Republic of Iraq

Ministry of Higher Education and

Scientific Research
College of Education
Department of Computer Science

Design Lightweight Algorithm for Data

Encryption in IoT

A Thesis
Submitted to the College of Education/ University of Al-
Mustansiriyah as a Partial Fulfillment of the Requirements for the
Degree of Master of Science in Computer Science

By
Rasool Salah Salman

Supervised By
Prof. Dr. Alaa Kadhim Farhan
and
Assist. Prof. Dr. Ali Shakir Mahmood

2022. A.D 1444. A.H

 ‫بِس ِْم اللَّـ ِه الرَّحْ َم ٰـ ِن الر ِ‬
‫َّح ِيم‬

‫ث فِي اُأْل ِّمي َـ‬

‫ِّين َر ُسواًل ِّم ْنهُ ْم‬ ‫﴿ هُ َو الَّ ِذي بَ َع َ‬
‫يَ ْتلُو َعلَ ْي ِه ْم آيَاتِ ِه َويُ َز ِّكي ِه ْم َويُ َعلِّ ُمهُ ُم ْال ِكتَ َ‬
‫اب‬
‫َو ْال ِح ْك َمةَ َوِإن َكانُوا ِمن قَ ْب ُل لَفِي َ‬
‫ضاَل ٍل‬
‫ين ﴾‬
‫ُّمبِ ٍـ‬

‫صدق هللا ال َعل ِّي العظيم‬

‫« ُسو َرةُ الجمعة ‪ :‬اآلية ‪»2‬‬
Dedications
I would like to dedicate this work to:

My dear parents…

My brothers and sisters…

To the soul of my martyr brother “Ahmed” (may Allah be merciful to him)

My wife with all my love…

My sons “Ahmed and Ameer” …

All my friends and lovers.

Rasool Salah Salman

2022

Acknowledgments

First and foremost, I would like to thank and praise Allah, lord of the worlds, who
helped me to complete this thesis.
I would like to thank my respected supervisors Prof. Dr. Alaa Kadhim Farhan and
Assist. Prof. Dr. Ali Shakir Mahmood from the bottom of my heart, for their perfect
guidance and constant supervision throughout the project. They always guided me by
showing the right path to follow at every step to successfully complete this thesis. I am
greatly indebted to them for their encouragement and invaluable advice in this thesis.
 I am also very thankful to the Head of the Department and all members of
Computer Science Department\ College of Education\ University of Al-Mustansiriyah
where I completed my thesis.
Also, I am tempted to individually thank all of my friends, but as the list might be
long and for fear I might omit someone, I will simply and genuinely say: Thank you all
for your love, care, and trust.
I am thankful to everyone who has supported me in order to complete this thesis.
Finally, I deeply thank my family: my dear, loving parents, my wife, my brothers,
and my sisters.  Words cannot express the love and gratitude I have for them, for helping
me to reach this place.

Rasool Salah Salman

2022
 Abstract
With the rising use of Internet of Things (IoT) applications in wide areas
of our daily lives, such as the smart home, health care, etc., there is a massive
amount of important and sensitive data passing through these applications to the
internet that may be vulnerable to attacks and unauthorized access, so it has
become important to provide protection for it through the use of cryptographic
algorithms. Due to the limited resources of IoT devices, such as small memory
size, low energy, and limited CPU capabilities, traditional encryption algorithms
cannot work or do not work efficiently with IoT devices. The lightweight
cryptographic algorithms are another solution designed to fit resource-
constrained devices and provide security for data in IoT.

In this thesis, a design of a new lightweight encryption algorithm is

suggested, depending on the traditional AES algorithm and a combination of
chaotic systems. One-dimensional and two-dimensional chaotic logistic maps
are employed to generate the major encryption tools in AES, like S-box,
dynamic permutation (DP), and cipher keys. The DP function is utilized instead
of the MixColumn function. Eventually, the number of rounds is reduced from
10 to 9. In this proposal, a set of sensors and a Raspberry Pi device are
employed. The proposed algorithm is embedded inside the Raspberry Pi to
protect the sensor data before sending it over the network.

The results of the analysis indicate that the proposed LWAES-128

algorithm consumes less time in encryption and decryption, as it can encrypt a
text size of 25,000 bytes in only 85.57 milliseconds when implemented on a PC
laptop running Windows 10. Therefore, the LWAES-128 algorithm has more
speed compared with standard AES and other related work. The constructed S-
box meets the security requirements of S-box, including avalanche (AC), strict
avalanche (SAC), completeness (CC), balanced (BC), Invertability, information

I
entropy, correlation coefficient, histogram, unified average changing intensity
(UACI), and number of pixel change rates (NPCR). The NPCR and UACI for
the Lena image are at the accepted level at 99.6%, and 33.56%, respectively,
and the AC result is in the optimal range of 50.097%. While the histograms of
the different images were flat and uniform, the results of information entropy
and correlation on different images were close to 8 and 0, respectively. Also the
LWAES-128 succeeded in all NIST statistical tests. Therefore, according to
these results, the LWAES-128 offers more randomness.

II
 List of Publications

1. R. S. Salman, A. K. Farhan, and A. Shakir, “Lightweight Modifications in the

Advanced Encryption Standard (AES) for IoT Applications: A Comparative
Survey,” in 2022 International Conference on Computer Science and
Software Engineering (CSASE), Mar. 2022, pp. 325–330, doi:
10.1109/CSASE51777.2022.9759828.

2. R. S. Salman, A. K. Farhan, and A. Shakir, “Creation of S-box based One-

Dimensional Chaotic Logistic Map: Colour Image Encryption Approach,”
Int. J. Intell. Eng. Syst., vol. 15, no. 5, pp. 378–389, Oct. 2022, doi:
10.22266/ijies2022.1031.33.

III
 List of Contents
Page
# Subject
No.
Abstract I
List of Publications III
List of Contents IV
List of Abbreviations VI
List of Figures VIII
List of Tables IX
List of Algorithms XI
CHAPTER ONE
General Introduction
1.1 Overview 1
1.2 Related works 2
1.2.1 Substitution Box (S-box) 2
1.2.2 Lightweight AES algorithm 4
1.3 The Problem Statement 6
1.4 Aim of Thesis 6
1.5 Outline of thesis 6
CHAPTER TWO
Theoretical Background
2.1 Introduction 8
2.2 Internet of Things 9
2.3 Internet of Things Architecture 10
2.3.1 Perception Layer 10
2.3.2 Network Layer 11
2.3.3 Application Layer 11
2.4 Security 11
2.4.1 Security Services 11
2.5 Internet of things Attacks 12
2.6 Lightweight Cryptography (LWC) 13
2.6.1 Lightweight Block ciphers 15
2.7 Advanced Encryption Standard (AES) 16
2.7.1 Initial Round 17
2.7.2 Round processes 17

IV
 2.7.3 Key Expansion/ Schedule 22
2.8 Hash Algorithm (SHA3) 24
2.9 Chaos Theory-Based Cryptography 25
2.9.1 Logistic Map 26
2.9.2 Two-dimensional Logistic Map 28
2.10 Main Components of an IoT System 28
2.11 Features of an Excellent Cryptographic Algorithm 30
2.11.1 S-box Test Criteria 30
2.11.2 Image encryption metrics 32
2.11.3 Randomness NIST Tests 33
CHAPTER THREE
The proposed design of the Lightweight Encryption Algorithm

3.1 Introduction 35
3.2 The Proposed Encryption Algorithm (LWAES-128) 35
3.2.1 Key Generation of System 36
The Encryption Process utilizing LWAES-128
3.2.2 48
Algorithm
CHAPTER FOUR
Implementation the proposed System
4.1 Introduction 55
4.2 Implementation of the System 55
4.3 Requirements and Environment 57
4.4 Collection of Data from Sensors 59
4.5 Evaluation and Results 59
4.5.1 Substitution-Box Evaluation 60
4.5.2 Substitution-Box Evaluation Through Encrypting an
66
Image
4.5.3 Implementation of Encryption Process 69
4.5.4 Server Side 77
CHAPTER FIVE
Conclusions and Proposals for the Future Work
5.1 Introduction 79
5.2 Conclusions 79
5.3 Future Works 81
References 82

V
 List of Abbreviations
Abbreviations Description
1-D One dimensional
2-D Two dimensional
AES Advanced Encryption Algorithm
AO Analog Out
AC Avalanche Criterion
BC Balanced Criterion
BIC Bit Independence Criteria
CIA Confidentiality , Integrity and Availability
CPU Central processing unit
CC Completeness Criterion
DES Data Encryption Standard
DP Dynamic Permutation
DoS Denial of Service
DO Digital Out
GF Galois Field
Inv-DP Inverse- Dynamic Permutation
I/O Input/output
InvS-box Inverse Substitution Box
IoT Internet of Thing
LP linear approximation Probability
LFSR linear feedback shift register
LWAES Lightweight Advanced Encryption Standard
LWAES-128 Lightweight Advanced Encryption Standard 128-bits
LWC Lightweight Cryptography
LANs Local area networks
MLAES Modified Lightweight Advanced Encryption Standard
M2M Machine to Machin
MS Millisecond
NIST National Institute of Standards and Technology

VI
 NPCR Number of pixel change rate
PANs Personal area networks
RNG Random number generator
RNA Ribonucleic Acid
RCON Round Constant
RFID Radio frequency identification
RAM Random Access Memory
ROM Read Only Memory
RC5 Rivest Cipher 5
S-box Substitution Box
S-boxes Substitution Boxes
SPN Substitution Permutation Network
SHA3 Secure Hash Algorithm Version.3
SAC Strict Avalanche Criterion
UACI Unified average change intensity
WSN wireless sensor network
WANs Wide-area networks
XOFs Extendable Output Functions
XOR Exclusive – OR

List of Figures
Figure No. Title Pag
e

VII
 No.
Chapter Two
Figure 2.1 IoT Applications 9
Figure 2.2 The three-layers IoT architecture 10
Figure 2.3 Trade-off between Security, Cost, and Performance 14
Figure 2.4 State Array 16
Figure 2.5 The AES overall structure 17
Figure 2.6 Generation S-box and InvS-box 18
Figure 2.7 AES ShiftRows process 20
Figure 2.8 AES MixColumn process 21
Figure 2.9 AES InvMixColumn matrix 21
Figure 2.10 AES AddRounKey Process 22
Figure 2.11 AES Key Expansions 23
Figure 2.12 SHA3 sponge construction 24
Figure 2.13 Variations of logistic map with time (i) 27
Figure 2.14 Behavior of the logistic map for = 4 27
Chapter Three
overall structure of the proposed LWAES-128 (a) the
Figure 3.1 37
encryption process and (b) the decryption process
Figure 3.2 Key Generation of System 38
Figure 3.3 Flow chart of construction the proposed S-box 41
Figure 3.4 Example of S-box construction 43
Figure 3.5 Examples of key construction for the initial round 47
Figure 3.6 S-box matrix with explanation to SubByte function 51
Figure 3.7 ShiftRows function 52
Figure 3.8 Example of DP function 53
Figure 3.9 Example of AddRoundKey function 54
Chapter Four
Figure 4.1 Proposed LWAES-128 algorithm implementation 56
Figure 4.2 Histograms of the tested images 68
Figure 4.3 LWAES-128 encrypting and decrypting time 71
Figure 4.4 Encryption Time comparison with related works 72
Figure 4.5 Decryption Time compared to the related works 73
Figure 4.6 Encryption Time on Raspberry Pi compared to the 74

VIII
 related works
The power consumption of the proposed algorithm
Figure 4.7 77
and other related algorithms
Figure 4.8 Server outputs sensors data after decrypting 78

List of Tables
Page
Table No. Title
No.
Chapter Two
Table 2.1 AES S-box 19
Table 2.2 AES InvS-box 20
The optimal values of S-box criteria and statistical
Table 2.3 33
metrics.
Chapter Three
An instance of the suggested S-box employed for
Table 3.1 50
encryption
An instance of the Inverse S-box employed for
Table 3.2 50
decryption
Table 3.3 Example of DP table employed for encryption 52
Example of inverse DP table employed for
Table 3.4 52
decryption
Chapter Four
Table 4.1 Specifications for the DHT22 and Flame sensors 57
Table 4.2 Raspberry Pi 4model B specifications 58
An example of collecting sensors data every 5
Table 4.3 59
seconds
Comparison between the standard AES and
Table 4.4 60
LWAES-128 algorithms
Table 4.5 BC test on S-box when x0=0.05 and =3.7 61
Table 4.6 S-box values when x0=0.7 and  =3.91
1 61
Table 4.7 BC test on S-box when x0 =0.7 and  =3.91
0 1
62
Table 4.8 S-box values when x0= 0.05 and =3.7 62

IX
Table 4.9 Inverse S-box values when x0=0.05 and  =3.7
1
63
Table 4.10 S-box values when x0=0.15 and =3.7 63
Table 4.11 Inverse S-box values when x0=0.15 and =3.7 64
Comparisons of the AC test of (A...Z) utilizing the
Table 4.12 proposed S-box when x0= 0.05 and  = 3.7 with 64
some other related approaches
Example for AC computation of the proposed S-box
Table 4.13 65
(if x0=0.05 and =3.7) and other related S-boxes
Comparisons of the AC test of (A...Z) utilizing the
Table 4.14 suggested S-box when x0=0.7 and =3.91 with some 65
other related approaches
Example for AC computation of the proposed S-box
Table 4.15 66
(if x0=0.7 and =3.91) and related S-boxes
Table 4.16 Entropy results of the tested images 67
Table 4.17 Correlation coefficient of the tested images 67
Table 4.18 NPCR and UACI results of the tested images 69
Table 4.19 LWAES-128 encrypting and decrypting average time 70
Encryption Time and Throughput compared to the
Table 4.20 71
related works
Decryption Time and Throughput compared to the
Table 4.21 72
related works
Table 4.22 Encryption Time comparison with related work 73
Comparison of the LWAES-128 encryption time and
Table 4.23 74
throughput on the Raspberry Pi with related works
NIST tests on the cipher-text from the suggested
Table 4.24 74
LWAES-128
The status of the Raspberry device during executing
Table 4.25 76
encryption
The power consumption comparison of the proposed
Table 4.26 76
algorithm and other related algorithms

X
 Table of Algorithms
Algorithm No. Title Page No.

Chapter Three

Algorithm 3.1 Key Generation of System 38

Constructing S-box utilizing 1-D chaotic
Algorithm 3.2 41
logistic map

Algorithm 3.3 Constructing of the inverse S-box 43

Algorithm 3.4 Construction of keys and DP table 45
Generation of The inverse array of dynamic
Algorithm 3.5 46
permutation

Algorithm 3.6 The encryption process utilizing LWAES-128 48

XI
Chapter One
General Introduction
 Chapter One
General Introduction

1.1 Overview
Recently, the topic of the Internet of Things (IoT) has emerged as a result
of the rapid development in computer sciences and communications [1]. With
the IoT, billions of things (devices) in the physical world are connected to other
systems or devices over the network to the Internet [2]. Some technologies, like
radio frequency identification (RFIDs), wireless sensor networks (WSNs), or
combining these technologies, cloud service, machine-to-machine connectivity
(M2M), etc., can be used to make this connection [3]. IoT has many
applications, including health care, smart buildings, smart homes, smart
factories, and so on. IoT makes it possible for objects to recognize each other,
get intelligence, get information regarding themselves, and also get information
that other objects have collected [4].
In the IoT, data is collected by objects from the physical world and
transmitted over the Internet, making these data vulnerable to attacks and
hackers [5]. This sent data may be important and needs to be secured.
Cryptography algorithms are used to secure this data [6].
There are several cryptographic algorithms used to offer security solutions,
which are classified into symmetric and asymmetric kinds [7]. However,
conventional algorithms are unsuitable for use in an IoT environment due to
their high computational complexity, which is incompatible with the IoT's
limited resources such as power, CPU, and memory [8]. Therefore, lightweight
cryptography algorithms appeared as a solution for limited resource devices.
Lightweight cryptographic algorithms must offer the best tradeoff between
security, cost, and performance [9].

1
 In this thesis, the design and implementation of a lightweight encryption
algorithm for securing IoT sensing data transmitted by the IoT devices are
proposed.
1.2 Related Works
The following studies have been chosen based on their relevance to the
subject matter of this thesis. As mentioned below, these studies are divided into
two categories: The first focuses on constructing a substitution box (S-box), and
the second on Lightweight AES algorithm.
1.2.1 Substitution Box (S-box)
The S-box is an essential part of the block ciphers due to the fact that it is
responsible of the confusion process between plain and cipher text. Therefore,
many researchers attempt to design a more secure S-box to replace the
conventional S-box in standard algorithms in order to increase the level of
security. The studies relevant to the S-box involve:
1- Dragan Lambi )2016) [10] presented a new approach for constructing S-
boxes that relies on a discrete chaotic map with permutations. The generated
S-boxes were subjected to a set of criteria like bijection, non-linearity, strict
avalanche, output bit independence, and input(I)/output(O) XOR
distribution, where the findings indicated that the constructed S-boxes have
strong cryptographic features. This approach didn't have any kind of
approximation effect because it didn't need to estimate continuous values.
This was because it used discrete chaotic maps that relied on the composition
of permutations.
2- C. Unal, et al. (2016) [11] They generated a strong S-box by using a new
random number generator (RNG). They generated it by using the new scaled
Zhongtang chaotic system with very complex and intriguing dynamic
properties. According to the results of the S-box criteria tested on the

2
 generated S-box and compared to other works, the generated S-box was
strong, and the new RNG also passed all NIST tests.
3- L. Liyan, et al. (2018) [12] suggested a new approach to constructing S-box
based on a spatiotemporal nonlinear chaotic. First, they generated an initial
S-box. Then, they used a permutation process on the chaos sequences to
randomly rearrange the S-box's components. So this helped to enhance the
bit independence criteria (BIC) and linear approximation probability (LP) of
the constructed S-box. The results also showed that the constructed S-box
succeeded the statistical tests of NIST-800-22 and met the following criteria:
linear approximation, nonlinearity, output bit independence, bijective, I/O
XOR Distribution, and Strict Avalanche. So, their suggested method has
strong cryptographic properties.
4- L. Qing, et al. (2019) [13] proposed a new algorithm for generating Boxes
by using a novel hybrid chaotic system (tent and logistic). Which has
improved chaos efficiency and a higher chaos range than the tent and
logistics method, and which can improve the randomness of chaos sequences
as well as increase the key space of cryptographic algorithms. At first they
generated initial S-box by using a new linear map and then performed
permutation process on the generated initial S-box via utilizing the sequence
that generated from tent and logistic to enhances the encryption
characteristics of the constructed S-box. The test results showed that the
suggested S-box has much lower values of linear probability and differential
probability and acceptable nonlinearity values than other S-boxes, so it can
be used in block cipher algorithms.
5- F. Alaa, et al. (2020) [14] introduced a novel mechanism for generating
multi-S-boxes that relied on RNA processing. Each one of these S-boxes is
constructed from the previous S-box relying on the secret key where the
obtained S-boxes meet the invariability criterion, avalanche criterion, strict
avalanche criterion, balance criterion, and completeness criterion. The
3
 suggested S-box achieved an accuracy of about 99%, so it can be applied in
several block cipher algorithms.
6- J. Zijing and D. Qun (2021) [15] proposed a mechanism for generating S-
boxes relying on the bent function and logistic chaotic system. First, they
used logistic chaos to generate bent functions. Then, they constructed the S-
boxes from the generated bent functions. The test results and performance
analysis of their constructed S-box showed that the following criteria:
nonlinearity, difference uniformity, strict avalanche, and independence were
satisfied, and the generated S-box has great cryptographic characteristics.

