Journal of Ambient Intelligence and Humanized Computing (2021) 12:8835–8857

https://doi.org/10.1007/s12652-020-02672-x

ORIGINAL RESEARCH

A review on lightweight cryptography for Internet‑of‑Things based

applications
Vidya Rao1 · K. V. Prema1

Received: 25 April 2020 / Accepted: 3 November 2020 / Published online: 21 November 2020
© Springer-Verlag GmbH Germany, part of Springer Nature 2020

Abstract
The Internet-of-Things (IoT) is a combination of an intelligent infrastructure combined with various self-organizing devices.
These devices are used to monitor the environment and help to exchange sensitive data over the Internet without much human
interference. Such a huge network of unmanned devices are subjected to various security and privacy concern. As these
devices are battery powered and have low inbuilt resources, it is important to enable secure and resource-constrained security
solutions to secure the devices. Thereby, to address the security and privacy of these devices and the data, the authentication
plays an important role along with data integrity. Through this paper, we have analyzed the various lightweight solution
and their security threats under the authentication and data integrity of the IoT applications. From the study, it can be seen
that the major security concern of these protocols is to perform with less computation and resist to attacks like man-in-the-
middle, replay attacks, denial of service attacks, forgery and chosen-ciphertext attacks. Also, this review provides an insight
into using the Microsoft threat modeling tool used for IoT based applications.

Keywords Authentication · Data integrity · Lightweight cryptography · Internet-of-Things · Security analysis · Threat
modeling

1 Introduction remote to water pump system or from a car key to driver-less

cars and much more. The objects are embedded with various
Internet-of-Things (IoT) is a paradigm that connects various types of sensors that can sense the environment, process the
physical devices to the Internet using different wireless tech- data and communicate the data to various destinations using
nologies. In the past few decades IoT (smart environment) the Internet.
has taken a large share in the development of technology An attempt to transform machine-to-machine communi-
(Jing et al. 2014; Da Xu et al. 2014). Foremost, imagine a cation to Internet-of-Things (IoT) has brought the greatest
day when you are returning home after a busy schedule and revolution in the current human era. The vision of IoT is to
you enter your house to see that your coffee is ready before create a heterogeneous network of millions of connected
even you sit on your couch or imagine your mobile auto- objects that securely communicate using the Internet (Jing
matically provides you the information about empty parking et al. 2014; Vermesan and Friess 2014). The IoT is a vast
place in a shopping mall and navigates you towards it or your network of networks consisting of physical and virtual inter-
plants know when they need water and so on. Such an inter- connected entities with unique addressing schemes; they
active environment can be developed with the help of IoT. interact with each other to provide certain customized or
These IoT devices are termed as ‘objects’ that include a TV generic services. IoT has become an essential part of the
socio-economical growth of the country as it has various
domain-specific applications in diverse areas. Some of the
* Vidya Rao
[email protected] applications are health care, surveillance, transport, secu-
rity, manufacturing, environmental monitoring, food pro-
K. V. Prema
[email protected] cessing, as in Fig. 1. These applications are integrated with
technologies like autonomic networking, decision making,
1
Department of Computer Science and Engineering, Manipal machine-to-machine communication, cloud computing, big
Institute of Technology, Manipal Academy of Higher
Education, Manipal, Karnataka 576104, India

13
Vol.:(0123456789)
8836 V. Rao, K. V. Prema

Table 1  Key size and security level comparison

RSA Key size ECC key size Security level Protection
(bits) (bits) (bits)

1024 160 73 Short term

1536 192 89 Between short
term and
long term
2048 224 103 Between leg-
acy standard
level and
medium
4096 256 128 Long term

are, Rivest–Shamir–Adleman (RSA) (Stallings 2006;

