementation in ate encryption scheme. This selection is based on mini-
different implementations. These techniques are applied mizing the resource and maximizing the throughput for
from gateway level downwards. As a results of the imple- an IoT-based system. There are a large number of IoT
mentation mechanism, these techniques give a variety servers, and a large number of IoT devices are associated
of area and throughput results. We use a pool of five with each of them. However, for the sake of simplicity, we
techniques as it gives us the choice to best satisfy the considered the case of just one IoT server without the loss
different resource and performance constraints of target of generality.
IoT device. Because, a single technique would have either For mathematical model, let there be N IoT devices
resulted in compromise of logical resources or throughput that are associated with an IoT server. After associating
or even both. with an IoT server, each ith IoT device sends its relevant
In order to best utilize these techniques for refer- information including its available resources Ri and the
ence IoT-based system, in this work, we first present a required demand in terms of its throughput Ti based on
mathematical system model. Next, we propose an adap- the running application. With the given information about
tive selection mechanism. This selection mechanism uses available resources and required throughput for each IoT
optimization equations of mathematical system model device associated with it, an IoT server assigns an encryp-
that consider weighted values of resource and through- tion scheme to each IoT device. There are total M number
put constraints of target IoT devices. Based on those of different encryption schemes. Each encryption scheme
constraints and available values of different AES imple- is also attributed with two parameters: first is the number
mentation techniques, a selection of the technique for a of resources required to implement this scheme, and sec-
particular device/gateway is made through the Hungar- ond is the maximum throughput it can provide to the IoT
ian algorithm. This process is applied on hundreds of devices. From a pool of M different encryption schemes,
IoT devices to improve the overall throughput of the IoT- the IoT server has to assign a certain scheme to each
based system while adaptively minimizing the resource device that is associated with it. The assignment should be
usage of IoT devices. Further details about the mathe- such that the overall throughput of the network is maxi-
matical system model, adaptive selection mechanism, and mized and the resources being used are minimized while
matching algorithm are given in the succeeding sections respecting the constraint of each individual IoT device.
of the paper. Since there are two objective functions of this problem, we
designed a weighted multi-objective optimization prob-
3 Mathematical system model lem, which can be mathematically written as follows:
As stated in Section 1, the objective of this work is to N M
adaptively secure an IoT-based system while finding the max i=1 k=1 (w1 f1 + (1 − w1 )f2 )xik
best trade-off between the resource and throughput con- s.t.

straints. For this purpose, it is important to first model C1 : N i=1 xik = 1 (1)
the system mathematically and later do the optimization C2 :Rdi > Rsk xik
using matching algorithm. To mathematically model an C3 :Tid < Tks xik
IoT-based system, in this paper, we considered an IoT net- The utility function of Eq. 1 is a weighted sum of two
work with three main entities namely sensors, IoT devices, functions i.e. f1 , f2 . The objective of f1 is to maximize the
and IoT servers (i.e. gateway). Sensors interact with the throughput and that of f2 is minimize the resource usage.
physical environment and collect the environmental infor- The mathematical expression for the two functions is as
mation. IoT devices acquire the data from these sensors follows:
and make it available to different applications via IoT Ti − Tmin
servers. The IoT network is usually characterized as a f1 = (2)
Tmin
dense network with a large number of IoT devices. These
devices are generating massive amounts of data. To han- Rmax − Ri
f2 = (3)
dle such a big amount of data, a significantly large number Rmax
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 6 of 13