1.2.2 Lightweight AES algorithm:

Many researchers have made modifications to the AES algorithm to make
it faster and better suited for IoT devices. This is done to protect the data that
IoT devices collect and send. These studies in this area include:
1- M. M. Abdzaid and S. Hassan (2019) [16] They presented a lightweight
version of AES-128 bit by modifying the execution of the MixColumn
process by executing it in one cycle with the AddRoundKey process. The
ShifRow process was modified to be SiftRow and ShifCoulmn. The
number of rounds was also reduced to 6 rounds. The test results and
performance analyses of the modified AES showed that it passed the
NIST statistical tests, and it was faster than the original AES in terms of
implementation, while in terms of security, the modified AES achieved
more confusion and diffusion percent. 
2- A. Mohammed and M. Jafer (2019) [17] presented a lightweight
version of the AES algorithm, named (LWAES), aimed to reduce the
processing time. The LWAES used the same operations as the original
AES except the MixColumn operation was replaced with a random Shift
operation, the number of rounds was reduced, and the expansion key
operations were modified where the SubWord operation was replaced

4
 with a random number generator and the RCON operation was also
replaced with a Shift operation. The test results and performance analysis
of the LWAES algorithm showed that it passed the following statistical
tests: frequency, poker, run, and serial. Also, the process of encrypting
and decrypting took less time than with the original algorithm.
3- J. Rokan, et al. (2019) [18] proposed modifications to the AES algorithm
to become lightweight algorithm. This work done by using the five-
dimensional chaotic system (a hybrid of logistic and Lorenz). This
proposal employs the same functions as Standard AES except the mix
column function is replaced with a multi-XOR function, a shift-cycle
function, SHA3-256, five chaos keys, and two S-boxes. The modified
lightweight AES (MLAES) algorithm was implemented on the Raspberry
Pi Model B. The findings showed that MLAES reduced the execution
time and the CPU cycles compared to the standard AES.
4- F. Hazzaa, et al. (2021) [19] suggested a lightweight encryption
algorithm based on the AES algorithm. The suggested algorithm uses the
same operations as in AES but with development aimed to reduce
execution time and power consumption to achieve a lightweight
algorithm and also keep the level of security the same as in AES. In this
work, the SubByte and MixColumn operations were enhanced. The
SubByte operation using a multi-S-box resulted in increasing the security
of the algorithm, while the MixColumn operation using a single (4*4)
key matrix resulted in reducing the required operations in the
multiplication of two matrixes (state and key matrix), thus reducing the
execution time and power usage. Also, the suggested algorithm using
nine rounds resulted in decreased execution time and power consumption.
The evaluation results of the suggested algorithm showed that the
execution time and power usage were enhanced by about 33% compared

5
 to standard AES, but the level of security remained the same as in AES
due to the increased complexity in SubByte operation.

1.3 The Problem Statement

Nowadays, the Internet of Things (IoT) applications have been widely used
in various life fields, such as smart homes, health care, and other applications,
which means there is a massive amount of important and sensitive data sent
through these applications to the network that may be vulnerable to attacks and
unauthorized access, so it has become important to provide protection for it
through the use of cryptographic algorithms.
But due to the limited resources of IoT devices, such as low power, small
memory size, and low CPU processing capability, conventional cryptographic
algorithms are unsuitable for IoT devices. It requires time, memory, and power
due to its many complicated calculations.

1.4 Aim of Thesis

1- Propose and design a lightweight, secure, and fast encryption algorithm

called (LWAES-128) depending on the Advanced Encryption Standard
(AES) algorithm, to be appropriate for any IoT device.

2- Constructing a robust S-Box based on a 1-D chaotic logistic map.

3- Using a new method to construct cipher keys and a dynamic permutation
table (DP) based on a 2-D chaotic logistic map.
4- Implementing the proposed LWAES-128 algorithm on real IoT devices.

1.5 Outline of thesis

The remaining chapters of this thesis are arranged as follows:
 Chapter Two introduces the theoretical background
 Chapter Three clarifies the proposed design of the Lightweight
Encryption algorithm in detail.

6
 Chapter Four clarifies Implementation the proposed.
 Chapter Five introduces the conclusions and Proposals for the Future
Work.

7
 Chapter Two
Theoretical Background
 Chapter Two
Theoretical Background

2.1 Introduction
Today, data security is a critical component for the efficient
performance of every organization's diverse requirements [20]. One of
the important requirements of these networks is to provide a secure
connection for the transmission of data [21]. Cryptography algorithms are
used to protect transmitted data from unauthorized access. There are two
kinds of cryptographic algorithms are Symmetric and Asymmetric. The
symmetric type utilizes the same key for encrypting and decrypting
processes, while the asymmetric type utilizes public key and private key
[22]. The public key is employed for encrypting processes while the
private key is employed for decrypting processes. AES, DES, Blowfish,
and RC5 are some examples of symmetric cryptography algorithms [23].

The internet of things (IoT) has recently become a significant part of

different applications of our daily lives because of its connection to
various objects that sense, collect, and share data via the internet. The
security of the sent data is critical in the IoT network due to the sensitive
nature of applications including smart vehicles, healthcare [24], and so
on. There are a lot of different cryptographic algorithms that are used to
protect these applications, but most of them slow down communications
because they require more processing.

IoT devices are often run by using limited resources, such as low
power, small memory size, and a limited CPU [25]. Due to the limited
resources of these devices, several traditional cryptographic techniques
cannot be used successfully. So, to secure data, a lightweight

8
 cryptographic technique is needed [26]. Many cryptographic algorithms
have been developed to protect this transmitted data, one of which is
chaos-based cryptography.

This chapter explains the applications, architecture, and basic security

notions of the IoT, and also clarifies the notion of lightweight
cryptography, and explains the advanced encryption standard and chaotic
system and its principles in cryptography.

2.2 Internet of Things

With the passage of time, a growing number of devices/objects are
becoming connected to the network and can exchange information with
each other without human intervention. This is the so-called internet of
things [27]. The applications of IoT exist in many areas of our lives.
These applications include: Smart Cities, Smart Homes, Healthcare,
Smart Ecosystems, Transport, Industry, Smart Environments, and more
[28], as seen in figure (2.1).

Figure (2.1): IoT Applications [29].

Many industries have become dependent on IoT technologies as a

result of the significant growth in the interconnected devices over the
internet. Therefore, one user can simultaneously obtain services from

9
 various areas (smart grids, health, fitness, transportation, etc.). The data
that moves through these connected devices may be sensitive and very
important, so the people who make IoT devices and applications need to
employ security properties [30].

2.3 Internet of Things Architecture

The IoT architecture is defined as a framework of physical

components of the IoT. There is no consensus about IoT architecture yet,
so there are a different number of architectures proposed by different
researchers [31]. But a three-layer architecture is widely adopted [32] as
shown in figure (2.2): perception, network, and application.

Figure (2.2): The three-layers IoT architecture.

2.3.1 Perception Layer

This perception layer is also called (sensing layer), and it exists at the
bottom of the architecture [33]. The job of this layer is to collect information

10
from the physical environment by using sensors and actuators. It also finds,
gathers, and processes the information before sending it to the network layer.

2.3.2 Network Layer

The function of this layer is to receive information from the perception layer
and find a route to pass it into the hub (or central-node) by using the network
[33]. It is similar to other models of network architecture. This layer has
different devices such as gateways, clouds, switches etc.

2.3.3 Application Layer

This layer is considered as the top-layer. It receives the data from the
network layer and utilizes it to present the requested service. This layer contains
various applications, such as smart homes, smart cities, smart transportation,
etc. [34].

2.4 Security
Security implies protection of an automated systems to achieve the aim of
maintaining the integrity, availability, and confidentiality of the
information system resources (involving hardware, soft-ware, information, and
communications) [35].

2.4.1 Security Services

Generally, there are three kinds of security services called the CIA-triad,
which are confidentiality, integrity, and availability. These services are designed
as guide policies for information security [36], as explained below.

1. Confidentiality: it ensures protection of the privacy of personal information

by granting access to information only to authorized sides, as confidentiality
is lost when unauthorized sides access this information [37].
2. Integrity: it ensures the correctness and reliability of the information from
any alteration or destruction, since the integrity of the information is lost
11
 when there is an unauthorized modification or destruction of the information
[38].
3. Availability: It ensures that information is available when it is requested at
any time by authorized parties, while disruption of access to the information
means the availability is lost [39].

These services are extended by adding two more services, accountability and
authenticity, which are needed to provide security completely. The two
additional security services are explained below:

4. Authenticity: It means being able to verify if the transmission, information,

or information about the creator is real and if it can be trusted or not.
5. Accountability: is the ability of a system to track the actions of an entity and
hold it uniquely accountable for its actions [35].

2.5 Internet of Things Attacks

In the IoT a data gathered from the real world is sent across the network
utilizing wireless connections. Thus, data becomes subject to different attacks.
There are four types of IoT attacks: physical, network, software, and data [40].

1. Physical attacks are possible when the attacker is near to the network or the
system's devices. These attacks come in many forms, like Node Tampering
(physically altering a device or node), Malicious Code Injection, radio
frequency Interference on RFIDs (generating and sending noise signals
through radio frequency communications), Malicious Node Injection
(dropping a fake node between two valid nodes with the aim of controlling
data flow among them), Sleep Denial Attack (attacker feeds incorrect inputs
to devices, causing them to activate and use more power, causing them to
shut down), and any other attacks [41].

12
2. Network Attacks are executed by modifying the IoT network to do harm. It
can be simply executed without the need to be near the network. These
attacks come in many forms, like Traffic Analysis Attack, RFID Spoofing,
Wormhole Attack, Man in the Middle Attack (an attacker intercepts the
connection between two IoT devices to access sensitive information by
eavesdropping), Replay Attack (capturing a certified packet and re-sending
it to the target repeatedly, causing the network to be busy and may lead to a
DoS attack), and Denial of Service (DoS) attack (an attacker works on
slowing or crashing the server or the network resources) [41].
3. Software Attacks are performed by exploiting the advantages of connected
software or security gaps that exist in the internet of things system, like
Trojan, Worms, virus, jamming (which corrupt the system to modify or steal
information or even execute DoS), and malware attacks [42].
4. Data Attacks the main data attacks that are common in the internet of
things nowadays are Data Inconsistency, Unauthorized Access, and Data
Breach.

2.6 Lightweight Cryptography (LWC)

LWC is an emerging and very popular topic in the field of cryptographic
algorithms [43]. It can work with resource-constrained devices, such as sensors,
embedded systems, radio frequency identification tags, etc. [44].

LWC is a subfield of cryptography. It is designed to provide security for

devices running on limited resources [45]. Lightweight cryptography does not
imply weak crypto. It has properties that may differ from those adopted for
general purposes but must be sufficient for the target application [46].

Recently, Internet of Things (IoT) apps, mobile computing devices, and

embedded systems are utilized in many areas of life [43]. The information that
passes through these devices may be sensitive and must be protected from

13
hackers or unauthorized access. So, a lot of researchers have concentrated on
developing LWC with the aim of consuming less time securing such devices.

There are a variety of hardware-based and software-based lightweight

cryptography algorithms that may be utilized. Hardware-based LWC focuses on
enhancing performance factors like device area size and power usage, while
software-based LWC focuses on reducing CPU-memory usage, computational
cost, and amounts of power and energy usage [43]. When designing an
encryption algorithm with lightweight features, LWC developers face a
challenge: they must trade-off between security, performance, and cost. It is
easy to improve two of the three design goals, but it is difficult to improve all
three at the same time, as shown in figure (2.3) [47].

Figure (2.3): Trade-off between Security, Cost, and Performance.

Three factors are needed to execute the LWC: size, power usage, and speed
(throughput-delay). Power usage is essential with devices that run on limited
battery life. High throughput is also essential for devices that send huge
amounts of information like sensors or cameras, while low delay is essential for

14
systems that require control processes in real-time like car control systems, etc.
[9].

The Encryption algorithms are one of the approaches employed to offer

security to any system. There are various encryption algorithms, and each one
has different needs like resources, power, and memory. Modern computing
systems like smart devices and IoT applications play a significant part in all
aspects of our lives. The lightweight encryption algorithm has become
necessary to offer security for these devices due to its ability to work with these
resource-constrained devices. [48].
There are various devices that utilize LWC. Traditional cryptography
deals with devices that are rich in resources like servers, smart phones, tablets,
personal computers etc., as noted in various studies, whereas the LWC deals
with devices that are poor in resources (resource-constrained) like embedded
systems, sensor nodes, radio-frequency identification tags, etc., that have
limited capabilities in power, memory, and CPU [46].

2.6.1 Lightweight Block ciphers

Block ciphers are a method of encrypting data in fixed block size.
Confusion and diffusion are two important processes that are utilized in block
ciphers to encrypt plaintext block into cipher text block. The confusion process
makes the relationship between the key and the cipher text more complicated by
making each bit of the key affect every bit of the cipher text. By contrast, a
diffusion process is utilized to propagate the effect of each binary digit (bit) in
the plaintext block by several bits in the cipher text block to produce an
encrypted text less sensitive to statistical attacks [49].

There are a large number of lightweight block cipher algorithms that have
been designed to offer security while optimizing the usage of resources. Some

15
examples of these algorithms are PRESENT, CLEFIA, KATAN, HEIGHT, and
many more [50].

2.7 Advanced Encryption Standard (AES)

AES is a symmetric block cipher that relies on the substitution-permutation
network (SPN). It encrypts and decrypts data with blocks of 128 bits. Each
block is expressed in a 4x4 array called the State array. AES uses 10 rounds for
a key of size 128 bits, 12 rounds for a key of size 192 bits, and 14 rounds for a
key of size 256 bits. [51]. In the executing AES algorithm, the encryption key is
extended into i+1 roundkeys, where i is the number of rounds. Then the input
data block is entered into the state array in a column-wise fashion as seen in
figure (2.4). The state matrix consists of four words: w 0, w1, w2, and w3, where
each column of the state matrix represents a word [52]. Before starting the
processes of AES rounds, the state matrix is XOR'ed with the initial key (master
key).

Figure (2.4): State Array

16
 There are four processes performed in each round of AES; they are
SubByte, ShiftRow, MixColumn, and AddRoundKey, except the last round,
which is without MixColumn process [51]. The general structure of the AES is
shown in figure (2.5).

Figure (2.5): The AES overall structure [35]

The following are the stages of the AES algorithm:

17
2.7.1 Initial Round
 AddRoundKey process – XOR operation between the state matrix and the
initial roundkey.
2.7.2 Round processes
Each round in AES performed the following process except the last round:

1- Subbytes – a nonlinear substitution process

2- ShiftRows - a transposition process
3- MixColomun - a linear mixing process
4- AddRoundKey – XOR operation between the state matrix and roundkey.

In the last round of AES, the same above processes are performed but
with the dispense MixColumn process.

1. SubBytes process
A nonlinear substitution is performed on each byte of the state to
replace it with another byte from the lookup-table (S-box) in this process.
It offers confusion between the original text and cipher-text [53]. Each of
the 256 values in the S-box is determined using the multiplicative inverse
in Galois Field GF (28), and then to using the affine transformation. The
generation of both S-box and its inverse (InvS-box) is shown in figure
(2.6).

18
 Figure (2.6): Generation S-box and InvS-box [35]

Table 2.1 shows the AES S-box which is employed in the SubByte
process during the encryption process. Each byte of the state matrix is
substituted with another one from S-box as follows: The byte is split into two
parts. The first part is utilized to select the row, and the second part is utilized to
select the column. After that, the selected row and column of the S-box are
crossed to pick a unique byte. For instance, the hexadecimal value {80}
indicates row 8 and column 0 of the S-box that contains the value {CD}, i.e.,
the value {80} is changed to the value {CD} [35].

Table 2.1: AES S-box [35]

19
 The invers SubByte process (InvSubByte) is used in the decryption
process. It uses the same function but with the inverse S-box (InvS-box)
[54]. Table 2.2 shows the InvS-box.

Table 2.2: AES InvS-box [35]

20
2. ShiftRows process
In the encryption, a transposition process is performed on the second,
third, and last rows of the state to shift the three rows cyclically by a
specific number of steps to the left-direction. In the decryption, the same
process is applied but in the reverse direction (InvShiftRows), i.e.,
shifting the second, third, and last rows of the state to the right-direction
[53]. Figure (2.7) shows the ShiftRows process.

Figure (2.7): AES ShiftRows process [35]

3. MixColomun process
21
 In the encryption, the MixColumn process performs the multiplication
function on every column in the resulting state with its correspondent in a
predefined matrix of polynomials generated for this phase by GF(28) [55].
Figure (2.8) explains this process.

Figure (2.8): AES MixColumn process [35]

In decryption, the inverse MixColumn process (InvMixColumn) is used

by the multiplication function with another matrix to retrieve the original data
after it has been encrypted [56]. Figure (2.9) represents the matrix used in the
InvMixColumn process.

Figure (2.9): AES InvMixColumn matrix [57]

4. AddRoundKey process

22
 In encryption, the AddRoundKey performs the sum operation utilizing bit-
wise XOR between the round key and the obtained state as shown in figure
(2.10) [35]. Every round is assigned a unique round key, which is constructed
from the key schedule that will be explained in section (2.7.3).
In decryption, the same process is performed due to the XOR function
having the inverse feature. When the XOR function is performed between the
encrypted state and the key, the original data is obtained [56].