Fig. 1  Applications of Internet-of-Things
McAndrew 2016a), digital signature algorithm (DSA)
(Zheng 1997; Roy and Karforma 2012), elliptic curve
data analytic, confidentiality protection, security and many cryptography (ECC), ECC using Diffie–Helman Algorithm
more (Zeinab and Elmustafa 2017). (ECDHA) and ECC using Digital Signature Algorithm
As these IoT devices are poorly secured, they can serve (ECDSA) (Lenstra and Verheul 2001).
as means of entry points for cyberattacks by allowing vari- Among these algorithms, ECC is considered a light
ous malicious individuals to re-program a device and cause weighted cryptographic solution for various resource-con-
malfunctioning (Abomhara and Køien 2014). Some of the strained devices. Many organizations like National Insti-
most common attacks are denial-of-service (DoS) attacks, tute of Standards and Technology (NIST), IEEE, Internet
distributed DoS (DDoS), node compromise attacks, iden- Engineering Task Force (IETF), International Telecom-
tity and forgery attacks, man-in-the-middle attacks, replay munications Union and American Bankers Association
attacks, chosen cipher-text attacks (CCA), remote recording (ABA) are working on the mathematics related to elliptic
attacks and many more. Thereby, it becomes essential to pro- curve to provide the highest level of network security. The
vide security and privacy at the devices level (Abomhara and organization X9 under ABA has proposed the standards
Kien 2015). So to develop a safer IoT solution, it is required ANSI X9.62 and ANSI X9.63 for ECDSA and ECDH,
to consider security requirements like confidentiality, integ- respectively. IEEE has published P1363, which describes
rity and authentication (CIA) (Hafsa Tahir and Junaid 2016). the implementation of elliptic curve operations. Also,
These devices communicate among themselves and NIST has provided different types of elliptic curves that
with the users over the publicly available Internet net- can be used for ECDSA (Lauter 2004). From Table 1, we
work. As these devices posses low memory, low power, can see that ECC has a longer protection period with a key
low processing capabilities, it is feasible to design lighter size of 128-bit, which is equivalent to the 4096-bits key-
yet stronger cryptographic solutions. The most commonly size of RSA (ECRYPT 2012). Also, with smaller key-size,
used lightweight cryptographic algorithm can be classi- the time taken to generate the signature is faster than that
fied into symmetric and asymmetric algorithms. For exam- of RSA, as described in Table 2 (Jansma and Arrendondo
ple, advance encryption standard (AES), high security 2004). Hence ECC is more suitable for devices with the
and lightweight (HIGHT), the tiny encryption algorithm lesser inbuilt resource.
(TEA), PRESENT and RC5 are symmetric cryptogra- The paper is organized as followed: Sect. 2 provides
phy. But for the IoT devices, generation and distribution the motivation towards securing IoT. Section 3 provides a
of symmetric keys are the major tasks that include: (1) standard protocol stack of IoT. Some of the applications of
embedding the key onto the device during manufactur- IoT are briefed under Sect. 4. Various security concerns,
ing, (2) provide security model to protect the hardware requirements and threats are explained in Sect. 5. Sec-
from being tampered, (3) issue of keys during operation, tion 6 explains various existing lightweight data integrity
(4) selection of better cryptographic primitives. There- scheme, followed by Sect. 7 with various authentication
fore for scarce environment, having lightweight public- scheme for IoT and Sect. 8 explains lightweight hash func-
key cryptography (PKC) ensures stronger cryptography by tions. Later, Sect. 9 provides different security analysis
consuming fewer resources. Also, PKC enables a strong and Sect. 10 describes threat modeling of IoT infrastruc-
authentication over data and maintains the confidentiality ture. Finally, Sect. 12 provides the conclusion of the study.
of the user’s private data. Some of the PKC algorithms

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8837

Table 2  Comparison of ECC with RSA

Algorithm Key-size (bits) Key-Gen Sig-Gen Sig-Verifi
time (ms) time (ms) time (ms)

ECC 163 0.08 0.15 0.23

233 0.18 0.34 0.51
283 0.27 0.59 0.86
409 0.64 1.18 1.80
571 1.44 3.07 4.53
RSA 1024 0.16 0.01 0.01
2240 7.47 0.15 0.01
3072 9.89 0.21 0.01
7680 133.90 1.53 0.01
15360 676.06 9.20 0.03