The sum of the weights assigned to both f1 and f2 is equal matching solution consisting of edges in order to optimize
to 1, where w1 is the weight assigned to f1 and 1 − w1 certain objective function.
(also termed as w2 in Section 5) is the weight assigned For our problem, X and Y are considered to be the set of
to f2 and xik is the binary variable. The value of xik is 1 IoTs and the set of different encryption/implementation
if the k th scheme is assigned to the ith IoT device and 0 of the encryption schemes. A graph G(X, Y , E) is formed
otherwise. It can be seen from Eq. 1 that the optimiza- by drawing the edges Eij between X and Y. Each edge in
tion problem has also three constraints. The explanation this graph is drawn between the ith device and jth encryp-
of these constraints is as follows: tion scheme. The edge between ith device and jth encryp-
tion scheme is drawn if all the constraints mentioned in
• Constraint 1 (C1). Constraint 1 states that each IoT
the mathematical model of Section 3 are satisfied. In the
device must be assigned only one encryption scheme. graph, i ∈ X and j ∈ Y . Once the edges are drawn, each
• Constraint 2 (C2). This constraint states that the
edge is assigned a weight based on the objective function
resource required for the selected scheme should be defined for the optimization problem. For the sake of clar-
less than the resources available at the IoT device. ity, we take an example where X consists of four IoTs and
• Constraint 3 (C3). Constraint 3 states that the
Y consists of 2 encryption schemes. A graph G(X, Y , E)
throughput for the selected scheme should be greater is formed as shown in Fig. 2a. To solve the given opti-
than the required throughput of the IoT device. mization problem on the given graph, we have to apply
A description of symbols used in Eqs. 1, 2, and 3 is also a one to one matching algorithm. The outcome of this
given in Table 2. algorithm is that the IoT devices I1 and I3 are assigned
encryption scheme S1 and S2 , respectively. This is shown
4 Proposed adaptive framework with the solid-lined edge on the graph of Fig. 2a. But the
To solve the problem described in previous section, we problem with this solution is that only two out of four
opted a graph theory approach. We mapped this problem IoT devices (i.e., I1 and I3 ) are assigned an encryption
into a matching problem in the form of a weighted bipar- scheme, whereas I2 and I4 have not been assigned any of
tite graph. A bipartite graph is a graph of two disjoint sets, the encryption scheme. One solution to this problem is
i.e., X and Y such that X ∩ Y = ∞. The bipartite graph to modify the graph G and generate another graph G in
is unidirectional graph, in which the edges always point which we copy the schemes such that number of elements
in one direction that is X → Y . Moreover, in a weighted belonging to X and Y become equal. The modified graph
bipartite graph, each edge is also assigned a weight based G for the aforementioned example is shown in Fig. 2b.
on a specific criteria. Usually in such a kind of problem Now, if one to one matching algorithm is applied to this
where a weighted bipartite graph is involved, once a graph problem, the outcome of this is that each IoT device is
is formed, a matching algorithm is employed to find the assigned at least one scheme. For example, I1 and I4 are
assigned S1 , and I2 and I3 are assigned S2 as shown with
the solid-lined black edges of Fig. 2b. But there is still
Table 2 Symbol Description another problem given the same example which need to
Symbol Description
be addressed. For instance, if a scenario is encountered in
which S1 is the most efficient in terms of overall resource
N Number of IoT devices
utilization and throughput provision for a given set of IoT
M Number of candidate encryption schemes devices. In such a case, all of the four IoT devices need
Rdi Resources available at ith IoT device to be assigned the S1 encryption scheme. However, this
Rsk Minimum resources required to implement is not possible by solving G , because two out of four IoT
kth encryption scheme devices will still be assigned S1 and the remaining two will
Tid Required throughput for the ith IoT device be assigned S2 . To cope with this situation, the graph is
Tks Throughput given by the kth encryption modified to generate another graph G in which we have
scheme to copy all the schemes equal to the number of IoT devices
f1 Function to maximize the device throughput as shown in Fig. 2c. Also, since one to one matching algo-
of an IoT device rithms are applicable to only symmetric graph, we need
f2 Function to minimize the resources being to pad zeros as shown in Fig. 2c. Once we apply one to
used at an IoT device one matching on G both of the aforementioned prob-
Tmin Minimum throughput offered by any of the lems in graphs G and G are solved. Each IoT device can
M encryption scheme be assigned encryption scheme that suits best in terms
Rmax Maximum resources required by any of the of resource and throughput requirements. For instance in
M encryption scheme
Fig. 2c, each of the four IoT devices have been assigned
w Weight factor to set priority for f1 and f2 . a scheme S1 as shown with the solid-lined edges. A well
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 7 of 13

known one to one matching algorithm named Hungarian

is employed to solve the graph G . The steps involved in
the Hungarian algorithm are as follows:

1. Generate a square martrix Z of order K × K where

K = N× M.Each entry of Z is computed using
Zij = N i=1
M
k=1 (w1 f1 + (1 − w1 )f2 ).
2. The minimum value of each row of Z is subtracted
from that row which results in another matrix Z  .
3. The minimum value of each column of Z  is
subtracted from each entry in that column. This
results in a new matrix Z  .
4. Cross out the rows and columns Z  with all zeros
a entries. Terminate, if the number of crossed out rows
and columns are equal to the number of sensors used
in Step 2 and exit.
5. Find the minimal uncrossed entry of matrix Z  and
add to all the elements that crossed out both
horizontally and vertically and subtract it from all
uncrossed entries in Z  and return to step 3 with this
new updated coefficient matrix.

It is clear from the discussion presented in this section

that an IoT-based system is first mathematically modeled.
Next, the model is mapped to a modified bipartite graph.
Finally, the objective function of the model is adaptively
optimized using the Hungarian algorithm.
b
5 Experimentation and analysis
In this section, we present the experimental results that
we have obtained through our proposed adaptive frame-
work. For experimentation, we have considered the sys-
tem model discussed in Section 3. For this model, we con-
sider five different AES implementation schemes. These
implementation schemes are considered for a number of
IoT devices that are heterogeneous in nature and they
have varying resource and throughput requirements. We
use the adaptive framework discussed in Section 4 to
optimize the overall resource and throughput of an IoT-
based system. The current section is mainly divided into
two parts. In the first part, a comprehensive overview of
the five implementation schemes is given. In the second
part, the results obtained through experimentation are
presented and discussed.

5.1 Different AES schemes

In this section, we give a comprehensive overview of AES
algorithm and the different AES implementation schemes
that we have used in this work. An overview of standard
c AES implementation is given in Fig. 3. It can be seen from
Fig. 2 Graphical representation of mapping between IoT devices and this figure that the implementation of AES algorithm is
cryptographic schemes. a Initial bipartite graph, b Modified bipartite
governed by two modules: one is cipher module and the
graph G , and c Final bipartite graph G to solve the assignment
problem other is key expansion module. The cipher module is an
iterative process, and it can be optimized in the hardware
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 8 of 13

Fig. 3 An overview of standard AES implementation with different modules and sub-modules

using techniques like loop unrolling and pipe-lining. An different hardware implementations. A brief discussion on
unrolled cipher module can be coupled with a smaller the optimizations applied on each technique is as follows:
key expansion module to increase the overall through-
put of AES implementation. Similarly, the implementation • Technique 1. It can be seen from Fig. 3 that both
of AES can also be improved by efficiently exploiting cipher module and key expansion module of the AES
the resources of target architecture. By combining the implementation have several sub-modules. In this
aforementioned optimization techniques and hardware technique, the sub-modules of cipher and key
resource exploitation, we explore five different AES imple- expansion module are implemented in the hardware
mentation schemes in this work. These schemes are used in a serialized way. In serialized implementation, first,
by the adaptive framework discussed in Section 4 to find the key expansion module is implemented, and next,
the best trade-off between resource and throughput of a the cipher module is executed. The serialized
reference IoT system model. Further details on the five implementation of this technique requires minimal
schemes are given next. logic resources while also giving the lowest
As discussed before, in this work, we use five differ- throughput among the five techniques under
ent AES implementation techniques, and a summary of consideration.
the resource and throughput metrics of the techniques • Technique 2. In this technique loop unrolling is
under consideration is given in Table 3. These metrics are performed for the cipher module and key expansion
obtained through the implementation of these schemes on is performed online. Online key expansion improves
a Stratix V FPGA. The variation in the throughput and the execution speed. Because of the parallel
resource requirement of these techniques is because of implementation, this technique gives better
throughput results as compared to technique 1. But
Table 3 AES Schemes Overview at the same time, it requires more resources as well.
Name Logic Resources Throughput (Gbps) • Technique 3. In this technique, pipe-lining is
Technique 1 3571 17.5 introduced for the key expansion and cipher module
Technique 2 4789 28.5 is executed in a serialized manner. This results in
comparatively less resources and smaller throughput
Technique 3 4563 26.6
as compared to technique 2.
Technique 4 6066 27.5 • Technique 4. In this technique, loop unrolling is
Technique 5 9631 113.4 performed for key expansion and the cipher module
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 9 of 13