Figure (2.10): AES AddRounKey Process

2.7.3 Key Expansion/ Schedule

There is a specific key for each round in AES. All of these keys are
created through expanding the master key utilizing key expansion. The key
schedule of AES has two major steps: key expansion and key selection. In key
expansion, a number of subkeys are generated by expending the master key. In
key selection, the subkey is selected for each round to be utilized in the
AddRoundKey process. The number of subkeys is dependent on the number of
rounds, i.e., for rounds 10, 12, and 14, there will be 10, 12, and 14 sub-keys
generated, respectively [56]. The cipher key is arranged in 4x4 array like the
data block state. Every column in the cipher key indicates a word (W), and
every word has 4 bytes.
The current word (Wi) is calculated based on the word at the positions (W i-1)
and (Wi-4). As shown in figure (2.11) [35], a more complex function (function g)

23
is performed to generate the first word of the new key, while a simple XOR is
performed to generate the last three words of the new key.

Figure (2.11): AES Key Expansions

With the exception of the first word, every word of the new key is
generated through performing an XOR function between the word in the
position (Wi) of the preceding key and the word in the position (W i-1) of the new
key.

While the first is generated by applying the function g to the last word of
the prior key and then XORing the result with the first word of the prior key.
The function g has the following sub-functions:

 Rot-Word: a 1-byte of a word is circularly shifted to the left direction,

means an input word [K0, K1, K2, K3] is modified into [K1, K2, K3, K0]
 Sub-Word: by using the S-box each byte of the word is replaced.
 R-con: the XOR operation performed between the result of (Rot-Word)
and (Sub-Word) with a round constant(Rcon).

24
 The Rcon is a word in which the last 3 bytes are all is zero. Therefore, by
performing an XOR operation between the word and the Rcon, it affects
only on the first byte of the word. Every round has a different Rcon.

During the decryption process, the same subkeys are created but are
scheduled for the AddRound process in the opposite order [58].

2.8 Hash Algorithm (SHA3)

SHA3 is the last version of the SHA standard family, announced by NIST
on August 5, 2015. SHA3 depend on sponge function and it consists of two
steps (absorbing and squeezing) which are as explained in figure (2.12) [59].
SHA3 has four cryptographic hash functions named SHA3-224, SHA3-256,
SHA3-384, and SHA3-512. The SHA3 also has two extendable output functions
(XOFs) are SHAKE-128, and SHAKE-256. Many essential information security
applications employ hash functions such as constructing and verifying digital
signatures, key generating, and pseudo-random bit generation. The input to the
hash algorithm is called the message, and it has a variable length. The output is
called the hash value, which has a fixed length [60].

Figure (2.12): SHA3 sponge construction [59]

25
2.9 Chaos Theory-Based Cryptography
It means using chaos theory with cryptographic algorithms. Chaotic
theory is a subfield of mathematics, and it is nonlinear, sensitive to starting
conditions and control parameters, and its behavior cannot be predicted. All
these features meet the requirements of confusion and diffusion properties
needed by cryptographic algorithms [61].

Chaotic systems are very sensitive to their starting parameters, so a slight

alteration in the input leads to a significant alteration in the result. This makes it
impossible to predict the output values of chaotic systems [62]. For instance, if
two similar chaotic systems differ only in their starting parameters, their
outcomes will be significantly different [63]. This important feature of the
chaotic system's output is referred to as "sensitivity to initial conditions."
Because of these features, numerous researchers have become interested in
employing chaotic systems with cryptographic algorithms to increase the level
of security [64].

The lyapunov exponents are used for any chaotic system for checking the
sensitivity to initial conditions. A chaotic system will have a positive lyapunov
exponent, whereas stable points and cycles will have a negative lyapunov
exponent. Recently, there has been a growing interest in the use of chaotic
systems in the development of cryptographic algorithms. The excellent
dynamical features of chaotic systems lead to excellent encryption features of
cryptographic algorithms. The Chaotic systems have been employed in the
development of cryptosystems such as image encryption techniques, hash
functions, and pseudorandom number generators [65][66]. The security level is
evaluated by its ability to resist various types of attacks, such as plain text
attacks, statistical attacks, deferential attacks, brute-force attacks, and so on.

26
 As noted in [67], there are two major ways to employ a chaotic system in a
cryptographic algorithm:

 Employing chaotic systems to produce a pseudorandom key stream for

stream cipher.
 Employing the plain-text or the cipher keys as initial conditions and control
parameters, then employ certain loops on chaotic systems to produce
ciphertext for block ciphers.

The chaotic systems exhibit chaotic behavior, it usually takes the

formation of iterated operations and appears in the dynamic systems
study. Chaotic maps are categorized as either continuous or discrete [68].
The discrete chaotic maps often have the appearance of iterated
operations. Iterations such as rounds in cryptographic systems thus;
discrete chaotic maps are used in cryptosystems. Each chaotic map has its
own parameters that are equivalent to the cipher keys in cryptographic
algorithms. Every chaotic system contains one or more different non-
linear equations like Lorenz, Lu, logistic map, and so on. [69][75]. The
proposed algorithm in this thesis sequentially uses the 1 and 2
dimensional logistic map equations.

2.9.1 Logistic Map

The logistic map is a 1-dimensional (1-D) discrete-time map that is
simple with an astonishing level of complexity. It is reliant on just one control
parameter (). It is among the most commonly utilized chaotic maps in
cryptosystems, like in a pseudorandom number generator [61]. The logistic map
is defined by the following equation (2.1).

x i+1=x i (1−x i ) (2.1) [13]

27
 Where x represents the population at any given time i, and  represents
the growth rate (control parameter). As shown in figure (2.13), the (x i+1) is a
value within 0 and 1 for all (i), whereas the (is a value within 0 and 4 [70].
Figure (2.14) clarifies the behavior of the logistic map for  = 4.

Figure (2.13): Variations of logistic map with time (i) [70].

Figure (2.14) explains the variations in logistic map behavior when the
value of the growth rate () is within the range (2.4, 4.0). The number of
intervals increases as the u gets closer to 4, and the system's behavior becomes
unexpected and seems random. When the control  is greater than 3.6, the
logistic map has a positive lyapunov exponential. When  is less than 3.6, the
lyapunov exponential is negative, which means the system is not chaotic [62].

28
 Figure (2.14): Behavior of the logistic map for = 4 [70]

2.9.2 Two-dimensional Logistic Map

The expression for the logistic map is expanded to include the two-
dimensional logistic map, which is given by the equations (2.2) and (2.3) below
[62]:

x i+1=❑1 x i ( 1−xi ) +❑1 y i2 (2.2)

2
y i+1 =❑2 y i ( 1− y i ) +❑2 ( x i + x i y i ) (2.3)

Where x and y are initial states which belong to the interval (0, 1), while
the ❑1, ❑2, ❑1 , ¿2 are the control parameters. To make the system have chaotic
behavior, the value of parameter ❑1 should be greater than 2.75 and smaller than
3.4. The value of parameter ❑2 should be greater than 2.7 and smaller than 3.45.
The value of parameter ❑1 should be greater than 0.15 and smaller than 0.21.
The value of parameter ❑2 should be greater than 0.13 and smaller than 0.15
[50].

2.10 Main Components of an IoT System

There are four major components that are needed to design any IoT
system: sensors, processors, gateways, and applications. Each component must

29
have a unique set of properties to design an effective internet of things system
[26]. Below is a detailed illustration of these components:

1- Sensors: The sensor represents the front-end device of the IoT. They are
called "things" and their major aim is to gather information from their
physical environment. Each sensor must have a unique identification and an
IP address to be easily recognized through a big network. Additionally, they
should be active in order to gather information in real time. These devices
can operate on their own (independent) or are designed to operate with the
assistance of humans. Sensors include temperature sensors, humidity
sensors, gas sensors, and so on. [71]. Each sensor works by converting the
signals of the physical parameters like (temperature, humidity, gas, etc.) to
digital or analog representations which are readable by the machines and
humans. [72].
2- Processors: Processors are considered the brains of any IoT system. Their
major function is to process the gathered sensing information in order to
obtain useful information from the massive amount of sensing information
gathered. Processors usually operate on a real-time foundation and can be
simply managed via applications. Processors are also responsible for
protecting the sensing information by executing the encryption and
decryption processes. Embedded hardware devices, microcontrollers, etc.,
can handle the data since they are embedded with processors [73]. In IoT
systems, Arduino and Raspberry Pi are two of the most commonly utilized
devices.
■ Arduino: is a simple-to-use microcontroller that connects to a
computer and is able to execute one application at a time. It is an
open-source platform, indicating that the hardware is inexpensive and
software development is free [74]. It can read analog or digital signals
from various sensors and convert them into outputs, like switching
30
 LEDs on or off, controlling a motor, and many more actions
dependent on the system. There are different versions of Arduino; the
UNO version is the most commonly known [75].
■ Raspberry Pi: is a microcomputer that has an operating system. It is
able to execute many programs simultaneously. Raspbian, which is
based on the Debian distribution of Linux, is the recommended install
OS on the Raspberry because it is free and open-source, which keeps
the cost of the system low [76]. The Raspberry Pi is the key element
of the internet of things. There are different versions of Raspberry,
including pi zero, B, B+, and others [77].
3- Gateways: are utilized to transmit processed data to the appropriate
destination, which means the job of gateways is data routing. In other words,
the gateways allow data flow between the source (IoT devices) and the
target destination. A network connection is essential for every IoT system to
communicate. LANs, WANs, PANs, and others are instances of network
gateways [71].
4- Applications: are additional component of an Internet of Things system.
They are important for the correct use of gathered information. Applications
are managed by users and act as the delivery center for certain services.
Home automation, security systems, and others are examples of applications
[71].

2.11 Features of an Excellent Cryptographic Algorithm

There are a number of statistical metrics that are employed to measure the
features of any cryptographic algorithm, like the S-box testing criteria for block
ciphers, statistical metrics for image encryption, and the NIST statistical testing,
including 16 essential tests.

2.11.1 S-box Test Criteria

31
 The block ciphers utilize the S-boxes to provide the confusion property
through the encryption phase. In order to determine if the utilized S-box has
excellent features and the confusion is obtained, the S-box criteria must be
employed, like balanced, completeness, avalanche, strict avalanche, and
Invertability. These criteria are explained below.

1. Balanced Criterion (BC)

One of the most important S-box criteria is to check the distribution of the
0's and 1's in the output sequences, which must be balanced [78].
2. Completeness Criterion (CC)
The S-box is complete if every output bit is dependent on all the input bits. S
is considered complete if there is at least one pair of n-bit plain-text vectors (x
and xi) that differ only in bit i, and, S(x) and S(x i) differ at least in bit j for all
{(i,j)|1⩽i,j⩽n} [79].

3. Avalanche Criterion (AC)

It is an important test in block ciphers, which indicates how a small
alteration in the input bits leads to a significant alteration in the output. Because
of its outcome related to the calculation of diffusion, AC is a desirable property
for block cipher algorithms. The AC value should be between 0 and 1. The ideal
AC value is 0.5, indicating that the S-box meets the AC criterion [78]. The
value of this criterion is calculated using equation (2.4).

No .chaned Bits∈CipherText
AC= (2.4)
Total No . Bits∈CipherText

4. Strict Avalanche Criterion (SAC)

This testing begins initially with the word "Avalanche" The (AC) test
indicates that for every given function, altering a single bit in the input should
result in a significant alteration in the outcome bits. At a minimum, 50% of the
outcome bits must be altered. The completeness (CC) is additional

32
cryptographic test, particularly for Substitution–permutation network block
ciphers, which indicates that every outcome bit must be dependent on whole
input bits. The strict avalanche test combines these tests (AC and CC). The SAC
simply indicates that when a single bit of the input is altered, the whole of the
output bits must be altered by 1/2 for whole input sequences. If the SAC test is
passed for any certain S-box, this indicates that S-box has excellent diffusion
[80].

5. Invertability
This criterion basically checks that every entry into the S-box results in a
unique output. This criterion is important for successful recovery (inverse
substitution), which substitutes the values using the inverse S-box [80]. Thus,
the S-box meets the invertability criterion if S-box (M1) = S-box (M2), where
M1 = M2. The S-box is invertability if it has the ability to recover the plaintext
data by using the inverse S-box [78].

2.11.2 Image encryption metrics

To identify the strength of a S-box, it can be used to encrypt an
image and then evaluated by the following statistical metrics:

1. Entropy
Entropy is the measure of the randomness of the image values. If the
entropy values are high, the image values are more random [81] [82]. The
optimal entropy value is near or equal to 8. Equation (2.5) is used to
calculate the entropy.

Entropy=∑ P ( x i ) log 2
i ( )
1
P ( xi )
(2.5)

Where P(xi) represents the probability of pixel xi (i=0 to 255) in an

image.

33
2. Pixels Correlation Analysis
It is a statistical evaluation used to determine the relationship between the
pixels of the original image and the encrypted image. To fulfill this test, the
correlation coefficient must be close to 0 [83]. Equation (2.6) is used to
calculate the correlation coefficient.

Correlation=∑
( ( i−µi ) ( j−µj )
σi σ j ) (2.6)

3. Histogram analysis

A histogram displays the frequency of occurrence of pixel values in

original and encrypted images. The distribution of the encrypted image
histogram must be uniform and flat to remove the image's statistical
features, which are exploited by the attacker [84]. 

4. Differential Attacks Analysis

In image encryption, the strength of the encryption against differential
attacks is typically evaluated using the number of pixel change rate
(NPCR) and unified average change intensity (UACI) testing. The NPCR
and UACI are intended to calculate the average altered intensity and
number of altered pixels between two encrypted images after alter single
pixel in the original image [85]. Equation (2.7) is used to calculate the
NPCR while the equation (2.8) is used to calculate UACI.

NPCR= [ ∑ I ( i, j )
i,j
M ×H ] . 100 % (2.7) [86]

UACI =
1
M×H [ ∑ |C1 ( i, j )−C2 ( i, j )|
i,j
255 ] . 100 % (2.8) [89]

34
 Where I (i, j) = 1 if C1 (i, j) ≠C2 (i, j), otherwise I (i, j) =0 and C1 and
C2 indicate the encrypted images of original image before and after
single-pixel alteration in the original image.
The following table 2.3 shows the optimal value of each above criteria and
statistical metrics:

Table 2.3: The optimal values of S-box criteria and statistical metrics.
# Test Condition of passing the test )Optimal value(
1 BC Equals numbers of ones and zeroes in output sequence
2 CC Every output bit must dependent on all input bits
3 AC 50 %
4 SAC satisfy AC and CC
5 Entropy Near or equals to 8
6 Correlation Near or equals to 0
7 Histogram uniform and flat
8 NPCR  99.5
9 UACI  33.3

2.11.3 Randomness NIST Tests

The NIST "National Institute of Standards and Technology"
randomness test suite consists of sixteen statistical tests developed to
check the randomness of binary sequences like cipher-text or
pseudorandom number generators in cryptosystems. These tests like
frequency (Monobit), which checks if the sequence has an equal number
of 1's and 0's, block frequency, runs test (to check if the number of runs
of 1's and 0's of varying lengths is random or not), binary matrix rank,
discrete Fourier, approximate entropy, and other tests reach to 15. In
every test, a p-value is calculated to determine if the test is satisfied or

35
not, where if the p-value = 0.01 or p-value > 0.01 means the sequence
satisfied the test [87].

36
 Chapter Three
The proposed design of the
Lightweight Encryption Algorithm
 Chapter Three
The proposed design of the Lightweight Encryption Algorithm

3.1 Introduction
This chapter illustrates the development of an encrypting algorithm that can
be employed to protect the IoT sensing data. Many alterations are made to the
design of the AES algorithm, such as changing the MixColumn process, which
consumes a lot of time, with a dynamic permutation process to be lightweight.
Despite these modifications, the key structure of AES (substitution permutation
network (SPN)) has been kept. Moreover, since the outputs of chaotic systems
have excellent features that are suitable for encryption systems, the construction of
the proposed encryption system relies on a combination of chaotic systems. One of
the alterations to the AES is constructing a strong S-box that is employed in the
SubByte process rather than the conventional AES S-box. This proposal is
designed in order to offer a high level of security and a fast implementation time in
the encrypting and decrypting process of sensing data. Furthermore, it is designed
to consume less memory and maintain the usage and temperature of the processor
(CPU) at normal levels to be suitable with any IoT device, which can be utilized in
different IoT applications, for instance, industrial factories, smart buildings, health
care, and so on, which needs to be secured to prevent attacks and unwanted access.

3.2 The Proposed Encryption Algorithm (LWAES-128)

Since there is good compatibility among chaotic systems and cryptographic
systems, two chaotic systems are employed in the construction of the suggested
LWAES-128, to construct a secure encryption algorithm. The design of the
suggested LWAES-128 algorithm involves two major steps: the first is the main

35
construction of the system, which refers to the method utilized to generate all the
needed encryption tools (S-box, dynamic permutation (DP) table, and rounds
keys). The tools have been generated depending on each other, utilizing a
combination of chaotic systems. (initial key) is another tool generated utilizing the
Shake-128 hashing algorithm. The second step is the encryption process utilizing
the designed LWAES-128, which relies on these generated tools. The encryption
and decryption operations utilizing the proposed LWAES-128 are shown in Figure
(3.1).

3.2.1 Key Generation of System

The proposed LWAES-128 algorithm performs the same functions as the

original AES algorithm, but with the following modifications: The dynamic
permutation (DP) is utilized rather than the MixColumn function, and the number
of rounds is reduced from 10 to 9. This modification aims to decrease the time
consumed in processing. The Shake-128 hashing algorithm is utilized on a master
key of unlimited size to produce an initial key of 128 bits, and two chaotic systems
are utilized in the generation of all other required tools for the proposed LWAES-
128.
Firstly, generating an S-box by utilizing one-dimensional logistic map
equation presented in eq. (2.1). Secondly, the results of eq. (2.1) are handled to fall
within the range of starting condition and control parameter of two-dimensional
logistic equation presented in eq. (2.2) and eq. (2.3), which are utilized to generate
the DP table and two sets of chaotic keys, one for odd rounds and one for even
rounds. Lastly, hashing the master key by utilizing Shake-128 for the initial round.
Figure (3.2) and algorithm (3.1) shows these process.