2 Motivation towards securing

the Internet‑of‑Things environment Fig. 2  IETF IoT protocol stack

During infancy, IoT faced a lot of issues related to archi-

tectural design, context-aware computing, manufacturing manufacturers should also consider the limitations regarding
and interoperability, device lifetime, robustness, security resources like the energy of the devices, memory capacity,
and privacy. Among, which data security and privacy of the processing time, the freshness of data, network through-
user information plays an vital role in IoT. The three basic put, network delay, etc. Among these issues, manufactures
functionalities of IoT are: connecting, sharing and managing should ensure the privacy of the user as many wearable
the devices and the data. In short, IoT enables a person to devices that help people to track objects or other persons
be connected to anyone around the world at any time using store sensitive information. Which can be easily exploited
any device connected to the Internet. We know that IoT com- by intruders and disturb the network. Hence it would be a
prises of trillions of devices with various technologies like priority to ensure the design of a secure and privacy enabled
cameras, biometric devices, physical and chemical sensors, model (Abomhara and Køien 2014).
it is important to design a standard secured communication
module that can withstand the scalability and security chal-
lenges faced by IoT devices and applications (Abomhara and
Kien 2015). 3 IoT protocol stack
The major domain of the applications that IoT has taken
share are; smart home, health-care, transportation and power Currently, the Internet architecture is based on IP-based
management (Al-Fuqaha et al. 2015). According to the protocols that enable ubiquitous connection of wireless
World Economic Forum, there are about 91.2% of people resource-constrained IoT applications (Li and Xiong 2013).
depend on IoT devices. They use smart devices to control International Engineering Task Force (IETF) has proposed a
their home appliances, to keep track of their health habits, four-layer protocol stack that describes the various protocols
to distribute power to various areas and also to control the used at each layer, as in Fig. 2.
traffic of aircraft or urban vehicles. Thereby, the security The first layers is Physical layer that concentrates on the
and privacy issues that occur during the analysis of large connection between devices and data flow between them.
data communicating over the Internet has created opportuni- Some of the physical layer protocols are IEEE 802.3, 802.11-
ties to intruders to invade through the network by accessing WiFi, 802.16-WiMax, 802.15.4-LR-WPAN, 2G,3G, 4G
the devices (Da Xu et al. 2014; Abomhara and Køien 2014; mobile network and Long Term Evolution (LTE) network
Peng et al. 2013). It also opens a way for a hacker to forge (Jing et al. 2014). Then it is Internet layer that performs host
the user’s identity and imitate as a genuine user leading to identification and packet routing. IETF has proposed Rout-
attacks like eavesdropping, masquerade and replay attacks. ing over the Lossy and Low-Power network (RoLL) group
Hence the manufacturing industries need to develop their that focuses on the standardization of the IPv6 routing pro-
devices that can easily communicate with other devices and tocol for the Lossy and Low-Power network (LLN). Some
exchange data over the Internet with the concern of devices’ of the protocols used are IPv4 (Li et al. 2014), 6LoWPAN
privacy and maintain security of the collected data. The (Babar et al. 2011) and RPL (He and Zeadally 2015).

13
8838 V. Rao, K. V. Prema

Next layer is Transport layer that is concerned with end- (Lenstra and Verheul 2001). CoAP uses methods like create,
to-end message transfer. The message transfer can be either retrieve, update, and delete. Hence CoAP is divided into two
by handshaking using TCP or without a handshake like sub-layers, called messaging sub-layer and request/response
UDP. The transport layer involves segmentation, conges- sublayer. The messaging sub-layer checks for duplication
tion control, error control and flows control (Zhao 2014; and asynchronous nature of the interactions. The request-
Zhang and Qi 2014) presented in the IETF standards for response sub-layer performs REST communication. CoAP
Transmission Control Protocol (TCP) and User Datagram uses four types of messages: configurable, non-configur-
Protocol(UDP) protocols. Lastly, the Application layer able, acknowledgment and reset. The reliability of CoAP
interfaces with all the lower layers by establishing a secure is checked based on the configurable and non-configurable
connection among them. This layer uses port numbering for messages.
application addressing and most commonly used are Port MQTT: Message Queue Telemetry Transport (MQTT)
80 for Hyper Text Transmission Protocol (HTTP) and Port is a messaging protocol used in IoT based applications
22 for Secure Shell Protocol (SSH). These port helps in that were introduced by IBM at OASIS labs (Meier 2005).
establishing a process-to-process connection. IETF CoRE MQTT works based on a publish-subscribe communica-
working group have initiated a resource-constrained protocol tion model as in Fig. 4. It involves three entities, namely:
called Constrained Application Protocol (CoAP) (Farash and the publisher, the broker and the consumer. Publishers are
Sabzinejad 2014). Each resource corresponds to a universal the sources of data; brokers maintain information about the
resource identifier (URI) that helps the resource to oper- topics sent by publishers and consumers are the one who
ate statelessly using GET, PUT, POST, DELETE and so subscribes the topic managed by the broker. Here, the pub-
on. Other than CoAP, the application layer uses Hypertext lisher is not aware of consumers and the broker indepen-
Transfer Protocol (HTTP), which uses the request-response dently provides information to consumer’s requests. MQTT
model and URI to identify the resources. Message Queu- is built over TCP protocol and has applications in health-
ing Telemetry Transport (MQTT), Extensible Messaging care monitoring, energy meter, Facebook notifications etc,.
and Presence Protocol (XMPP), Data Distribution Service XMPP: Extensible Messaging and Presence Protocol
(DSS) and Advanced Message Queuing Protocol (AMQP) is (XMPP) (Jing et al. 2014) is an instant messaging (IM)
commonly used application layer protocol (Mahmoud et al. standard by IETF. XMPP is used basically for multi-party
2015). Some of the commonly used protocols are explained chatting, voice-video calling. This was initially developed
bellow: by Jabber open-source community to aid and spam-free,
CoAP: Constrained Application Protocol (CoAP) is an secured and decentralized protocol for IM services. XMPP
application layer protocol that defined on Representational uses XMP stanza to connect either between client-to-server.
State Transfer (REST) protocol above HTTP protocol func- Each stanza represents a piece of code that has three parts:
tionalities. REST used Request-Response model as shown in message, presence and ID. Where the message stanza speaks
Fig. 3, where a client-request-message is sent to the server about the source and destination address, the presence stanza
and the server prepares a response and returns the response shows update status and identity (ID) stanza pairs message
to the client. This communication is similar to the client/ with the respective receiver and sender.
server model. REST is a stateless communication model HTTP: World Wide Web (WWW) founded an application
and each request-reply messages are independent of each layer protocol called Hypertext Transfer Protocol (HTTP)
other. Unlike REST, CoAP uses a connectionless protocol (Jing et al. 2014) that could interface with lower-layer proto-
like UDP for message exchange and has customized HTTP cols. HTTP works under a request-response communication
functionalities for resource-constrained devices of IoT