is executed in a pipe-lined manner. This results in a assigned to throughput parameter whereas the value of w2
significant increase in terms of resource requirement. corresponds to the weight for resources. The value of w2
But, the throughput gain is not that much significant. is equal to 1 − w1 . The values of w1 and w2 are varied from
• Technique 5. Finally in technique 5, all the 0.2 to 0.8. As discussed in Section 3, the sum of w1 and
implementation of the AES is performed in such a w2 should always be equal to 1. It can be seen from Fig. 4
way that the execution is totally parallel which that when the value of w1 is 0.2 and the value of w2 is 0.8
eventually results in the highest logic resource then the average throughput is at the lowest point. It can
requirement while giving the best throughput among also be seen from this figure that the average throughput
the five implementation techniques under increases as the number of users (i.e., IoT devices) increase
consideration. and it stabilizes after the number of devices surpass a cer-
tain number. Furthermore, Fig. 4 shows that the average
5.2 Results and analysis throughput of the system steadily increases as the value of
In this work, we consider a system model where our w1 is increased from 0.2 to 0.8. This is because of the fact
objective is to map the AES cryptographic scheme to that an increase in w1 weight causes a decrease in w2 value
heterogeneous IoT devices in such a way that the aver- which eventually gives higher preference to throughput
age throughput of the system is maximized while mini- increase rather than resource curb.
mizing the number of resources used. For this purpose, As mentioned earlier, the objective of the proposed
we use a weighted function described in Eq. 1. In this framework is to maximize the throughput while minimiz-
equation, combinations of different weights are assigned ing the resource usage of the system under consideration.
to the throughput and resource metrics in order to deter- In this regard, the average resource requirement results
mine the techniques that give the best results through our with different weight combinations and a varying number
proposed adaptive framework described in Section 4. of users are shown in Fig. 5. It can be seen from Fig. 5
A number of experiments are performed where the that when values of w1 and w2 are 0.2 and 0.8, respec-
number of end users (i.e., IoT devices) are varied and along tively, then the average resources is at the lowest point
with that the weights of the throughput and resources and it steadily increases with the increase in the value
of the devices are also varied. The main objective of this of w1 . This is because of the fact that a bigger value of
variation is to find the trade-off between throughput and w2 means more focus on resource optimization; hence,
resources that gives the best overall results. In this regard, smaller resource requirement and vice versa. The results
the average throughput results with different weight com- in Figs. 4 and 5 demonstrate that with the maximum value
binations and varying number of users are shown in Fig. 4. of either w1 or w2 , we can achieve either best throughput
In this figure the value of w1 corresponds to the weight or minimum resource usage. It is clear from these figures

Fig. 4 Average throughput results with different weight combinations and number of devices
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 10 of 13