36
 Master Key (n-bits)
Plaintext Block (4X4) Plaintext Block (4X4)
Shake-128 Initial Key
Initial Key
AddRoundKey 128-bits 128-bits AddRoundKey
(4X4) Inv-New S-box

-1
(4X4)
New S-box

Round 9
Inv-ShiftRows
ShiftRows

map
Round 1

Inv-DP

D logistic
DP

AddRoundKey Yi
Odd Keys Xi Odd Keys
(4X4) AddRoundKey
(4X4)
New S-box Inv-New S-box

Round 8
Sub-Keys Generation based on two- dimensional logistic map
ShiftRows Inv-ShiftRows
Round 2

DP Inv-DP

AddRoundKey Even Keys Xi Xi Even Keys

(4X4) AddRoundKey
(4X4)
Inv-New S-box

Round 7
New S-box Inv-ShiftRows

ShiftRows Inv-DP
Round 8

DP

AddRoundKey Even Keys Xi Xi Even Keys

(4X4) AddRoundKey
(4X4)
New S-box Inv-New S-box

Round 1
ShiftRows Inv-ShiftRows
Round 9

DP Inv-DP

AddRoundKey Odd Keys Yi Yi Odd Keys

(4X4) (4X4) AddRoundKey

Cipher-text Block (4X4) Cipher-text Block (4X4)

Encryption Decryption

Figure (3.1): Overall structure of the proposed LWAES-128 (a) the

encryption process and (b) the decryption process

37
 For initial rounds, the initial key is constructed from Shake-128, and two
sets of chaos keys are constructed, one set for odd rounds and second one set for
even rounds, resulting in every round in LWAES-128 having a different key and
also having a different permutation values (from DP table). All of these
modifications help to make the AES lightweight by reducing the time consumed in
the encryption and decryption process while maintaining a high level of security.

Master Key x0 y 0
x0 12 1 2

Hashing by Shake- One-dimensional Two-dimensional logistic

128 logistic map map Processing

Concatenation
Fractions Xi Fractions Xi Fractions Yi
xi and yi

Processing Processing Processing

Initial Key (4X4)

for initial round New S-box Keys for even Keys for odd
(16X16) rounds rounds DP Arrays

Figure (3.2): Key Generation of System

Algorithm (3.1): Key Generation of System

Input: Initial values of one-dimensional logistic map(x0,)
Output: S-box (16X16), odd rounds keys, even rounds keys, and DP table
begin
Step1: Reading the x0 and  values
Step2: Calculating the x values of one-dimensional logistic map using eq.
(2.1)
Step3: Constructing the S-box of size (16X16) based on x values calculated in
step 2 according to algorithm (3.2)
38
Step4: Using the calculated x values in step 2 to construct the starting
conditions and control parameters of two-dimensional logistic map
Step 4: Converting each x value to integer and storing it in i// i is integer array
Step 5: Taking two digits (digits 10 and 11) of one values of i and calculate (i
mod 3.4) and storing result in m// m is temporary variable
Step 6: If m > 2.75 Then storing in 1// 1 is the control parameter of two-
dimensional logistic map.
Else go to step 5 to calculating another value
Step 7: Taking three digits (digits 7,8, and 9) of one values of i and calculate
(i mod 3.45) and storing result in m1// m1 is temporary variable
Step 8: If m1 > 2.7 Then storing in 2// 2 is control parameter of two-
dimensional logistic map.
Else got to step 7 to calculating new value
Step 9: Taking two digits (digits 7, and 8) of one values of i and calculate (i
mod 0.21) and storing result in m2// m2 is temporary variable
Step 10: If m2 > 0.15 Then storing in ❑1 // ❑1 is the control parameter of two-
dimensional logistic map.
Else got to step 9 to calculating new value
Step 11: Taking one values of i and calculate (i mod 0.15) and storing result
in m3// m3 is temporary variable
Step 12: If m3 > 0.13 Then storing in ❑2// ❑2is the control parameter of two-
dimensional logistic map.
Else got to step 11 to calculating new value
Step 13: Calculating the starting conditions (x0,y0) of two-dimensional logistic
map from the x values generated in step 2
Step 14: using the generated 1, 2, ❑1, ❑2, x0 and y0 to generate x values and
y values of two-dimensional logistic map using eq.(2.2) and eq.(2.3)
Step 15: From the generated x values and y values in step 14 generating two

39
 types of keys (odd round keys and even round keys) and generating
the table of DP values according to algorithm (3.4)
End

3.2.2 Proposed New S-box

The S-box is an essential tool of the AES algorithm, which is utilized to offer
the confusion effect between the plain-text and cipher-text. AES uses polynomial
equations to create S-box and inverse S-box. In this proposal, a one-dimensional
logistic map is used to generate a new S-box to be utilized in the proposed
LWAES-128 algorithm. This new S-box also offers the confusion effect between
the plain-text and cipher-text. So, it offers most of the LWAES-128 security.
Figure (3.3) shows the flow chart of construction the new S-box. The S-box is
constructed as follows: in the first step, the floating random numbers are generated
using a one-dimensional logistic map equation; after that, these generated random
numbers are converted into hex values; and then these hex values are utilized to
construct the S-box, which is utilized in the encrypting phase. The Algorithm (3.2)
shows the S-box generation process. The construction steps of the inverse S-box
for the suggested S-box is shown in algorithm (3.3). The inverse S-box is utilized
in the decrypting phase.

40
 Figure (3.3): Flow chart of construction the proposed S-box

Algorithm 3.2: Constructing S-box utilizing 1-D chaotic logistic map

Input: starting values of the one-dimensional logistic map(x0,)
Output: S-box 16*16
Begin:
Step 1: Reading control parameter and starting condition (1,4) and x0 
(0,1)
Step 2: Set i= 0, index= 0, float X array= Null, string H = Null, string S

41
 array= Null, string array S-box [16,16]
Step 3: While (i < 256)
Step 3.1: x [i + 1] =  * x[i] * (1 - x[i])
Step 3.2: Converting x[i] to hex and extract only two digits (digits
7 and 8) and then store it in H
Step 3.3: If (S contents H) Then {i++ and go to step 3} // This step
is to avoid duplication of values
Step 3.4: else s[i]=H; i++ and go to step 3
Step 3.5: End if
Step 4: End While
Step 5: For i=0 to 15
Step 6: For j=0 to 15
Step 6.1: S-box [i, j] = S[index]
Step 6.2: index ++
Step 7: next j
Step 8: next i
End

Figure (3.4) shows an instance of the creation of S-box utilizing the chaotic
values resulted by the one-dimensional logistic equation when  = 3.64103 & x0 =
0.0131.

42
 Chaotic values Hex values S-box values

0.0131 0x1.ad42c3c9eecc0p-7 2c
0.047072655841700006 0x1.819e83ac07e78p-5 e8
0.16332503065144144 0x1.4e7d5a8a210d4p-3 d5
0.49754662211546025 0x1.fd7cdc98e27afp-2 cd
. . Extracting two .
. Converting to . .
. hex . digits (from 7 to .
. . 9) .

Figure (3.4): Example of S-box construction

Algorithm 3.3 below shows the steps required to generate the inverse of the
S-box that is required in the decrypting phase to retrieve the plain-text.

Algorithm 3.3 : Constructing of the inverse S-box

Input: The generated S-box in algorithm 3.2
Output: Inverse S-box (16*16) (InvS-box)
Begin:
Step 1: Set a=0, b=0, string array InvS-box [16,16] = Null
Step 2: For i=0 to 15
Step 3: For j=0 to 15
Step 3.1: Extract the first digit from the value of S-box [i, j] and convert it
into integer and then store in a
Step 3.2: Extract the second digit from the value of S-box [i, j] and convert it
into integer and then store in b
Step 3.3: Convert i and j to hex and combine them and then store them in the
InvS-box [a, b]
Step 4: Next j
Step 5: Next i
End

The following is an example that explains how each value can be generated
in the inverse S-box: Suppose we have the value {ED} from row (6) and column
43
(0) of the S-box. First, dividing these values into two values, {E} and {D} and
converting each of these values into integers to become 14 and 13, which indicate
row 14 and column 13 in the inverse S-box. Then convert the numbers (6,0) of the
row and column of the {ED} value into hex and combine them to use as the value
of the inverse S-box. Therefore, the value of the S-box {ED} represents {60} in
row 14 and column 13 in the inverse S-box.

3.3.3 Constructing Keys and Dynamic Permutation Table

The proposed LWAES-128 algorithm uses a new method in the constructing of

keys to be used in the encryption/decryption process. Algorithm 3.4 explains the
constructing of keys and a dynamic permutation (DP) table based on a two-
dimensional logistic map. Two types of keys are generated using the random
values by eq. (2.2 and 2.3). The first type is for even rounds, and the second type is
for odd rounds. Each of these keys is different, which means each round has a
different key. These keys are generated as follows: first generating random
numbers of X by using the eq. (2.2) and then converting these values into hex
values and extracting four digits from each value, storing them in a string variable.
Last, the keys for even rounds are generated. Repeating the same process but using
the eq. (2.3) to generate the keys of odd rounds, the algorithm 3.5 explains this
process.

The DP table is used instead of the MixColumn operation to provide

permutation. The DP table is generated as follows: converting the generated
random values of x and y from eq. (2.2 and 2.3) into hex values and combining
them together, then extracting three digits at a time, converting these three digits
into integers, and using some process on them to construct the table of DP. The
generated DP table has 9 rows, each row assigned for one round, which has 16
numbers representing positions that will be used to change the positions of bytes in
44
the state. The use of DP with 9 rows that represent dynamic permutation in the
encryption phase will increase the diffusion. For instance, the first round uses the
first row of DP, which contains 16 positions, while the second round uses the
second row of DP, which also contains 16 positions but with a different order. In
other words, each row in the DP table contains numbers (from 1 to 16) in a
different order from all the rows in the DP table, which are assigned for each round
in the encryption phase. Algorithm 3.5 shows the generation of the inverse DP
table to be used in the decryption phase.

Algorithm 3.4 : Construction of keys and DP table

Input: The output from one-dimensional uses as initial conditions for the two-
dimensional logistic map.
Output: Keys for even rounds, keys for odd rounds, DP table of size (9*16).
Begin:
Step 1: Generate x and y random values by utilizing the two-dimensional
logistic map equations given in eq. (2.2, 2.3)
Step 2: Convert all the generated values of x into hex string and store it in h //
h is string array
Step 3: Convert all the generated values of y into hex string and store it in
h1 // h1 is string array
Step 4: Convert all the generated values of x and y into hex and combine
them together and store it in d// d is string variable
Step 5: Take one value from h and extract four digits (from digit 5 to 9) and
store it in s array
Step 6: Take one value from h1 and extract four digits (from digit 5 to 9) and
store it in s1 array
Step 7: Repeat steps 5 and 6 to obtain another values from h and h2 until each

45
 s an s1 arrays are has 32 values which are represent the first even
and odd round keys
Step 8: Repeat steps 5, 6, and 7 to construct all the four keys for even rounds
and all the five keys for odd rounds
Step 9: Apply the below steps to generate 16 different numbers for each row
in DP/ DP is integer array of size (9*16)
Step 9.1: Extract three digits at one time from d then convert it into integer
and store it in t// t is temporary
Step 9.2: Calculate (t mod 17) then store the result in t1//t1 is temporary
Step 9.3: If (t1>0) & (t1 not exist in the current row of DP) & (t1 not
equal to current address of DP) Then
Insert t1 into current row of DP
Else go to step 9.1 to extract another value
Step 10: Repeat steps 9 until DP has 9 rows with each row 16 different
numbers // 9 rows for 9 rounds
End

The algorithm 3.5 below represents the generation of the inverse array of DP
table that will be used in decryption process.

Algorithm 3.5 : Generation of The inverse array of dynamic permutation

Input: The generated DP array from algorithm 3.4
Output: Inverse DP array of size (9*16)
Begin:
Step 1: Read all values in each row of DP
Step 2: Use each value of the current row as address for the current row of
inverse DP array
Step 3: Store the address of each value of the current row of the DP array into
46
 the current row of the inverse DP array in the address obtained in step
2
Step 4: Repeat steps (one, two and three) until the inverse DP array has 9 rows
End

3.3.4 Constructing of initial key

The standard AES algorithm restricts the user to entering a master key with a
size of 128 bits to be used for the initial round in the encryption/decryption
process. Therefore, the proposed LWAES-128 overcomes this restriction by using
the Shake-128 hashing algorithm to generate the 128 bits of the initial key. The
initial key is generated as follows: obtaining the master key from the user with any
size (variable size), then using it as input to the Shake-128 algorithm to produce
the initial key of size 128 bits (fixed size), which is completely different from the
obtained master key. Thus, the user is not restricted by the size of the key, and the
key has also become more complex. The examples in figure (3.5) below explain
how to generate the key for the initial round by using Shake-128 hashing
algorithm.

Input (variable
Hashing algorithm Digest (fixed size 128 bits)
size)

A a5ba3aeee1525b4ae5439e54cd711f14

a 85c8de88d28866bf0868090b3961162b
SHAK-128
ab12 d4149ef2094ed584311d64e107e6ec6e

abcdf 614fce17c050de859a3b5fe5f6ff3388

Figure (3.5): Examples of key Construction for the initial round

3.3.5 The Encryption Process utilizing LWAES-128 Algorithm

47
 Algorithm 3.6 explains the encryption process utilizing LWAES-128. The
three types of keys are utilized in the encryption process: the first is generated by
utilizing the Shake-128 hashing algorithm for the initial round; the other two types
are generated by utilizing two-dimensional logistic map equations, the first for
even rounds and the second for odd rounds. The plaintext will be encrypted with
10 different keys; 1 key for the initial round, 4keys for even rounds, and 5keys for
odd rounds.
The first alteration to the AES is to improve the SubByte function by
utilizing the suggested S-box, which is constructed using a one-dimensional
logistic equation. The second step is to utilize the suggested DP table in the DP
function rather than the Mixcolumn function to reduce the time consumed in the
Mixcolumn function. The DP table utilized in this proposal is constructed utilizing
two-dimensional logistic map equations. The generated DP table has 9 rows. Each
row contains 16 positions, with a different order assigned to each round. All these
modifications aim to make the standard AES lightweight by reducing the time of
execution in encryption and decryption processes and keeping it robust to avoid
several attacks.

Algorithm 3. 6: The encryption process utilizing LWAES-128

Input: Plain-text, three types of keys for (initial round, even rounds, and odd
rounds)
Output: Ciphertext
Begin:
Step 1: Splitting the plaintext into blocks (state) of size (4*4) 16-bytes
Step 2: Apply AddRoundKey function by perform XOR operation between
the state (4*4) and the generated key from Shake-128 hashing
algorithm

48
 Step 3: For i=1 to 10// i indicate to round number i<10// i.e., nine rounds
Step 3.1: Apply SubByte function utilizing the S-box that constructed by
one-dimensional logistic map
Step 3.2: Apply ShiftRow function on produced state from step 3.1
Step 3.3: Apply DP function on produced state from step 3.2 utilizing
the DP table that constructed by two-dimensional logistic map
(utilizing the round number i to extracting the matched row
from DP table)
Step 3.4: IF i is odd Then
Apply the AddRoundKey function between the produced state
from step 3.3 and key[(i/2)+0.5)] from keys for odd round
Step 3.5: Else
apply the AddRoundKey function between the produced state
from step 3.3 and key[(i/2)] from keys for even round
Step 4: next i
Step5: Store encrypted block and repeat steps (2 and 3) to encrypt new block
until encrypted all data blocks
End

Each round in LWAES-128 has the functions explained bellow:

4 SubByte Function utilizing the Proposed S-box
One of the complicated functions in LWAES-128 is the SubByte, which offers
the majority of the LWAES-128 security. In this function, every value in the state
is changed with another one from the suggested S-box, so it offers confusion
between the plain-text and cipher-text. For instance, employing table (3.1) S-box
for the encrypting process and table (3.2) inverse S-box for the decrypting process.

49
 Table (3.1): An instance of the suggested S-box employed for encryption
Y
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 99 F9 D2 57 1C 70 A2 13 1A A7 BC 3D 58 71 69 EF
1 6A E3 F0 E4 37 21 16 F6 12 14 5E A5 20 EB AE 1B
2 06 74 CE 35 79 E8 1F 8C 8B B 7C 4A 92 17 2D B1
3 85 77 46 C0 5F 9C 68 EC E7 3C 3A 64 CC A0 E AC
4 AD D4 53 76 28 8E 15 67 FC 1D 9B CA 09 5A 29 04
5 7B 49 27 22 B6 41 39 03 9A 4D 38 A3 4B BB 42 BA
6 ED 18 FB C3 97 75 F7 D7 AA D5 AB E5 23 0D 93 B2
7 60 F8 EE EA B5 48 C1 78 26 E6 D6 56 2F 7E 52 25
X

8 CF 6E B7 A4 73 8F 88 02 65 83 DC A9 C4 5C 8A D9
9 FF 07 55 FE 63 2A 01 3E A8 7F 1E 05 A6 FD 7A B4
A 8D 6F AF 2C B3 31 6D 40 DB 0A 19 61 10 82 24 F2
B F1 00 4E DD 72 90 5D 11 C5 CB 51 9F D8 DA 86 08
C 94 30 96 6C 89 F3 B0 54 C8 3F D1 44 95 A1 66 BE
D 80 FA 6B 32 7D 62 3B E2 87 C9 D0 34 0F 50 47 5B
E 81 4F 36 DE 45 84 C2 E1 BF DF 98 91 9E 9D 0C C6
F E0 CD E9 33 BD F5 2E 2B 43 D3 4C F4 B9 59 C7 B8

Table (3.2): An instance of the Inverse S-box employed for decryption

Y
0 1 2 3 4 5 6 7 8 9
0 B1 96 87 57 4F 9B 20 91 BF 4C A9 29 EE 6D 3E DC
1 AC B7 18 07 19 46 16 2D 61 AA 08 1F 04 49 9A 26
2 1C 15 53 6C AE 7F 78 52 44 4E 95 F7 A3 2E F6 7C
3 C1 A5 D3 F3 DB 23 E2 14 5A 56 3A D6 39 0B 97 C9
4 A7 55 5E F8 CB E4 32 DE 75 51 2B 5C FA 59 B2 E1
X

5 DD BA 7E 42 C7 92 7B 03 0C FD 4D DF 8D B6 1A 34
6 70 AB D5 94 3B 88 CE 47 36 0E 10 D2 C3 A6 81 A1
7 05 0D B4 84 21 65 43 31 77 24 9E 50 2A D4 7D 99
8 D0 E0 AD 89 E5 30 BE D8 86 C4 8E 28 27 A0 45 85
9 B5 EB 2C 6E C0 CC C2 64 EA 00 58 4A 35 ED EC BB
A 3D CD 06 5B 83 1B 9C 09 98 8B 68 6A 3F 40 1E A2
B C6 2F 6F A4 9F 74 54 82 FF FC 5F 5D 0A F4 CF E8
50
 C 33 76 E6 63 8C B8 EF FE C8 D9 4B B9 3C F1 22 80
D DA CA 02 F9 41 69 7A 67 BC 8F BD A8 8A B3 E3 E9
E F0 E7 D7 11 13 6B 79 38 25 F2 73 1D 37 60 72 0F
F 12 B0 AF C5 FB F5 17 66 71 1 D1 62 48 9D 93 90

Every byte in the state is changed with another one from the S-box as
follows: As shown in figure (3.6), the byte of state is split into two parts, with the
first part indicating the row of the S-box and the second part indicating the column
of the S-box. The row and column are then crossed to get the new byte from the S-
box and replace it with the current byte in the state.