Fig. 3  Request-reply method Fig. 4  Publish-subscribe method

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8839

model and uses commands like GET, POST, PUT, DELETE,

HEAD, TRACE, OPTIONS, etc. Even HTTP is a state-
less protocol and each request is independent of the other
request. HTTP uses universal resource identification (URI)
to identify HTTP resources.
6LoWPAN: IPv6 over Low power Wireless Personal
Area Network (6LoWPAN) is a low-cost network commu-
nication protocol developed under IETF to allow resource-
constrained applications to function efficiently. 6LoWPAN
possess characteristics like smaller packet size, star and
mesh topology, a large number of devices can be connected
dynamically. But as they are designed for resource-con-
strained devices, during their sleep schedule, they are inac-
tive. The limited packet size and variable addressing has
created a need to have an adaptation layer that fits IPv6 pack-
ets to IEEE 802.15.4 specifications. This standard provides
header compression and fragmentation to meet the maxi- Fig. 5  Graphical representation of IoT applications share
mum transmission unit (MTU) of 1280 bytes from a link.

4.2 Smart cities
4 Domain specific applications
Similar to smart-homes, every country is installing its cit-
IoT poses a diverse set of applications in various domains ies with intelligent and self-adaptive smart systems that are
that include cities, environment, energy systems, retail, man- coupled with sensors, actuation units and Internet-based
ufacturing, health and logistics (Vermesan and Friess 2014). cloud services (Jing et al. 2014). We can see smart city
This versatility has created opportunities for hardware manu- applications in smart street lighting that help in automatic
facturers, application developers and the Internet Service operation of street light based on light intensity (Tan et al.
Providers (ISP). Gartner has estimated that by the end of 2016). Likewise, smart parking is another application that
2020, the cost spent on IoT hardware will reach almost to helps drivers to park their car efficiently by saving time in
$3 trillion with the expected data flow of about 45% more searching for an empty parking slot. Smart sensors are also
than current. Beyond these predictions, the applications of used in understanding the road quality and structural health
IoT in health care has taken a share of about 40% and fol- monitoring by implanting sensors on the road and building
low the manufacturing industry with 33%. The smart grid to get a regular interval of information of road and building
technology (Chung et al. 2016; Zhao et al. 2014) posses 7% stress data (Tan et al. 2016). Lastly, IoT is used in surveil-
of total market share. Agriculture, urban infrastructure, secu- lance and emergency response in case of any environmental
rity and resource extraction has taken 4% each. Lastly, IoT disaster with-in the city (Camtepe and Yener 2004).
application in vehicle and retail takes a share of 3% and 1%,
respectively as in Fig. 5. With such a progression of applica- 4.3 Environment and agriculture
tions, we can see some of the domain-specific applications
(Hafsa Tahir and Junaid 2016). Monitoring weather conditions is an important task to
analyze the temperature, humidity, air particles, etc., in
4.1 Home automation the atmosphere. IoT has taken its place in environmental
monitoring by developing weather monitoring systems like
A smart home has become popular for two reasons. Firstly, AirPi. AirPi is capable of monitoring temperature, humid-
the involvement of a wireless sensor network in sensing and ity, smoke, UV level, carbon dioxide(CO2 ), carbon mon-
actuating has made life more comfortable. Secondly, safe- oxide (CO), nitrogen dioxide NO2 and air pressure. Other
guarding home and house-hold things have become easier than weather monitoring stations, IoT used in air pollution
(Mahmoud et al. 2015). In the smart home, we can see appli- monitoring where harmful gases like CO2, CO, NO2 and NO
cations like smart lighting, smart appliance, home intrusion are monitored and the results are presented to the admin-
detection, smoke/gas detector etc. In such applications, many istrator (Mahmoud et al. 2015; Le et al. 2009). IoT is also
sensors and actuators are attached to each device inside the used in noise pollution monitoring, Forest fire detection and
home and are controlled by the user through the Internet river flood detection. Monitoring weather conditions and air
using smartphones or web pages (Jing et al. 2014). quality helps in improving agricultural production. Smart