Fig. 5 Average resource requirement results with different weight combinations and number of devices

that both constraints cannot be satisfied simultaneously, of w1 is 0.1 and the value of w2 is 0.9 then the average
and we have to find a trade-off between them. For this throughput is at the lowest point and the average num-
purpose, the average throughput and resource results for ber of resources is also the smallest. This is because of the
a fixed number of users are plotted in Fig. 6. In this figure, fact that when the value of w1 is 0.1 and the value of w2
horizontal axis shows the values of w1 and w2 , while pri- is 0.9, the lowest priority is given to throughput and the
mary and secondary Y -axis give the average throughput highest priority is given to resource saving. On the other
and resource results for varying values of w1 and w2 . As hand, when the value of w1 is 0.9 and the value of w2 is
stated earlier, the sum of values of w1 and w2 is always 0.1, then both the average throughput and average num-
equal to 1. It can be seen from Fig. 6 that when the value ber of resources used by the system are at their peak. The

Fig. 6 Average throughput and resources for varying weights

Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 11 of 13

aforementioned two cases are the extreme cases where from this figure that the proposed framework gives bet-
in the first case the resources are given the highest pri- ter throughput results as compared to random and greedy
ority while in the second case the average throughput is approaches. This is because of the fact that the pro-
given the top priority. As stated earlier, the objective of the posed framework considers all the possible combinations
proposed framework is to find the best trade-off between of schemes and devices and then selects the best pos-
average throughput and resource values. To achieve this sible combination using the Hungarian algorithm. On
objective when the value of w1 is increased and value the other hand, the greedy approach either goes for the
of w2 is decreased, both average throughput and aver- best throughput or resource value and does not look
age resources start increasing and eventually the values for the best trade-off. As a result the proposed frame-
of w1 and w2 between 0.5 and 0.6 give the best overall work gives, on average, 11% and 17% better throughput
throughput and resource values for the reference system results as compared to the greedy and random approach
model under consideration. It is important to note that the respectively.
results in this figure are generic in nature and they hold Average resource usage results for proposed framework
for any number of users/IoT devices. versus random and greedy approach are shown in Fig. 8.
In this work, we also perform average throughput and It can be seen from this figure that the average number
resource comparison between the proposed framework of resources increase with increase in number of users.
and random, greedy approaches. For this purpose, we fix Moreover, it can also be observed from this figure that
the weights of throughput and resources at 0.5 each as this the random approach requires, on average, the largest
weight combination gives the best average throughput and resources while the proposed framework requires the least
resource results (see Fig. 6). Next, we vary the number of number of resources while giving the overall throughput
users (i.e., IoT devices) and observe the impact on overall results. Results in Fig. 8 show that the proposed frame-
throughput and resource of the system. We perform the work, on average, requires 3% and 13% fewer resources
experimentation for the proposed framework and com- as compared to the greedy and random approach, respec-
pare the results against random and greedy approaches as tively.
well. The throughput and resource results are shown in
Figs. 7 and 8, respectively. 6 Conclusion
The average throughput results in Fig. 7 show that IoT is the next big thing in the domain of science and
initially the average throughput of the system under con- technology. Its role is increasing exponentially in human
sideration increases with an increase in number of users. lives with each passing year, and this trend is not going to
However, it stabilizes when the number of users are slow down any time soon. Because of the critical nature
more than five. Furthermore, it can also be observed of the data handled by IoTs, an IoT-based system is an

Fig. 7 Average throughput results for proposed framework versus greedy and random approach
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 12 of 13

Fig. 8 Average resource results for proposed framework versus greedy and random approach