Figure (3.6): S-box matrix with explanation to SubByte function

5 ShiftRows function
The LWAES-128 uses the same ShiftRows function as in the original AES
without any change. This function offers a permutation process to the state. It
works as follows: keeping the first row of the state without any change while

51
 shifting cyclically to the left the second, third, and fourth row by 1byte, 2bytes, and
3bytes, respectively, as shown in figure (3.7).

Figure (3.7): ShiftRows function

6 Dynamic Permutation (DP) function

The third function in the LWAES-128 algorithm is the DP. It offers permutation
process to the state. The generated DP table in algorithm 3.4 is used in this
function. Tables (3.3) and (3.4) show2 the example on the DP table and its inverse.
The DP table contents 9 rows within each row 16 different numbers assigned for
each round.
Table (3.3): Example of DP table employed for encryption
Round 1 11 15 8 5 7 1 16 9 12 13 4 10 14 6 2 3
Round 2 14 13 15 1 12 7 10 2 4 8 9 3 5 16 6 11
Round 3 16 4 5 8 1 11 9 14 3 15 10 2 12 7 6 13
Round 4 15 16 10 13 12 4 9 5 2 14 1 3 8 7 6 11
Round 5 2 8 15 6 12 4 1 11 5 9 7 3 10 13 16 14
Round 6 9 14 1 11 15 16 2 13 5 4 10 3 7 12 8 6
Round 7 8 6 4 14 2 1 3 15 5 12 7 10 11 13 16 9
Round 8 6 1 8 15 10 11 3 2 12 7 14 4 16 13 5 9
Round 9 15 1 5 14 4 2 10 9 3 12 16 8 6 13 11 7

Table (3.4): Example of inverse DP table employed for decryption

Round 1 6 15 16 11 4 14 5 3 8 12 1 9 10 13 2 7
Round 2 4 8 12 9 13 15 6 10 11 7 16 5 2 1 3 14
Round 3 5 12 9 2 3 15 14 4 7 11 6 13 16 8 10 1

52
 Round 4 11 9 12 6 8 15 14 13 7 3 16 5 4 10 1 2
Round 5 7 1 12 6 9 4 11 2 10 13 8 5 14 16 3 15
Round 6 3 7 12 10 9 16 13 15 1 11 4 14 8 2 5 6
Round 7 6 5 7 3 9 2 11 1 16 12 13 10 14 4 8 15
Round 8 2 8 7 12 15 1 10 3 16 5 6 9 14 11 4 13
Round 9 2 6 9 5 3 13 16 12 8 7 15 10 14 4 1 11

Figure (3.8) below shows an example of applying the DP function. The first
step is selecting the row's number according to the round's number. In this
example, the round's number is 1, which means selecting the first row from table
DP, then reading the first number in the selected row, which indicates the byte
position in the state, then moving this byte into position 1. Then reading the second
number from the current row to select the position of another byte from the state,
moving it into position 2, and so on.

Row 1 from the DP table

State before applying State after applying

DP function DP function

Figure (3.8): Example of DP function

7 AddRoundKey function

The last function in the LWAES-128 is the AddRoundKey. In this function, the
XOR operation will be performed between the state (data block) and the 128 bits
53
of the round key. It is performed columnwise, i.e., each column in the state is
XORed with the corresponding column in the roundkey, as shown in figure (3.9)
below:

State before applying State after applying

AddRoundKey Key from oddKey AddRoundKey
function function

Figure (3.9): Example of AddRoundKey function

When this function is executed on the initial round, the key utilized is
derived from the key for the initial round that was generated by the Shake-128
hash algorithm. When the index of the round is even, the key utilized in this
function is derived from the keys of the even rounds, and lastly, when the index of
the round is odd, the key utilized is derived from the keys of the odd rounds.

54
 Chapter Four
Implementation the proposed
System
 Chapter Four
Implementation the proposed System
4.1 Introduction
After the proposed LWAES-128 encryption algorithm has been designed,
it is evaluated utilizing many statistical tests and implemented in a practical
environment utilizing the Raspberry Pi model 4 and sensors. The LWAES-128
is utilized to protect sensor data while sending it over the network. The
temperature sensor, humidity sensor, and flame sensor are employed to detect
the temperature, humidity, and whether or not there is a fire, and then transfer
this collected data to the server via a wireless network. This collected data has
an essential role in the server's actions, so using the LWAES-128 encrypting
algorithm provides secure this data against attackers.
This chapter illustrates, analyzes, and discusses the results of the
proposed LWAES-128 encryption algorithm. The WAES-128 is tested and
evaluated by utilizing various security tests. Lastly, LWAES-128 is utilized to
encrypt the data of sensors DHT22 and flame before it is sent to the server over
the network.
4.2 Implementation of the System
The proposed LWAES-128 encryption algorithm, as illustrated in the
previous chapter, was meant to protect the sensing data in an IoT network. As a
case study, a Raspberry Pi device and some sensors like temperature, humidity,
and flame are utilized to monitor the temperature, humidity, and whether or not
there is a fire in the place.
The temperature degree and humidity rate are determined by utilizing the
DHT22 sensor, while the flame sensor is utilized to determine the presence of a
fire or not. The sensors' data will be transmitted to the server over the network.
These sensors' data are essential for the server in making decisions, and
when hacked and modified by hackers, this will lead to decisions that cause

55
errors in the system. As a solution, the data from these sensors will be encrypted
by utilizing LWAES-128 algorithm installed in the Raspberry Pi device. This
IoT system can be utilized to measure humidity and temperature, for instance, in
factories, nuclear power plants, or smart homes.
As shown in figure (4.1), two types of sensors, Raspberry Pi 4model B and
server, are utilized in this proposal. In the first step, data from sensors connected
to the Raspberry Pi device is collected. This data is then encrypted using the
LWAES-128 algorithm that is installed on the Raspberry Pi device. Finally, the
encrypted data from the sensors is securely sent to the server side over a
wireless network.
On the server side, after receiving the encrypted sensor data from the
Raspberry Pi, the decryption process is performed by utilizing the LWAES-128
algorithm to obtain the original sensor data. In this proposal, the server utilized
is a laptop running Windows 10.

56
 Figure (4.1): Proposed LWAES-128 algorithm implementation
4.3 Requirements and Environment
For implementation of the proposed LWAES-128 algorithm on IoT
devices, two requirements are needed: hardware and software requirements. The
hardware requirements that are utilized in this proposal are sensors (DHT22 and
Flame-fire), a Raspberry Pi 4model B, a computer, and wireless network, while
the software requirements that are utilized in this proposal are the Python
programming language version 3.10.6 for programming the proposed LWAES-
128 algorithm and the sensors, the Raspbian operating system for the raspberry-
pi, and the Windows 10 operating system for the computer. Table 4.1 shows the
Specifications of the utilized sensors.

Table 4.1: Specifications for the DHT22 and Flame sensors

Sensor Name DHT22 Flame-fire

Humidity & temperature Flame sensor

Type
sensor
Utilized for measure Utilized to determine
Utilization temperature and humidity of whether or not a place has
a place a fire
Input power 3.3V DC - 5.5V DC 3.3 V DC – 5 V DC
digital signals by one-wire Digital signal 0 or 1
Output signal
Bus
s

Humidity: (from 0 to 0 from 720 nm to 1100 nm

Operating range %100 RH)
0

temp: (from - 40° to80 °) 0

Humidity: (Max ± % 5RH), adjustable

Accuracy
1 10

temp: (± 0. 5°)
5

Average Sensing 2s 2s
period

he DHT22 sensor consists of two elements; a thermistor to determine the

temperature-degree and a capacitive humidity sensor to determine the humidity-

57
percentage. It has a single-bus digital interface. By using the library
(Adafruit_Python_DHT), the Raspberry-pi collects the data from the DHT22
sensor.
The flame IR sensor is sensitive to the light that is generated by the
flame. It can detect light wavelengths within the range (from 720 nm to 1100
nm) in the spectrum of infrared. When the flame sensor detects a flame, the
digital output (DO) becomes (1), otherwise it becomes (0). The Raspberry Pi
can read the data from this sensor by determining the pin number (GPOI) that is
linked as the data-pin.
The data is collected from the sensors as numerical values via the
raspberry-pi module. Then the Raspberry Pi encrypts this collected data by
utilizing the LWAES-128 algorithm. Lastly, the Raspberry Pi sends this
encrypted data to the server side utilizing a wireless connection by socket (IP
address).
A Raspberry Pi is a microcomputer that has an operating system. It is able
to execute many programs simultaneously. The Raspberry Pi 4model B utilized
in this proposal is the latest product in the raspberry-pi family. Table 4.2 shows
the specifications of the utilized Raspberry Pi 4model B.

Table 4.2: Raspberry Pi 4model B specifications

Input Power 5 V DC/3A
Processor 64-bit quad-core Cortex-A72
Ram 8 GB LPDDR4
HDMI ports 2 micro ports (supports up to 4Kp60)
USB ports 2USB 3.0ports and 2USB 2.0ports
Ethernet Gigabit
Wireless 802.11bgn/ac
Bluetooth Ver. 5.0
GPOI 40-pin GPOI header
SD card Slot A micro-SD card slot

58
4.4 Collection of Data from Sensors
In this proposal, the Raspberry Pi is programmed to collect data from the
sensors every 5 seconds to monitor changes in the environment. An example of
collecting data from sensors every 5 seconds is shown in table 4.3.
Table 4.3: An example of collecting sensors data every 5 seconds
Time (sec) Temperature (C) Humidity (% RH) Fire
1 35° 44% 0
6 35° 45% 0
11 35° 41% 0
16 34° 60% 0
21 35° 46% 1

As observed in table 4.3, the first column (time) means that the collected
data at the initial time is listed in the first row, after 5 seconds it is listed in the
second row, and so on. At the initial time (1 sec), the data collected by
Raspberry Pi are: temperature = 35 C, humidity = 44%, and fire = 0 means no
fire detection, whereas the collected sensing data at the time in row 5 are:
temperature = 35 C, humidity = 46%, and fire = 1 means there is a fire detected.
Through this sensing data, it is noticed that there is an abnormal condition,
which is the presence of a fire in that place.
These collected data will be encrypted using the LWAES-128 algorithm
before being sent to the server. On the server side, the encrypted data is first
received and then passed to the LWAES-128 algorithm to be decrypted and
displayed on screen.
4.5 Evaluation and Results

The LWAES-128 algorithm is implemented with a key size of 128-bit.

As explained in section 3.2 of chapter 3, the LWAES-128 algorithm does the
same functions as the original AES algorithm, but with a few changes that make

59
it a lightweight encryption algorithm that can be employed to protect IoT
devices. The round’s functions in the LWAES-128 are Sub Bytes, Shift Rows,
Dynamic permutation (DP), and Add Round Key. Table 4.4 explains the
comparison between the standard AES and LWAES-128 algorithms.

Table 4.4: Comparison between the standard AES and LWAES-128 algorithms
Standard AES LWAES-128
Key length 128-bits 128-bits
Block length 128- bits 128- bits
Key space 2128 2128
No. keys 11 10
No. rounds 10 9
Sub Bytes, Shift Rows, Sub Bytes, Shift Rows,
Round’s function MixColumns, and Add Dynamic permutation (DP),
Round Key and Add Round Key
Structure SPN SPN

This proposal involves two major steps: generating a new substitution-

box, and encrypting utilizing the proposed LWAES-128 algorithm. The
implementation of each of these steps is illustrated below.

4.5.1 Substitution-Box Evaluation

The LWAES-128 employs the generated S-box by the S-box generator to
be used in the SubBytes function. As explained in chapter3, the S-box generator
employs the one-dimensional logistic map to construct S-box hard to predict.
The average time taken to construct the S-box and inverse it is only 15.6
milliseconds. This S-box is evaluated by the following S-box evaluation criteria:
balanced, completeness, avalanche, strict avalanche, and invertability as
detailed below:
1. Balanced Criterion(BC)
60
 The new S-box satisfies this criterion because it has equal number of zeros
and ones, i.e., it is balanced, as indicated in table 4.5.
Table 4.5: BC test on S-box when x0=0.05 and =3.7
BC test (input: two strings)
Approach “AMHKEF73 ” 3 “01234567 ” 7

No. zeros No. ones No. zeros No. ones

Ref [14] 32 32 32 32
Ref [15] 36 28 28 36
Proposed S-box 32 32 32 32

The balanced criterion test is also applied to the constructed S-box from x0 =
0.7 and  = 3.91, as shown in table ( 4.6) below.
4

Table 4.6: S-box values when x0=0.7 and  =3.91 1

0 66 73 25 93 49 C8 62 10 6A 6C 86 5B 65 82 01 5E
1 67 C0 83 30 F1 EF F0 A2 60 B1 7D CC 39 85 05 7A
2 3B A0 34 8E 8A 45 E3 C2 20 3F 96 84 24 04 A4 31
3 21 2E 36 7C 40 EB B4 54 80 75 06 BC 4E 53 CD 2A
4 CE 1E C4 71 E0 FA 79 22 51 CF D5 0C 91 5F 0E 6F
5 B0 47 32 6E 81 2B 0F F5 23 50 42 C1 64 CA 2F 35
6 FE 02 DA 15 7E B8 F4 08 D4 18 68 D8 D2 2C 9B E4
7 E7 A8 1C 6B A9 8D 3D 6D 89 FC F3 CB 38 AF 16 7B
8 7F E5 03 59 BD C6 EE 0A 77 D3 4D B2 9F BB BF FD
9 44 D9 95 63 3A 74 D1 DF C7 72 AE 88 78 E9 F8 E6
A 4A ED C9 28 F2 4F F7 07 EC 14 9D 26 4C 90 FF 99
B 4B 57 0B 27 5C 29 B7 D6 58 97 BA 92 C5 E2 1B B9
C AB AA 1A FB 94 AC AD 12 3E B6 8C 76 E1 DB B5 B3
D 19 70 8F 8B 87 98 55 C3 3C 13 09 1F A1 DD 56 0D
E A3 46 F9 DC DE EA BE 52 A6 48 17 D0 43 41 9A A7
F 9E 5D 1D A5 D7 61 9C 00 33 69 11 37 5A 2D E8 F6

When testing the proposed S-box with the BC test, the result shows a
balance which is due to having an equal number of zeros and ones as seen in
table (4.7), which explains the BC test for two different strings utilizing the
suggested S-box compared with other S-boxes.

61
 Table 4.7: BC test on S-box when x0 =0.7 and  =3.91
0 1

BC test (input: two strings)

Approach “Computer” “ABMNOPQR”
No. zeros No. ones No. zeros No. ones
Ref [11] 28 36 30 34
Ref [12] 31 33 35 29
Ref [13] 35 29 0 28 36
0

Proposed S-box 32 0 32 0 32 32

2. The Completeness Criterion (CC)

It is due to every bit in the new S-box relying on the input values x 0 and  of
the one-dimensional logistic map. If there are two different values of x 0
(different by only a single number after the decimal point), then the S-box
constructed from the first x0 differs from the S-box constructed from the second
x0. This characteristic is one of the important features of employing the chaotic
system, which indicates that a small alteration in the starting conditions results
in a large alteration in the output. For instance, the S-box constructed by x 0 =
0.05 and = 3.7 and the S-box constructed by x0 = 0.15 and =3.7 are different
from each other, thus the new S-box meets the CC test. The outcomes of these
two instances are listed in table (4.8), (4.9), (4.10), and (4.11).
s

Table 4.8: S-box values when x0= 0.05 and =3.7

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 99 F9 D2 57 1C 70 A2 13 1A A7 BC 3D 58 71 69 EF
1 6A E3 F0 E4 37 21 16 F6 12 14 5E A5 20 EB AE 1B
2 06 74 CE 35 79 E8 1F 8C 8B B 7C 4A 92 17 2D B1
3 85 77 46 C0 5F 9C 68 EC E7 3C 3A 64 CC A0 E AC
4 AD D4 53 76 28 8E 15 67 FC 1D 9B CA 09 5A 29 04
5 7B 49 27 22 B6 41 39 03 9A 4D 38 A3 4B BB 42 BA
6 ED 18 FB C3 97 75 F7 D7 AA D5 AB E5 23 0D 93 B2
7 60 F8 EE EA B5 48 C1 78 26 E6 D6 56 2F 7E 52 25
8 CF 6E B7 A4 73 8F 88 02 65 83 DC A9 C4 5C 8A D9
9 FF 07 55 FE 63 2A 01 3E A8 7F 1E 05 A6 FD 7A B4

62
A 8D 6F AF 2C B3 31 6D 40 DB 0A 19 61 10 82 24 F2
B F1 00 4E DD 72 90 5D 11 C5 CB 51 9F D8 DA 86 08
C 94 30 96 6C 89 F3 B0 54 C8 3F D1 44 95 A1 66 BE
D 80 FA 6B 32 7D 62 3B E2 87 C9 D0 34 0F 50 47 5B
E 81 4F 36 DE 45 84 C2 E1 BF DF 98 91 9E 9D 0C C6
F E0 CD E9 33 BD F5 2E 2B 43 D3 4C F4 B9 59 C7 B8