13
8840 V. Rao, K. V. Prema

irrigation and greenhouse crop production are major two

agriculture-based IoT applications along with soil quality
monitored for pesticide content in the soil (Jing et al. 2014).

4.4 Smart grid

A smart grid is an information and communication tech-

nology that collects and analyzes real-time electrical power
data (Chung et al. 2016). Through this analysis, the power
will be distributed efficiently across the region. Genera-
tion of electricity, consumption, storage, distribution and
health information of the device are the major functions of
the smart grid. IoT based smart meters can capture real- Fig. 6  IoT phases and possible attacks
time power consumption and can be controlled remotely.
The data collected by these smart meters are analyzed using or RFIDs or dynamic objects like sensors and chips on vehi-
cloud-based applications that provide real-time response and cles. The second phase is storage phase which deals with
management strategies. IoT devices having low self-storage capability and thereby
provides a server or cloud-based storage. Next is intelligent
4.5 Manufacturing industry processing phase that deals with the analysis of stored data
and later on, appropriate services are provided to the users.
IoT has created ample opportunity for the manufacturing IoT devices can be queried and controlled remotely using
industry to manage there work and machines. Sensors are the results obtained after the processing of data. The fourth
installed on machines and these sensors can diagnose any phase is data transmission that performs the processing of
change the machine behavior and report to the operator to data communication between all the above phases. Finally,
take further precautionary/corrective measures. IoT is also delivery phase has the activity of delivering the processed
used in logistics to route the product towards the destination, data to all the objects in time without being altered or
object tracking and shipment monitoring. hacked.
Among the five phases, the data perception phase is sub-
4.6 Health care jected to more attacks like data leakage, data authentication
and data loss as the devices are easily available to users
A personal health-care system (PHS) is a smart wearable and hackers. Similarly, in the storage phase, we can see an
device that helps anyone to track their daily activities. The attack on availability, modification of message, Denial of
technologies like NFCs, RFIDs, other sensors are mounted service (DOS) attack, attack on integrity, data fabrication.
on hardware that can be worn by the user. These sensors Attacks on authentication are seen at the processing phase
shall track their activities and report to a smartphone cou- and Channel security attack, session hijack, routing proto-
pled to the devices. Such devices help in heartbeat monitor- col attack, flooding are seen during the transmission phase.
ing, walking rate, user location tracking, user sleep schedule Lastly, at the delivery phase, man and machine-made attacks
monitoring and many more. These data are saved to cloud- are found, as in the Fig. 6.
based applications that can be accessed by the physician and Likewise, there are various attacks based on layers of
helps them to keep track of user’s activities (McGrath and IoT, as shown in Fig. 7 (Ahemd et al. 2017; Ammar et al.
Scanaill 2013). 2018). Sensing/Perception/Physical Layer is made up of
sensors, RFIDs, NFCs, ZigBee, Bluetooth and other intel-
ligent hardware devices. These devices are exposed to more
5 Security concern of smart devices external attacks like node compromise attack, fake node
injection, access control, RF interference on RFIDs. The
IoT can also be defined as the interconnection of “fac- second layer is Internet Layer and is subjected to attacks
tual-and-virtual” objects placed across the globe that are like address compromise attacks, routing information attack,
attracting the attentions of both “makers-and-hackers”. IoT RFID spoofing, sinkhole attack. The next layer is Trans-
infrastructure can be divided into five different phases as port Layer that experiences attacks like Denial-of-Service
mentioned in (Hu 2016) by Jeyenthi, as shown in Fig. 6. (DoS), masquerade, Distributed DoS (DDoS), Man-In-The-
The first phase is termed as data collecting phase that is Middle (MITM) attack, session hijacking. And finally, the
the primary interface between the physical environment and Application Layer experiences attacks like a phishing attack,
sensors. There can be either static objects like body sensors viruses, worms, malicious scripting, revealing of sensitive