attractive target for malicious attackers. However, because Acknowledgements

of the limited resources of IoT devices, researchers face Not applicable.
a difficult task of making an IoT-based system secure. In Authors’ contributions
this work, we formulated a weighted optimization func- UF worked on the overall writing of the paper. He also worked on the design
tion to secure the IoT devices. Among a pool of available and simulation part. NUH worked on the manuscript review, data gathering,
and simulation analysis of the results. IB worked on the design part of the
cryptographic implementation schemes of AES, this opti- problem, the optimization of the techniques, and manuscript writing of the
mization function assigns values to them based on their paper. NS worked on the analysis of the results, design and optimization of the
weights. We next propose an adaptive framework that problem, and overall manuscript improvement of the work. All authors read
and approved the final manuscript.
considers the heterogeneous nature of IoT devices and
metrics of different implementation schemes. The adap- Funding
tive function maps the AES implementation schemes to No funding was received for this research work.
the IoT devices using a modified bipartite matching graph.
During mapping, the core objective is to optimize the Availability of data and materials
It is not applicable to this article as it mandatory for biology and medical
throughput of the IoT-based system while using the mini- journals only.
mum resources. This mapping process is optimized using
Hungarian algorithm. We perform extensive experimen- Competing interests
The authors declare that they have no competing interests.
tation using the proposed framework. Comparison is also
performed between the results of the proposed frame- Received: 18 January 2019 Accepted: 7 August 2019
work and those of the random and greedy approach.
Analysis of the results shows that the proposed frame-
work provides, on average, 11% and 17% better aver- References
age throughput and 3% and 13% better resource usage 1. D. Singh, G. Tripathi, A. J. Jara, in 2014 IEEE World Forum on Internet of
Things (WF-IoT). A survey of internet-of-things: Future vision, architecture,
results as compared to the random and greedy approach, challenges and services, (2014), pp. 287–292
respectively. 2. L. Atzori, A. Iera, G. Morabito, The internet of things: A survey. Comput.
In this work, we consider two optimization parameters Netw. 15, 2787–2805 (2010). http://doi.org/10.1016/j.comnet.2010.05.010
3. A. Mosenia, N. K. Jha, A comprehensive study of security of
only. In the future, we would like to extend this work internet-of-things. IEEE Trans. Emerg. Top. Comput. 5(4), 586–602 (2017)
to multiple objectives like fairness and energy and power 4. A. P. Plageras, K. E. Psannis, C. Stergiou, H. Wang, B. B. Gupta, Efficient
consumption parameters. Moreover, we would extend iot-based sensor big data collection–processing and analysis in smart
buildings. Futur. Gener. Comput. Syst. 82, 349–357 (2018)
the current work from single network scenario to multi- 5. C. Stergiou, K. E. Psannis, A. P. Plageras, Y. Ishibashi, B.-G. Kim, et al.,
network scenario as well. Algorithms for efficient digital media transmission over iot and cloud
networking. J. Multimed. Inf. Syst. 5(1), 27–34 (2018)
Abbreviations 6. V. A. Memos, K. E. Psannis, Y. Ishibashi, B.-G. Kim, B. B. Gupta, An efficient
AES: Advanced Encryption Standard; DoS: Denial of service; IoT: Internet of algorithm for media-based surveillance system (eamsus) in iot smart city
Things; WSN: Wireless sensor networks framework. Futur. Gener. Comput. Syst. 83, 619–628 (2018)
Farooq et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:210 Page 13 of 13