Table 4.9: Inverse S-box values when x0=0.05 and  =3.7 1

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 B1 96 87 57 4F 9B 20 91 BF 4C A9 29 EE 6D 3E DC
1 AC B7 18 07 19 46 16 2D 61 AA 08 1F 04 49 9A 26
2 1C 15 53 6C AE 7F 78 52 44 4E 95 F7 A3 2E F6 7C
3 C1 A5 D3 F3 DB 23 E2 14 5A 56 3A D6 39 0B 97 C9
4 A7 55 5E F8 CB E4 32 DE 75 51 2B 5C FA 59 B2 E1
5 DD BA 7E 42 C7 92 7B 03 0C FD 4D DF 8D B6 1A 34
6 70 AB D5 94 3B 88 CE 47 36 0E 10 D2 C3 A6 81 A1
7 05 0D B4 84 21 65 43 31 77 24 9E 50 2A D4 7D 99
8 D0 E0 AD 89 E5 30 BE D8 86 C4 8E 28 27 A0 45 85
9 B5 EB 2C 6E C0 CC C2 64 EA 00 58 4A 35 ED EC BB
A 3D CD 06 5B 83 1B 9C 09 98 8B 68 6A 3F 40 1E A2
B C6 2F 6F A4 9F 74 54 82 FF FC 5F 5D 0A F4 CF E8
C 33 76 E6 63 8C B8 EF FE C8 D9 4B B9 3C F1 22 80
D DA CA 02 F9 41 69 7A 67 BC 8F BD A8 8A B3 E3 E9
E F0 E7 D7 11 13 6B 79 38 25 F2 73 1D 37 60 72 0F
F 12 B0 AF C5 FB F5 17 66 71 01 D1 62 48 9D 93 90

Table 4.10: S-box values when x0= 0.15 and =3.7

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 33 26 69 31 19 B6 43 BE 46 00 05 93 4A EB AB 7B
1 D7 0E 20 CB 3D 04 AE 36 6F 17 F3 54 28 C9 B7 84
2 EC B1 8A 91 80 7F 0F B3 64 14 AF C0 60 96 A5 BC
3 C3 30 7A 4E CD F4 29 63 40 49 45 10 39 B8 58 DB
4 6A D2 FF 42 DA 81 E6 6E A1 D1 77 6D D0 32 CF 5E
5 EF 07 B0 CA 23 68 62 87 EA 0B E2 C1 E4 65 09 D6
6 2F 2D 4F 79 DE ED 7E C2 76 E5 C8 8C 53 8B 6C A0
7 57 A4 C7 9C 47 02 DD BA 88 2C 03 75 B5 D9 F5 E1
8 3B 25 41 A8 FB 44 34 F1 48 D3 15 9A 50 38 83 CE
9 0A 8F 66 85 16 71 E8 73 E0 BB FC D8 5D 95 F2 89
A 56 6B AA 55 9F B4 90 F9 51 3C 2A 3A 1E 18 1F 35
B D4 1B BD F8 4C 0C CC 13 E7 2E B2 A2 C4 DC FD 59

63
 C 78 9B C5 86 4D A6 52 BF 22 0D F6 F0 82 12 9D 01
D FA 72 C6 92 67 AC A3 E3 FE 08 7C 98 4B 74 3E EE
E 37 9E 94 5B 5A E9 7D A7 24 06 61 8D 27 11 5F F7
F 21 A9 5C 99 1C 97 8E 2B 3F AD 1A 70 D5 1D DF B9

Table 4.11: Inverse S-box values when x0=0.15 and =3.7

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 09 CF 75 7A 15 0A E9 51 D9 5E 90 59 B5 C9 11 26
1 3B ED CD B7 29 8A 94 19 AD 04 FA B1 F4 FD AC AE
2 12 F0 C8 54 E8 81 01 EC 1C 36 AA F7 79 61 B9 60
3 31 03 4D 00 86 AF 17 E0 8D 3C AB 80 A9 14 DE F8
4 38 82 43 06 85 3A 08 74 88 39 0C DC B4 C4 33 62
5 8C A8 C6 6C 1B A3 A0 70 3E BF E4 E3 F2 9C 4F EE
6 2C EA 56 37 28 5D 92 D4 55 02 40 A1 6E 4B 47 18
7 FB 95 D1 97 DD 7B 68 4A C0 63 32 0F DA E6 66 25
8 24 45 CC 8E 1F 93 C3 57 78 9F 22 6D 6B EB F6 91
9 A6 23 D3 0B E2 9D 2D F5 DB F3 8B C1 73 CE E1 A4
A 6F 48 BB D6 71 2E C5 E7 83 F1 A2 0E D5 F9 16 2A
B 52 21 BA 27 A5 7C 05 1E 3D FF 77 99 2F B2 07 C7
C 2B 5B 67 30 BC C2 D2 72 6A 1D 53 13 B6 34 8F 4E
D 4C 49 41 89 B0 FC 5F 10 9B 7D 44 3F BD 76 64 FE
E 98 7F 5A D7 5C 69 46 B8 96 E5 58 0D 20 65 DF 50
F CB 87 9E 1A 35 7E CA EF B3 A7 D0 84 9A BE D8 42

3. Avalanche Criterion (AC)

The value of an avalanche must be in the range of (0,1). The ideal avalanche
value is 0.5, indicating that the S-box meets the AC test. Table 4.12 shows the
outcomes of the AC test on the suggested S-box compared with other related
works. The results show that the suggested S-box has an avalanche very near to
0.5, which means it satisfies the AC test.

Table 4.12: Comparisons of the AC test of (A...Z) utilizing the proposed S-box
when x0= 0.05 and  = 3.7 with some other related approaches
Input Sum of AC Values of Each Input
Approach AC Average
data (26)
Ref [14] A…Z 13.250 0.5096
Ref [15] A…Z 13.625 0.5240

64
 proposed A…Z 13.125 0.5048

Table 4.13 shows an example that explains how to compute the AC value
in the case of a single bit difference per entry utilizing the proposed S-box
(when x0=0.05 and =3.7) and compared approaches.

Table 4.13: Example for AC computation of the proposed S-box (if x0=0.05
and =3.7) and other related S-boxes
Hex- Binary Substitute in Binary
Approach Data AC
Code Input the S-box Output
Ref [14] B 42 01000010 A8 11001110 6/8 =
Alter 1 bit C 43 01000011 BB 00100000 0.75
Ref [15] B 42 01000010 A8 11111011 3 /8 =
Alter 1 bit C 43 01000011 BB 01111110 0.375
proposed B 42 01000010 A8 01010011 3 /8 =
Alter 1 bit C 43 01000011 BB 01110110 0.375

As explained in table 14.14, the AC test is also applied on the S-box

constructed from x0 = 0.7and  = 3.91, where the outcomes show that the
obtained average AC value is 0.5067, which indicates that it is within the ideal
value. This test is also compared to related works.
Table 4.14: Comparisons of the AC test of (A...Z) utilizing the suggested S-box
when x0=0.7 and =3.91 with some other related approaches
Input Sum of AC Values of Each Input AC
Approach
data (26) Average
Ref [11] A…Z 13.250 0.5096
Ref [12] A…Z 12.250 0.4711
Ref [13] A....Z 13.750 0.5288
proposed A…Z 13.175 0.5067

Table 4.15 shows an example that explains how to compute the AC value
in the case of a single bit difference per entry utilizing the proposed S-box
(when x0=0.7 and =3.91) and compared approaches.
65
Table 4.15: Example for AC computation of the proposed S-box (if x0=0.7 and
=3.91) and related S-boxes
Hex- Binary Substitute in Binary
Approach Data AC
Code Input the S-box Output
Ref [11] S 53 01010011 5F 01011111 5 /8 =
Alter 1 bit R 52 01010010 64 01100100 0.625
Ref [12] S 53 01010011 7C 01111100 3 /8 =
Alter 1 bit R 52 01010010 65 01100101 0.375
Ref [13] S 53 01010011 C7 11000111 6 /8 =
Alter 1 bit R 52 01010010 79 01111001 0.75
proposed S 53 01010011 6E 01101110 4 /8 =
Alter 1 bit R 52 01010010 32 01101110 0.5

4. Strict Avalanche Criterion (SAC)

This test indicates that if the input is altered by a single bit, it leads to at least
50% of the result bits being altered. This test combines the CC and AC. Based
on the results of these two criteria, as illustrated in tables (4.8- 4.15), the
proposed S-box meets the SAC test.
5. Invertability
The S-box has an invertability property if S-box(A1) = S-box(A2), where
A1=A2 for all inputs A1 and A2. For instance, if A1="f" and A2="f", so the
produced hex codes from S-box(A1) is {F7} and from S-box(A2) is {F7}. Now,
applying the inverse S-box on {F7}, the outcome in hex form is {66}, which
represents (102)10 in decimal form that corresponds to the character "f". Thus,
the S-box is invertible because of its ability to retrieve the plaintext.

4.5.2 Substitution-Box Evaluation Through Encrypting an Image

The proposed S-box is used in encrypting four color images (Lena,
Baboon, Woman, and Peppers) with the aim of evaluating S-box and defining
its strength against attack. The evaluation is done by using some statistical
metrics as below:

66
1. Entropy analysis
It is used to determine the randomness value in an image. If the entropy
value is high, the image values are more random. The optimal entropy value is
near or equal to 8. Table 4.16 shows the results of the entropy metric on the
encrypted four images using proposed S-box. All the results are close to 8
meaning that all encrypted images have good degree of random value caused by
the proposed S-box thus the proposed S-box meet the entropy metric.

Table 4.16: Entropy results of the tested images

Image Name Entropy (Average)R,G,B
Lena 7.997
Baboon 7.997
Woman 7.982
Peppers 7.996

2. Correlation Coefficient
Some attackers exploit the relationship between the pixels of an image to
hack it, so the correlation coefficient helps to determine the degree of the
relationship between the pixels of an image. The optimal correlation coefficient
must be near or equal to 0. Table 4.17 shows the results of this metric on the
encrypted four images. All the results are close to 0, which means that the
proposed S-box is able to remove the relationship between the pixels and
prevent attackers from exploiting it.

Table 4.17: Correlation coefficient of the tested images

Image Name Results (Average)R,G,B
Lena 0.0019
Baboon 0.0028-
Woman 0.0021

67
 Peppers 0.0030

3 Histogram analysis
A histogram displays the frequency of occurrence of pixel values in original
and encrypted images. The distribution of the encrypted image histogram must
be uniform and flat to remove the image's statistical features, which are
exploited by the attacker. Figure (4.2) displays the histogram of the original and
encrypted four images. All of the histograms of the encrypted images look flat
and uniform, which means that the proposed S-box is able to remove the
statistical features from images and stop attackers from using them.

Image Original Original image Encrypted Encrypted image

caption Image histogram image histogram

Lena

Baboon

Woman

Peppers

Figure (4.2): Histograms of the tested images

4 Differential attack analysis

The number of pixel change rate (NPCR) and unified average change
intensity (UACI) metrics are used to evaluate the strength of the encryption
against differential attacks. Table 4.18 shows the results of NPCR and UACI
68
 on tested images where all the results of NPCR are near to 100% and the
UACI are more than 33% meaning the used proposed S-box in encryption
image gives strengths against differential attack.

Table 4.18: NPCR and UACI results of the tested images

Image Name Average NPCRR,G,B (%) Average UACI R,G,B (%)
Lena 99.60 33.564
Baboon 99.60 33.566
Woman 99.56 33.710
Peppers 99.59 33.577

4.5.3 Implementation of Encryption Process

The average encryption and decryption time and also the throughput of
the LWAES-128 algorithm are calculated. The time is calculated utilizing
Python programming while the throughput is calculated utilizing the eq. (4.1).

Plaintext ¿(byte¿)
Throughput= (4.1) [88]
EncryptionTime ( millisecond )

First, we calculate the average time of encrypting and decrypting, as well

as the throughput of the LWAES-128 algorithm on a personal computer (PC)
operate on Windows10. Table (4.19) and figure (4.3) show the average
encrypting and decrypting time employing LWAES-128 for various plaintext
sizes up to 25000 bytes, that consuming just 85.5727 milliseconds in the
encrypting process. The proposed LWAES-128 encryption algorithm is faster
than others. For instance, the LWAES-128 consumes 32.883 milliseconds to
encrypt 10,000 bytes of plaintext, while the traditional AES algorithm consumes
161.223 milliseconds and the proposed MLAES by J. Rokan, et al is consumes
150.760 milliseconds. Table (4.20) and figure (4.4) compare the average amount
of time it takes to encrypt various sizes of plaintext with the proposed LWAES-

69
128, traditional AES, and MLAES. Table (4.21) and figure (4.5) explain the
comparison of consumed decryption time utilizing the proposed LWAES-128
with related work.
After that, the LWAES-128 algorithm is implemented on the Raspberry
Pi to encrypt the data from sensors. The average time consumed for encrypting
the data and the throughput are measured to evaluate the performance of this
algorithm on a true IoT device, as explained in table (4.23) and figure (4.6). The
total time that was consumed by reading data from the sensor, encrypting it, and
sending it to the server side was also measured. The total time for these
operations reaches around 1.27 seconds.
Table (4.24) displays the NIST statistical tests results for the binary
sequences produced by the proposed LWAES-128 algorithm. It proves that the
LWAES-128 algorithm passed all 16 tests, with all of the testing results being
close to one. The NIST statistical tests are performed on the cipher-text.
Table 4.19 shows the average encryption and decryption time using the
LWAES-128 algorithm.
Table 4.19: LWAES-128 encrypting and decrypting average time
Text Size Encrypting Time Decrypting Time
(byte) (millisecond) (millisecond)
10 0.0687 0.0684
25 0.1266 0.1268
70 0.2862 0.2863
100 0.3961 0.3965
1000 3.3981 3.4011
2000 6.601 6.604
5000 16.552 16.554
10000 32.8837 32.8701
15000 51.0921 51.1002
25000 85.5727 85.5711

70
 90 LWAES-128 algorithm
80

70
Time (milliseconds)

60

50

40

30

20

10
Text size (byte)
0
10 25 Encrypting
70 100time 1000 Decrypting
2000 5000 Time 10000 15000 25000

Figure (4.3): LWAES-128 encrypting and decrypting time

The LWAES-128 algorithm decreases the encrypting time and provides

high throughput in comparison to related works, for instance it encrypts text of
size 2000 bytes in just 6.601 milliseconds (ms), provides throughput 302.984
byte/ms where the traditional AES consumes 86.987 ms and provides
throughput of 22.992 byte/ms, where the MLAES consumes 64.87 ms, provides
throughput of 30.831 byte/ms to encrypting text of the same size as explained in
table (4.20).

Table 4.20: Encryption Time and Throughput compared to the related works

Encryption time (ms) Throughput (byte/ms)

Text
Size MLAES Proposed MLAES Proposed
Traditional Traditional
(byte) LWAES- LWAES-
AES [18] AES [18]
128 128
s s

10 2.908 2.19 0.0687 3.4388 3.4482 145.560

25 2.91 2.3 0.1266 8.5911 10.869 197.472
70 3.123 2.45 0.2862 22.414 28.571 244.584
100 4.232 3 0.3961 23.629 33.333 252.461
1000 33.122 22.44 3.3981 30.191 44.563 294.282
2000 86.987 64.87 6.601 22.992 30.831 302.984
10000 161.223 150.76 32.8837 62.026 66.331 304.102
71
 Table 4.21: Decryption Time and Throughput compared to the related works

Decryption time (ms) Throughput (byte/ms)

Text
Size MLAES Proposed MLAES Proposed
Traditional Traditional
(byte) LWAES- LWAES-
AES [18] AES [18]
128 128
s s

10 3.508 2.9 0.0684 2.8506 3.4482 146.198

25 3.99 3.1 0.1268 6.2656 8.0645 197.160
70 4 3.45 0.2863 17.500 20.289 244.498
100 4.932 3.7 0.3965 20.276 27.027 252.206
1000 35.122 24.44 3.4011 28.472 40.916 294.022
2000 88.987 66.87 6.604 22.475 29.908 302.846
10000 165.2235 155.76 32.8701 60.524 64.201 304.227

The LWAES-128 is extremely fast in decrypting when compared to

related works and provides high throughput as explained in table (4.21) above.

180
Encryption Time
160
140
Time (milliseconds)

120
100
80
60
40
20
0
10 25 70 100 1000 2000 10000

Text size (byte)

Traditional AES MLAES [18] Proposed 128-LWAES

Figure (4.4): Encryption Time comparison with related works

72
 180
Decryption Time
160
140
Time (milliseconds)

120
100
80
60
40
20
0
10 25 70 100 1000 2000 10000

Text size (byte)

Traditional AES MLAES [18] Proposed LWAES-128

Figure (4.5): Decryption Time compared to the related works

The LWAES-128 algorithm is also compared to the modified AES that

proposed by O. Abikoye, et al. The LWAES-128 encrypts text of size 32 bytes
in just 0.126 milliseconds, while the modified AES encrypts the same text size
in 0.297 milliseconds. So LWAES-128 is faster than modified AES. Table 4.22
shows the comparison of the LWAES-128 algorithm with modified AES in
terms of encryption time.

Table 4.22: Encryption Time comparison with related work

Algorithm Text size (byte) Consumed time(ms)
32 0.297
Ref [19]
64 0.456
32 0.126
Proposed LWAES-128
64 0.235

When the LWAES-128 is implemented on the Raspberry Pi, it still has

high throughput and lower encryption time than related work. The LWAES-128
encrypts text of size 70 bytes in just 0.936 milliseconds and provides a

73
throughput of 74.786 bytes per millisecond, whereas, the traditional AES
consumes 3.123 milliseconds and provides a throughput of 22.414 bytes per
millisecond, MLAES consumes 2.45 milliseconds and provides a throughput of
28.571 bytes per millisecond to encrypting the same text size.

Table 4.23: Comparison of the LWAES-128 encryption time and throughput on

the Raspberry Pi with related works

Encryption time (ms) Throughput (byte/ms)

Text
Size MLAES Proposed MLAES Proposed
Traditional Traditional
(byte) LWAES- LWAES-
AES [18] AES [18]
128 128
s s

10 2.908 2.19 0.221 3.4388 3.4482 45.248

25 2.910 2.3 0.398 8.5911 10.869 62.814
70 3.123 2.45 0.936 22.414 28.571 74.786

Encryption Time on Raspberry pi

3.5
Time (milliseconds)

3
2.5
2
1.5
1
0.5
0
10 25 70
Text size (byte)
Traditional AES MLAES [18] Proposed LWAES-128

Figure (4.6): Encryption Time on Raspberry Pi compared to the related works

Table 4.24: NIST tests on the cipher-text from the suggested LWAES-128
e

NIST tests P-value Status

Frequency (Monobits) 0.170686 Random
Frequency within a block 0.903593 Random
Run test 0.207712 Random
Longest Run of Ones in a Block 0.604648 Random
Binary Matrix rank test 0.115378 Random

74
 Discrete Fourier Transform (Spectral) Test 0.985357 Random
Non- Overlapping Template 0.159576 Random
Overlapping template 0.445460 Random
Maurer’s universals 0.669039 Random
Linear Complexity 0.909393 Random
Serial test 0.520191 Random
Approximate Entropy 0.148339 Random
Cumulative Sums (forward) 0.319992 Random
Cumulative Sums (backward) 0.186974 Random
Random Excursions 0.798896 Random
Random Excursion Variant 0.897953 Random
Through the LWAES-128 findings, it can be seen that despite all these
modifications to the traditional AES algorithm, it is still resistant to attacks. The
use of a combination of (1-D and 2-D chaotic logistic) in all of these
modifications gives a high level of security and speed when encrypting, making
it appropriate for IoT devices. Because different chaotic systems are used to
modify the standard AES, the proposed LWAES-128 algorithm also success in
all NIST tests when performed on 1000000-bits of cipher-text, as explained in
table 4.24 above.

The CPU status and memory usage of the Raspberry device are also
monitored while executing the LWAES-128 algorithm to encrypt the data
sensors and send it to the server, where table 4.25 shows that the LWAES-128
algorithm uses 0.34% or less than 1% of the memory size and 1.1% of the CPU
It also maintains the CPU temperature in a regular state.

The information explained in this table indicates the CPU and memory
usage of the Raspberry Pi as follows: the left column of this table represents the
total CPU load (for all programs operating on it), and the memory total size
compared to the total size utilized (for all open programs including Python and
others), while the right column of this table represents the amount of CPU and
memory usage during encryption by LWAES-128.

75
 Table 4.25: The status of the Raspberry device during executing encryption
Raspberry status while the LWAES-128 CPU and Memory usage for
algorithm is running LWAES-128
CPU Memory (MB) CPU: 1.1%
Temp: 41° C Total: 7898 Memory: 27.3 MB (0.345 %)
Total load:10.9% Used: 261 i.e. less than 1%
Shared: 69
Buff/Cache:534

When implemented the proposed algorithm on IoT device, they require

some amount of power during the encryption, and it is called the power
consumption. It is calculated by using The following equation:

Pc = Pm* TExe ( 4.2) [89]

Where Pc represents the power consumption, Pm represents CPU

maximum power (which is 5V for Raspberry Pi 4 model B), and T Exe represents
the execution time. The power consumption is measured in millijoule (mJ), and
it is dependent on the execution time.

Table 4.26 and figure (4.7) shows the power consumption of the proposed
algorithm and other related algorithms when encrypting three different text sizes
(10, 25, and 70 bytes) on the raspberry pi device.

Table 4.26: The power consumption comparison of the proposed algorithm and
other related algorithms

Power consumption (MJ)

Text size (byte)
Standard AES MLAES [18] Proposed LWAES-128
10 14.54 10.95 1.105
25 14.55 11.50 1.99
70 15.615 12.25 4.68
As shown in table 4.26 above the proposed algorithm is enhanced the
power consumption and reduced it about 82.91% than standard AES and about
78.13% than MLAES.

76
 Power Consumption
16
14
Power consumption (MJ)

12
10
8
6
4
2
0
10 25 70
Text size (byte)
Standard AES MLAES [22] Proposed LWAES-128

Figure (4.7): The power consumption of the proposed algorithm and other
related algorithms

4.5.4 Server Side

The PC computer operating on Windows 10 is employed as a server in

order to test the proposed algorithm. Firstly, the server will be initializing the
chaotic systems to generate the tools of LWAES-128 and also hash the public
key by the Shake-128 algorithm to generate the initial key for the initial round,
and then it will be listening to start a connection with the Raspberry Pi. Lastly,
when the connection is established, the server will receive the encrypted sensor
data from the Raspberry Pi, and it will decrypt this data to retrieve the original
data and display it on the screen. Figure (4.8) represents sensor data after it has
been received and decrypted by the server.

77
 Figure (4.8): Server outputs sensors data after decrypting

Every five seconds, the Raspberry Pi collects data from the sensor , s

encrypts it, and then transmits it to the server. If the connection between the
server and the Raspberry Pi is established, the server will directly receive this
encrypted data, decrypt it, and display it on the screen. The average time
consumed by the decryption process is just 0.898 milliseconds.

78
 Chapter Five
Conclusions and Proposals for the
Future Work
 Chapter Five
Conclusions and Proposals for the Future Work

5.1 Introduction
The current chapter presents conclusions about the findings obtained
from the implementation of the proposed LWAES-128 algorithm as well as
some proposals to be made for future work. Section (5.2) explains the
conclusion, and section (5.2) provides the proposals for future works.

5.2 Conclusions
Based on the findings that are explained in the preceding chapter of
running many statistical tests on the proposed LWAES-128 encryption
algorithm and calculating the time spent in the encrypting process employing
this algorithm, the proposed LWAES-128 can be employed as a lightweight
solution for protecting any IoT system.

The main conclusions of these findings can be summarized as follows:

1. The number of rounds in the LWAES-128 algorithm is reduced to 9 rounds,

which caused a decrease in the execution time. At the same time, the
algorithm still has excellent security against attackers due to the employ of
two different models of chaotic systems in the creation of all required tools.
The design of the S-box, DP table, and the two chaotic keys (keys for odd
rounds and keys for even rounds) rely on each other. Therefore, a slight
alteration in starting conditions results in a big alteration in the construction
of the S-box, DP table, and keys in every rounds.

2. A new S-box is constructed from the one-dimensional chaotic logistic map

to be employed in the substitution function rather than the S-box of the
conventional AES.

79
3. The creation of the proposed S-box and its inverse takes just 15.6
milliseconds. It also meets the S-box criteria and achieves excellent results
compared to related works. The statistical metrics of the proposed S-box
when used to encrypt images also proved its strength against attacks.

4. The LWAES-128 algorithm is developed to reduce complexity by

eliminating the Mix- Column, which is the most complicated process in
AES, and instead using a dynamic permutation process (DP). The DP values
are constructed from the two-dimensional logistic map.

5. The use of DP process leads to a high level of diffusion due to the use of
nine dynamic rows in the table of DP. Each row contains 16 positions, with a
different order assigned to each round, i.e., each round has a different row.

6. Despite all these alterations to the traditional AES algorithm, it is still

resistant to attacks. The proposed LWAES-128 is quick and lightweight,
making it appropriate for any IoT device.

7. The proposed LWAES-128 algorithm succeeds in all the NIST tests, as

explained in table (4.24) of chapter four. So, the Brute Force-Attack will fail
on it because of the utilization of various chaotic models in generating all the
LWAES-128 tools involving S-box, DP table, and chaotic keys.

8. The Shake-128 hashing algorithm in the proposed LWAES-128 is used to

generate the 128 bits of the initial key for the initial round by obtaining the
master key of any size from the user, then producing the initial key of a fixed
size of 128 bits, which is completely different from the obtained master key.
Thus, the user is not restricted by the size of the key, and the key has also
become more complex.

9. In addition to the initial key, two kinds of keys are also used in the LWAES-
128; one for the even rounds and one for the odd rounds. This will increase

80
 the avalanche effect. These two types of keys are constructed by using the
two-dimensional logistic system.

10.The LWAES-128 achieves high throughput compared to the traditional AES,

and the MLAES. The LWAES-128 throughput is grater in 91% than
traditional AES and greater in 89% than MLAES.

5.3 Future Works

1- Using a dynamic substitution box rather than a static one in order to
increase the confusion.
2- Appending an artificial intelligence technology to the round functions in
order to increase security
3- Implementing the LAWAES-128 algorithm in a parallel manner for fast
data encryption on the GPU.
4- Implementing the LWAES-128 algorithm in smart city or healthcare.

81
References

82
 References

[1] O. Jallouli, "Chaos-based security under real-time and energy

constraints for the Internet of Things, " Thesis, Signal and Image
processing, Universite de Nantes, 2017, English, tel-01633910.

[2] L. M. Shamala, G. Zayaraz, K. Vivekanandan, and V. Vijayalakshmi,

“Lightweight cryptography algorithms for internet of things enabled
networks: An overview,” in Journal of Physics: Conference Series,
2021, vol. 1717, no. 1, doi: 10.1088/1742-6596/1717/1/012072.

[3] K.-L. Tsai, Y.-L. Huang, F.-Y. Leu, I. You, Y.-L. Huang, and C.-H. Tsai,
“AES-128 Based Secure Low Power Communication for LoRaWAN
IoT Environments,” IEEE Access, vol. 6, pp. 45325–45334, 2018, doi:
10.1109/ACCESS.2018.2852563.

[4] V. Bhuvaneswari and R. Porkodi, “The internet of things (IOT)

applications and communication enabling technology standards: An
overview,” in Proceedings - 2014 International Conference on Intelligent
Computing Applications, ICICA 2014, 2014, no. October 2017, pp. 324–
329, doi: 10.1109/ICICA.2014.73.

[5] A. Kadhim and R. S. Ali, “Enhancement AES based on 3D chaos

theory and DNA operations addition,” Karbala Int. J. Mod. Sci., vol. 5,
no. 2, 2019, doi: 10.33640/2405-609X.1137.

[6] M. Tausif, J. Ferzund, S. Jabbar, and R. Shahzadi, “Towards designing

efficient lightweight ciphers for internet of things,” KSII Trans.
Internet Inf. Syst., vol. 11, no. 8, pp. 4006–4024, 2017, doi:
10.3837/tiis.2017.08.014.

[7] B. J. Mohd and T. Hayajneh, “Lightweight block ciphers for IoT:

Energy optimization and survivability techniques,” IEEE Access, vol.
6, pp. 35966–35978, 2018, doi: 10.1109/ACCESS.2018.2848586.
[8] V. A. Thakor, M. A. Razzaque, and M. R. A. Khandaker, “Lightweight
Cryptography Algorithms for Resource-Constrained IoT Devices: A
Review, Comparison and Research Opportunities,” IEEE Access, vol.
9, pp. 28177–28193, 2021, doi: 10.1109/ACCESS.2021.3052867.

[9] O. Toshihiko, “Lightweight cryptography applicable to various IoT

devices,” NEC Tech. J., vol. 12, no. 1, pp. 67–71, 2017.

[10] D. Lambic, “A novel method of S-box design based on discrete chaotic

map,” Nonlinear Dyn., vol. 87, no. 4, pp. 2407–2413, 2017, doi:
10.1007/s11071-016-3199-x.

[11] U. Cavusoglu, A. Zengin, I. Pehlivan, and S. Kacar, “A novel approach

for strong S-Box generation algorithm design based on chaotic scaled
Zhongtang system,” Nonlinear Dyn., vol. 87, no. 2, pp. 1081–1094, Jan.
2017, doi: 10.1007/s11071-016-3099-0.

[12] L. Liu, Y. Zhang, and X. Wang, “A Novel Method for Constructing the
S-Box Based on Spatiotemporal Chaotic Dynamics,” Appl. Sci., vol. 8,
no. 12, p. 2650, Dec. 2018, doi: 10.3390/app8122650.

[13] Lu, Zhu, and Wang, “A Novel S-Box Design Algorithm Based on a New
Compound Chaotic System,” Entropy, vol. 21, no. 10, p. 1004, Oct.
2019, doi: 10.3390/e21101004.

[14] A. K. Farhan, R. S. Ali, H. R. Yassein, N. M. G. Al-Saidi, and G. H.

Abdul-Majeed, “A new approach to generate multi S-boxes based on
RNA computing,” Int. J. Innov. Comput. Inf. Control, vol. 16, no. 1, pp.
331–348, 2020, doi: 10.24507/ijicic.16.01.331.

[15] Z. Jiang and Q. Ding, “Construction of an S-Box Based on Chaotic and

Bent Functions,” Symmetry (Basel)., vol. 13, no. 4, p. 671, Apr. 2021,
doi: 10.3390/sym13040671.
[16] M. M. Abd Zaid, “Modification Advanced Encryption Standard for
Design Lightweight Algorithms,” J. Kufa Math. Comput., vol. 6, no. 1,
pp. 21–27, Mar. 2019, doi: 10.31642/JoKMC/2018/060104.

[17] A. H. Mohammed and M. M. Jafer, “Secure web of things based on a

lightweight Algorithm,” in 2019 First International Conference of
Computer and Applied Sciences (CAS), Dec. 2019, no. December 2019,
pp. 216–221, doi: 10.1109/CAS47993.2019.9075831.

[18] J. R. Naif, G. H. Abdul-Majeed, and A. K. Farhan, “Secure IOT System

Based on Chaos-Modified Lightweight AES,” in 2019 International
Conference on Advanced Science and Engineering (ICOASE), Apr. 2019,
no. April, pp. 1–6, doi: 10.1109/ICOASE.2019.8723807.

[19] F. Hazzaa, A. M. Shabut, N. H. M. Ali, and M. Cirstea, “Security

Scheme Enhancement for Voice over Wireless Networks,” J. Inf.
Secur. Appl., vol. 58, no. March, p. 102798, May 2021, doi:
10.1016/j.jisa.2021.102798.

[20] F. Alaa Kadhim, G. H. Abdul-Majeed, and R. S. Ali, “Enhancement

CAST block algorithm to encrypt big data,” in 2017 Annual
Conference on New Trends in Information & Communications
Technology Applications (NTICT), Mar. 2017, no. March, pp. 80–85, doi:
10.1109/NTICT.2017.7976119.

[21] A. Kadhim and S. Khalaf, “New Approach for Security Chatting in

Real Time,” Int. J. Emerg. Trends Technol. Comput. Sci., vol. 4, no. 3,
pp. 30–36, 2015.

[22] A. Claude, B. Linwa, and G. Bassam, “Survey of Cryptography

Algorithms for Sub- Saharan Countries,” AFRICAN JOURNALS
ONLINE, vol. 17, no. January, p. 2, 2021.

[23] M. Willett, “Cryptography and Data Security.,” Int. J. Comput. Sci.

Secur., no. September, p. 127, 2018, doi: 10.13140/RG.2.2.30280.16646.
[24] V. K. Quy, N. Van Hau, D. Van Anh, and L. A. Ngoc, “Smart healthcare
IoT applications based on fog computing: architecture, applications
and challenges,” Complex Intell. Syst., Nov. 2021, doi: 10.1007/s40747-
021-00582-9.

[25] A. Ahmad, “A New Security Method for the Internet of Things Based
on Ciphering and Deciphering Algorithms,” Kirkuk Univ. Journal-
Scientific Stud., vol. 13, no. 3, pp. 154–174, Sep. 2018, doi:
10.32894/kujss.2018.13.3.12.

[26] S. Singh, P. K. Sharma, S. Y. Moon, and J. H. Park, “Advanced

lightweight encryption algorithms for IoT devices: survey, challenges
and solutions,” J. Ambient Intell. Humaniz. Comput., vol. 0, no. 0, pp. 1–
18, May 2017, doi: 10.1007/s12652-017-0494-4.

[27] M. Usman, I. Ahmed, M. Imran, S. Khan, and U. Ali, “SIT: A

Lightweight Encryption Algorithm for Secure Internet of Things,”
Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 1, pp. 402–411, 2017, doi:
10.14569/IJACSA.2017.080151.

[28] P. Sethi and S. R. Sarangi, “Internet of Things: Architectures,

Protocols, and Applications,” J. Electr. Comput. Eng., vol. 2017, pp. 1–
25, 2017, doi: 10.1155/2017/9324035.

[29] A. Bojanowska, “Customer data collection with Internet of Things,”

MATEC Web Conf., vol. 252, no. March, p. 03002, Jan. 2019, doi:
10.1051/matecconf/201925203002.

[30] A. Riahi Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, “A roadmap for

security challenges in the Internet of Things,” Digit. Commun.
Networks, vol. 4, no. 2, pp. 118–137, Apr. 2018, doi:
10.1016/j.dcan.2017.04.003.

[31] J. S. Figueroa-hernandez, “A Comparison of Lightweight Ciphers

Meeting Nist,” Thesis, California State Polytechnic University, 2018.
[32] L. Kakkar, D. Gupta, S. Saxena, and S. Tanwar, “IoT Architectures and
Its Security: A Review,” in Proceedings of the Second International
Conference on Information Management and Machine Intelligence
(ICIMMI 2020), 2021, pp. 87–94, doi: 10.1007/978-981-15-9689-6..

[33] K. Kaur, “A Survey on Internet of Things – Architecture,

Applications, and Future Trends,” in 2018 First International
Conference on Secure Cyber Computing and Communication (ICSCCC),
Dec. 2018, pp. 581–583, doi: 10.1109/ICSCCC.2018.8703341.

[34] R. H. Khalaf, “Secure Mechanisms for Smart Home IoT

Application,” Thesis ,University of Al-Mustansiriya, 2019.

[35] W. Stallings, CRYPTOGRAPHY AND NETWORK SECURITY, 7th

Editio. 2017.

[36] D. Puthal and R. Ranjan, “Big Data Stream Security Classification for
IoT Applications,” Encyclopedia of Big Data Technologies, no. January.
Springer, 2019, doi: https://doi.org/10.1007/978-3-319-63962-8_236-1.

[37] B. Lundgren and N. Moller,“Defining Information Security,” Sci. Eng.

Ethics, vol.25, no. 2, pp. 419–441, 2017, doi: 10.1007/s11948-017-9992-
1.

[38] H. Gupta and G. Varshney, “A Security Framework for IOT Devices

Against Wireless Threats,” 2017, doi: 10.1109/TEL-
NET.2017.8343548.

[39] M. Bitzer, N. Brinz, and P. Ollig, “Disentangling the Concept of

Information Security Properties - Enabling DISENTANGLING THE
CONCEPT OF INFORMATION SECURITY PROPERTIES -
ENABLING EFFECTIVE INFORMATION SECURITY
GOVERNANCE,” in 29th European Conference on Information Systems
(ECIS), 2021, no. June, [Online]. Available:
https://aisel.aisnet.org/ecis2021_rp/134.
[40] J. Sengupta, S. Ruj, and S. Das Bit, “A comprehensive survey on
attacks, security issues and blockchain solutions for IoT and IIoT,” J.
Netw. Comput. Appl., vol. 19, p. 102481, 2019, doi:
10.1016/j.jnca.2019.102481.