7. K. E. Psannis, C. Stergiou, B. B. Gupta, Advanced media-based smart big 28. G. Zhang, T. Wang, G. Wang, A. Liu, W. Jia, Detection of hidden data
data on intelligent cloud systems. IEEE Trans. Sustain. Comput. 4(1), 77–87 attacks combined fog computing and trust evaluation method in
(2018) sensor-cloud system. Concurr. Comput. Pract. Experience, e5109 (2018).
8. M. Zhang, A. Raghunathan, N. K. Jha, Trustworthiness of medical devices https://onlinelibrary.wiley.com/doi/pdf/10.1002/cpe.5109
and body area networks. Proc. IEEE. 102(8), 1174–1188 (2014)
9. C. Li, A. Raghunathan, N. K. Jha, in 2011 IEEE 13th International Conference Publisher’s Note
on e-Health Networking, Applications and Services. Hijacking an insulin Springer Nature remains neutral with regard to jurisdictional claims in
pump: Security attacks and defenses for a diabetes therapy system, published maps and institutional affiliations.
(2011), pp. 150–156
10. D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W.
Morgan, K. Fu, T. Kohno, W. H. Maisel, in 2008 IEEE Symposium on Security
and Privacy (sp 2008). Pacemakers and implantable cardiac defibrillators:
Software radio attacks and zero-power defenses, (2008), pp. 129–142
11. C. Stergiou, K. E. Psannis, B. B. Gupta, Y. Ishibashi, Security, privacy &
efficiency of sustainable cloud computing for big data & iot. Sustain.
Comput. Inform. Syst. 19, 174–184 (2018)
12. Y. Cherdantseva, J. Hilton, in 2013 International Conference on Availability,
Reliability and Security. A reference model of information assurance &
security, (2013), pp. 546–555
13. S. Vashi, J. Ram, J. Modi, S. Verma, C. Prakash, in 2017 International
Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC).
Internet of Things (iot): A vision, architectural elements, and security
issues, (2017), pp. 492–496
14. H. Suo, J. Wan, C. Zou, J. Liu, in 2012 International Conference on Computer
Science and Electronics Engineering, vol. 3. Security in the internet of things:
A review, (2012), pp. 648–651
15. M. M. Kermani, M. Zhang, A. Raghunathan, N. K. Jha, in 2013 26th
International Conference on VLSI Design and 2013 12th International
Conference on Embedded Systems. Emerging frontiers in embedded
security, (2013), pp. 203–208
16. H. Salmani, M. M. Tehranipoor, Vulnerability analysis of a circuit layout to
hardware trojan insertion. IEEE Trans. Inf. Forensic Secur. 11(6), 1214–1225
(2016)
17. A. M. Nia, S. Sur-Kolay, A. Raghunathan, N. K. Jha, Physiological
information leakage: A new frontier in health information security. IEEE
Trans. Emerg. Top. Comput. 4(3), 321–334 (2016)
18. E. Y. Vasserman, N. Hopper, Vampire attacks: Draining life from wireless ad
hoc sensor networks. IEEE Trans. Mob. Comput. 12(2), 318–332 (2013)
19. B. Parno, A. Perrig, V. Gligor, in 2005 IEEE Symposium on Security and Privacy
(S P’05). Distributed detection of node replication attacks in sensor
networks, (2005), pp. 49–63
20. K. Hu, A. N. Nowroz, S. Reda, F. Koushanfar, in 2013 Design, Automation Test
in Europe Conference Exhibition (DATE). High-sensitivity hardware trojan
detection using multimodal characterization, (2013), pp. 1271–1276
21. M. Feldhofer, S. Dominikus, J. Wolkerstorfer, Strong Authentication for RFID
Systems Using the AES Algorithm. (Springer Berlin Heidelberg, Berlin,
Heidelberg, 2004), pp. 357–370
22. U. Farooq, M. F. Aslam, Comparative analysis of different aes
implementation techniques for efficient resource usage and better
performance of an fpga. J. King Saud Univ. Comput. Inf. Sci. 29(3),
295–302 (2017)
23. M. Jung, H. Fiedler, R. Lerch, in Ecrypt Workshop on RFID and Lightweight
Crypto. 8-bit microcontroller system with area efficient aes coprocessor
for transponder applications, (2005), pp. 32–43
24. S. Kulkarni, S. Durg, N. Iyer, in Computing for Sustainable Global
Development (INDIACom), 2016 3rd International Conference on. Internet of
things (iot) security (IEEE, 2016), pp. 821–824
25. G. A. Mills-Tettey, A. Stentz, M. B. Dias, The dynamic hungarian algorithm
for the assignment problem with changing costs. Tech Report (2007)
26. J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (iot): A
vision, architectural elements, and future directions. Future Generation
Computer Systems. 29(7), 1645–1660 (2013). Special sections:
cyber-enabled distributed computing for ubiquitous cloud and network
services & cloud computing and scientific applications, big data, scalable
analytics, and beyond. http://www.sciencedirect.com/science/article/pii/
S0167739X13000241
27. CISCO, The internet of things reference model. CISCO, Tech. Rep. (2014).
Available: http://cdn.iotwf.com/resources/71/
IoT_Reference_Model_White_Paper_June_4_2014.pdf