[41] J. Deogirikar and A. Vidhate, “Security Attacks in IoT : A Survey,” in

International conference on I-SMAC (IoT in Social, Mobile, Analytics and
Cloud) (I-SMAC 2017) Security, 2017, pp. 32–37.

[42] R. R. Krishna, A. Priyadarshini, A. V Jha, B. Appasani, A. Srinivasulu,

and N. Bizon, “State-of-the-Art Review on IoT Threats and Attacks :
Taxonomy , Challenges and Solutions,” Sustainability, vol. 13, no. 16,
p. 9463, 2021, doi: 10.3390/su13169463.

[43] C. G. Thorat and V. S. Inamdar, “Implementation of new hybrid

lightweight cryptosystem,” Appl. Comput. Informatics, vol. 16, no. 1/2,
pp. 195–206, May 2018, doi: 10.1016/j.aci.2018.05.001.

[44] H. Song, “Lightweight Crypto and Security,” in Security and Privacy in

Cyber Physical Systems: Foundations, Principles and Applications, 2018,
pp. 243–261.

[45] E. Abdul-kareem, “Developed Lightweight Twofish Encryption

Algorithm for Enhancing Data Security,” Thesis, Al-Mustansiriyah,
2021.

[46] M. S. Turan, “NIST’s Lightweight Crypto Standardization Process

National Institute of Standards and Technology,” Tokyo, Japan, 2017.

[47] M. Tausif, J. Ferzund, S. Jabbar, and R. Shahzadi, “Towards Designing

Efficient Lightweight Ciphers for Internet of Things,” KSII Trans.
Internet Inf. Syst., vol. 11, no. 8, pp. 4006–4023, 2017, doi:
10.3837/tiis.2017.08.014.
[48] A. Poschmann, “Cryptographic Engineering for a Pervasive World,”
Thesis, Ruhr-University Bochum, 2009.

[49] D. Sehrawat and N. S. Gill, “Lightweight Block Ciphers for IoT based
applications : A Review,” Int. J. Appl. Eng. Res., vol. 13, no. 5, pp.
2258–2270, 2018.

[50] M. S. Fadhil, “Proposed Symmetric Encryption Algorithm for IoT

Based on Chaos System,” Thesis, University of Technology, 2020.

[51] A. M. Canadas, I. David, and M. Gaviria, “Relationships between the

Chicken McNugget Problem , Mutations of Brauer Configuration
Algebras and the Advanced Encryption Standard,” mathematics, vol.
9, no. 16, p. 1937, 2021, doi: 10.3390/math9161937.

[52] C. Tezcan, “Optimization of Advanced Encryption Standard on

Graphics Processing Units,” IEEE Access, vol. 9, pp. 67315–67326,
2021, doi: 10.1109/ACCESS.2021.3077551.

[53] N. M. Shafiq Surameery, “Modified Advanced Encryption Standard

for Boost Image Encryption,” UHD J. Sci. Technol., vol. 6, no. 1, pp.
52–59, Apr. 2022, doi: 10.21928/uhdjst.v6n1y2022.pp52-59.

[54] A. R. Chowdhury, J. Mahmud, A. R. M. Kamal, and M. A. Hamid,

“MAES: Modified advanced encryption standard for resource
constraint environments,” in 2018 IEEE Sensors Applications
Symposium, SAS 2018 - Proceedings, 2018, vol. 2018-Janua, pp. 1–6, doi:
10.1109/SAS.2018.8336747.

[55] N. Mathur and R. Bansode, “AES Based Text Encryption Using 12

Rounds with Dynamic Key,” in 7th International Conference on
Communication, Computing and Virtualization 2016, 2016, vol. 79, pp.
1036–1043, doi: 10.1016/j.procs.2016.03.131.

[56] N. B. Abdulwahed, “CHAOS-BASED ADVANCED ENCRYPTION

 STANDARD” Thesis, King Abdullah University of Science and
Technology, 2013.

[57] L. M. Raju and M. Sumathi, “Secured High Throughput of 128-bit AES

Algorithm based on Interleaving Technique,” Int. J. Appl. Eng. Res,
2015.

[58] Information Federal and Publication 197 Processing Standards,

“Announcing the ADVANCED ENCRYPTION STANDARD
( AES ),” Natl. Inst. Stand. Technol., [Online]. Available:
https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/
fips-197.pdf.

[59] M. M. Wong, J. Haj-yahya, S. Sau, and A. Chattopadhyay, “A New High

Throughput and Area Efficient SHA-3 Implementation,” in 2018
IEEE International Symposium on Circuits and Systems (ISCAS), 2018,
pp. 1–5, doi: 10.1109/ISCAS.2018.8351649.

[60] Federal Information Processing Standards Publication 202, “SHA-3

Standard: Permutation-Based Hash and Extendable-Output
Functions,” Natl. Inst. Stand. Technol.

[61] H. Liu and X. Wang, “Cryptanalyze and design strong S-Box using 2D
chaotic map and apply to irreversible key expansion”, pp. 1–14, Nov.
2021, doi: doi.org/10.48550/arXiv.2111.05015.

[62] A. K. Farhan and H. I. Mhaibes, “Mouse Movement with 3D Chaotic

Logistic Maps to Generate Random Numbers,” Diyala J. Pure Sci.,
vol. 13, no. 3, pp. 23–39, 2017, doi: 10.24237/djps.1303.268B.

[63] Y. Q. Zhang, J. L. Hao, and X. Y. Wang, “An Efficient Image

Encryption Scheme Based on S-Boxes and Fractional-Order
Differential Logistic Map,” IEEE Access, vol. 8, pp. 54175–54188,
2020, doi: 10.1109/ACCESS.2020.2979827.
[64] H. Natiq, N. M. G. Al-Saidi, M. R. M. Said, and A. Kilicman, “A new
hyperchaotic map and its application for image encryption,” Eur.
Phys. J. Plus, vol. 133, no. 1, 2018, doi: 10.1140/epjp/i2018-11834-2.

[65] G. Jakimoski and L. Kocarev, “Chaos and Cryptography : Block

Encryption Ciphers Based on Chaotic Maps,” IEEE Trans. Circuits
Syst., vol. 48, no. 2, pp. 163–169, 2001, doi: 10.1109/81.904880.

[66] A. Abdulgader, M. Ismail, N. Zainal, and T. Idbeaa, “Enhancement of

AES algorithm based on chaotic maps and shift operation for image
encryption,” J. Theor. Appl. Inf. Technol., vol. 71, no. 1, pp. 1–12, 2015.

[67] A. Akhavan, A. Samsudin, and A. Akhshani, “A symmetric image

encryption scheme based on combination of nonlinear chaotic maps,”
J. Franklin Inst., vol. 348, no. 8, pp. 1797–1813, 2011, doi:
10.1016/j.jfranklin.2011.05.001.

[68] A. S. Nasim, “Chaos based Cryptography and Image Encryption, ” A

project presented to Ryerson University, 2015

[69] J. R. Naif, “Design and Implementation of Secure IoT for Emergency

Response System Using Wireless Sensor Network and Chaotic,”
Informatics institute for postgradguate studies, 2019.

[70] B. Hossain, T. Rahman, A. B. M. S. Rahman, and S. Islam, “A New

Approach of Image Encryption Using 3D Chaotic Map to Enhance
Security of Multimedia Component,” 2014, doi:
10.1109/ICIEV.2014.6850856.

[71] Sukanya, “A walk through Internet of Things(IoT) basics,”

opentechdiary, 2015. https://opentechdiary.wordpress.com/2015/07/16/a-
walk-through-internet-%0Aof-things-iot-basics-part-2 (accessed May 17,
2022).

[72] R. Porkodi and V. Bhuvaneswari, “The Internet of Things ( IoT )

 Applications and Communication Enabling Technology Standards :
An Overview,” in 2014 International Conference on Intelligent
Computing Applications, 2014, pp. 324–329, doi:
10.1109/ICICA.2014.73.

[73] M. S. Fadhil, A. K. Farhan, and M. N. Fadhil, “A lightweight AES

Algorithm Implementation for Secure IoT Environment,” Iraqi J. Sci.,
vol. 62, no. 8, pp. 2759–2770, 2021, doi: 10.24996/ijs.2021.62.8.29.

[74] R. F. Hassan and S. Habeeb, “Build Secure Web of Things system to

Mange Patient Information Monitoring System,” Iraq J. Inf. Technol.,
vol. 9, no. 1, pp. 113–136, 2018.

[75] S. Habeeb and R. F. Hassan, “Build Secure Web of Things system to

Manage Patient information Monitoring System, ” Iraqi Journal of
Information Technology, Vol.9, No.1, 2018.

[76] G. Mahalakshmi and M. Vigneshwaran, “IOT Based Home Automation

Using Arduino,” Int. J. Eng. Adv. Res. Technol., vol. 3, no. 8, pp. 7–11,
2017.

[77] M. Saari, A. Muzaffar bin Baharudin, and S. Hyrynsalmi, “Survey of

Prototyping Solutions Utilizing Raspberry Pi,” MIPRO, 2017, doi:
10.23919/MIPRO.2017.7973568.

[78] I. Journal and S. Sciences, “A Review of Block Cipher’s S-Boxes Tests

Criteria,” Iraqi J. Stat. Sci., no. 19, pp. 39–48, 2019.

[79] M. Ahmad, I. A. Khaja, A. Baz, H. Alhakami, and W. Alhakami,

“Particle Swarm Optimization Based Highly Nonlinear Substitution-
Boxes Generation for Security Applications,” IEEE Access, vol. 8, pp.
116132–116147, 2020, doi: 10.1109/ACCESS.2020.3004449.

[80] H. Talirongan, A. M. Sison, and R. P. Medona, “Modified Advanced

Encryption Standard using Butterfly Effect,” in 2018 IEEE 10th
 International Conference on Humanoid, Nanotechnology, Information
Technology,Communication and Control, Environment and Management
(HNICEM), 2018, pp. 1–6, doi: 10.1109/HNICEM.2018.8666368.

[81] A. Kadhim and R. M. Mohamed, “Visual cryptography for image

depend on RSA & AlGamal algorithms,” in Al-Sadiq International
Conference on Multidisciplinary in IT and Communication Techniques
Science and Applications, AIC-MITCSA 2016, 2016, pp. 195–200, doi:
10.1109/AIC-MITCSA.2016.7759935.

[82] Y. Naseer, T. Shah, S. Hussain, and A. Ali, “Steps Towards Redesigning

Cryptosystems by a Non-associative Algebra of IP-Loops,” Wirel.
Pers. Commun., vol. 108, no. 3, pp. 1379–1392, Oct. 2019, doi:
10.1007/s11277-019-06474-z.

[83] I. Hussain, A. Anees, A. H. AlKhaldi, A. Algarni, and M. Aslam,

“Construction of chaotic quantum magnets and matrix Lorenz
systems S-boxes and their applications,” Chinese J. Phys., vol. 56, no.
4, pp. 1609–1621, Aug. 2018, doi: 10.1016/j.cjph.2018.04.013.

[84] X. Chai, X. Fu, Z. Gan, Y. Lu, and Y. Chen, “A color image

cryptosystem based on dynamic DNA encryption and chaos,” Signal
Processing, vol. 155, pp. 44–62, Feb. 2019, doi:
10.1016/j.sigpro.2018.09.029.

[85] Y. Wu, J. P. Noonan, and S. Agaian, “NPCR and UACI Randomness

Tests for Image Encryption,” Multidiscip. Journals Sci. Technol., 2011,
[Online].Available:http://www.cyberjournals.com/Papers/Apr2011/05.pdf.

[86] M. Yildirim, “A color image encryption scheme reducing the

correlations between R, G, B components,” Optik (Stuttg)., vol. 237, no.
March, p. 166728, Jul. 2021, doi: 10.1016/j.ijleo.2021.166728.
[87] A. Rukhin, J. Soto, and J. Nechvatal, “A Statistical Test Suite for
Random and Pseudorandom Number Generators for Cryptographic
Applications,” Natl. Inst. Stand. Technol., 2010.

[88] M. S. Fadhil, A. K. Farhan, M. N. Fadhil, and N. M. G. Al-Saidi, “A New

Lightweight AES Using a Combination of Chaotic Systems,” in
Proceedings of 2020 1st Information Technology to Enhance E-Learning
and other Application Conference, IT-ELA 2020, 2020, pp. 82–88, doi:
10.1109/IT-ELA50150.2020.9253099.

[89] M. Soni and D. K. Singh, “LAKA: Lightweight Authentication and

Key Agreement Protocol for Internet of Things Based Wireless Body
Area Network,” Wirel. Pers. Commun., vol. 127, no. 2, pp. 1067–1084,
Nov. 2022, doi: 10.1007/s11277-021-08565-2.
 ‫الخالصة‬
‫مع تزايد استخدامـ تطبيقات إنترنت األشياء في مجاالت واسعة من حياتنا اليومية ‪ ،‬مثل المنزل‬
‫الذكي والرعاية الصحية وما إلى ذلك ‪ ،‬هناك كمية كبيرة من البيانات المهمة والحساسة التي تمر عبر هذه‬
‫التطبيقات إلى اإلنترنت والتي قد تكون عرضة للهجمات والوصول غـير المصـرح بـه ‪ ،‬لـذلك أصـبح من‬
‫المهم توفير الحماية لها من خالل استخدام خوارزمياتـ التشفير‪ .‬نظرًا للموارد المحــدودة ألجهــزة إنــترنت‬
‫األشياء ‪ ،‬مثل حجم الذاكرة الصغيرـ والطاقة المنخفضة وقدرات وحــدة المعالجــة المركزيــة المحــدودة ‪ ،‬ال‬
‫يمكن لخوارزميــاتـ التشــفير التقليديــة أن تعمــل أو ال تعمــل بكفــاءة مــع أجهــزة إنــترنت األشــياء‪ .‬تعــد‬
‫خوارزمياتـ التشفير خفيفة الوزن حالً آخر مصم ًما ليالئم األجهزة ذات المـوارد المحــدودة ويـوفر األمــان‬
‫للبيانات في إنترنت األشياء‪.‬‬
‫في هذه الرسالة ‪ ،‬تم اقتراح تصميمـ خوارزمية تشفير خفيفة الوزن ‪ ،‬اعتمادًا على خوارزمية ‪AES‬‬
‫التقليدية ومجموعة من األنظمة الفوضوية‪ .‬يتم استخدام الخرائط اللوجيستية الفوضوية أحادية البعد وثنائية‬
‫األبعاد إلنشاء أدوات التشفير الرئيســية في ‪ ، AES‬مثــل ‪ ، S-box‬والتبــديلـ الــديناميكيـ (‪ ،)DP‬ومفــاتيح‬
‫التشفير‪ .‬يتم استخدامـ وظيفة ‪ DP‬بدالً من وظيفــة ‪ .MixColumn‬في النهايــة ‪ ،‬يتم تقليــل عــدد الجــوالت‬
‫من ‪ 10‬إلى ‪ .9‬في هذا االقتراح ‪ ،‬تم استخدام مجموعة من أجهزة االستشعار وجهازـ ‪ .Raspberry Pi‬تم‬
‫تضمين الخوارزمية المقترحة داخل ‪ Raspberry Pi‬لحماية بيانات المستشعرـ قبل إرسالهاـ عبر الشبكة‪.‬‬

‫تشـير نتــائج التحليــل إلى أن خوارزميــة ‪ LWAES-128‬المقترحــة تسـتهلك وقتًا أقــل في‬
‫التشفير وفك التشفير ‪ ،‬حيث يمكنهــا تشــفير حجم نص يبلــغ ‪ 25000‬بــايت في ‪ 85.57‬مللي ثانيــة‬
‫فقط عند تنفيـذها على كمـبيوترـ محمـول يعمـل بنظـام ‪ . Windows 10‬لـذلك ‪ ،‬فـإن خوارزميـة‬
‫‪ LWAES- 128‬لديها سرعة أكبر مقارنة مع ‪ AES‬القياســية واألعمــال األخــرى ذات الصــلة‪.‬‬
‫يلبي ‪ S-box‬المصمم متطلبات األمان لـ ‪ ، S-box‬بما في ذلك معيار )‪ ، avalanche (AC‬و‬
‫‪ ،balanced‬و‬ ‫‪ ، strict‬و )‪ ،completeness(CC‬و )‪(BC‬‬ ‫‪avalanche‬‬ ‫)‪(SAC‬‬
‫‪ ،correlation‬و‬ ‫‪ ،information‬و ‪coefficient‬‬ ‫‪ ، Invertability‬و ‪entropy‬‬
‫‪ ، histogram‬و ‪ ، UACI‬و ‪ NPCR.‬حيث كانت قيم ‪ NPCR‬و ‪ UACI‬لصورة ‪ Lena‬في‬
‫المستوى المقبول عند ‪ ٪99.6‬و ‪ ٪33.56‬على التــوالي ‪ ،‬وتكــون نتيجــة ‪ AC‬في النطــاق األمثــل‬
‫‪ .٪50.097‬بينما كانت ‪ histogram‬للصور المختلفة مسطح وموحــدـ ‪ ،‬بلغت قيم الـ ‪ entropy‬و‬
‫‪ correlation coefficient‬للصـــور المســـتخدمة قريبـــة من ‪ 8‬و ‪ 0‬على التـــوالي‪ .‬كمـــا نجح‬
‫‪ LWAES-128‬في جميع االختبـارات اإلحصـائية ‪ )NIST(.‬لـذلك ‪ ،‬وفقًا لهـذه النتـائج ‪ ،‬تـوفرـ‬
‫خوارزمية ‪ LWAES-128‬مزيدًا من العشوائية‪.‬‬
 ‫جمهورية العراق‬
‫وزارة التعليم العالي والبحث العلمي‬
‫الجامعة المستنصرية‬
‫كلية التربية‬
‫قسم علوم الحاسبات‬

‫تصميم خوارزمية خفيفة الوزن لتشفير البيانات في‬

‫إنترنت األشياء‬
‫رسالة‬
‫مقدمة الى قسم علوم الحاسبات في كلية التربية‪ ,‬الجامعة المستنصرية‬
‫كجزء من متطلبات نيل شهادة ماجستيرعلوم في علوم الحاسبات‬

‫من قبل‬
‫رسول صالح سلمان‬

‫بإشراف‬
‫أ‪.‬د‪ .‬عالء كاظم فرحان‬
‫أ‪.‬م‪.‬د‪ .‬علي شاكر محمود‬

‫‪2022‬م‬ ‫‪1444‬هـ‬