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8841

are subjected to secuirty threats like (a) malicious node in

the network, (b) defective manufacturer and (c) external
adversary (Atamli and Martin 2014). These threats lead
to security attacks that can be initiated either by nature
or humans. The natural-threats may include earthquakes,
floods, fire, and hurricanes that cause severe damage to
the computer system. And it is hard to safeguard against
natural calamities, and thereby it is advisable to collect a
backup of data through a contingency plan to reduce the
damage. Accordingly, the security attacks caused by the
human can be classified as below (Abomhara and Kien
2015; Atamli and Martin 2014):

5.2.1 Information level attacks

All IoT devices are enabled with sensors that record the
Fig. 7  IoT layers based attacks data from the physical environment and communicate the
information over the Internet. As the Internet is an open
domain, attackers can easily damage the information under
data, user authentication, software vulnerability, intellectual the following categories (Conti et al. 2016; Stallings 2006;
property. McAndrew 2016a):

5.1 Security mechanisms in IoT • Denial-of-service (DOS): DOS is an attack over the

network component that makes it be unavailable for an
The security measures of IoT vary from conventional net- intended user.
work security. For example, the installation of the IoT envi- • Masquerade: An intruder behaves as an intended user
ronment is unique when compared to other Internet-enabled and tries to talk with the network component.
applications. IoT deployment depends on Low power Lossy • Modification-of-message: An intruder can alter or
Network (LLN), where the devices are having low power, delete or fake a message sent by a legitimate user.
limited memory and are highly dynamic. These LLNs also • Man-In-The-Middle (MITM): MITM is a kind of attack
experience a high amount of data losses due to the imper- wherein a malicious user takes control of the commu-
sonation of nodes (Alaba et al. 2017). Each layer of IoT nication channel between two or more endpoints.
encounters various attacks as mentioned in the previous sec- • Message replay attack: A malicious node stores the
tion. The various attacks on IoT layers have countermeasures message without the knowledge of intended users and
like authentication, data integrity checks, secure booting, the malicious node transmits an altered message to the
IPSec security channel and secure physical design to keep receiver.
malicious users out of the IoT network. Later at the network
layer, it is essential to provide data privacy to prevent illegal
access to network components. And also by using Secure 5.2.2 Adversary location attack
Routing protocols for LLNs (S-RPL) (Glissa et al. 2016)
routing information attack can be prevented. At the transport An intruder can be present in any part of the IoT eco-
layer, transport layer security (TLS) and secure socket layer system. He can either be within or outside the IoT environ-
(SSL) are used to avoid attacks (Styger). User authentica- ment like (Nawir et al. 2016):
tions, access control lists, firewalls, anti-virus methods, risk
management, are used to avoid attacks on the application • Internal attack: An attack caused by the components
layer (Zolanvari and Jain 2015). within border of auntentication. Also called an insider
attack where the intruder tries to inject malicious code
5.2 Security threats, attacks and impact on IoT towards the IoT components being a part of the net-
work.
Devices within the IoT communicate personalized data • External attack: An attack caused by an advisory that
of many users like health information, bank details, pass- is located outside the IoT environment from a remote
words, location information and many more. These devices place.

13
8842 V. Rao, K. V. Prema

5.2.3 Access level attack SR1 

Confidentiality, states that the data is kept secret from
the unintended users. i.e., the data forwarded by the
Access level attacks are broadly classified into active and sender should be received by the intended receiver.
passive attacks (Nawir et al. 2016). In the passive attack, Even if intruders hack the network, he/she must
an attacker can read the packet that is transmitted, but he/ not be able to derive the actual data that has been
she cannot alter the packets like eavesdropping and Traffic communicated.
Analysis. On contradictory, in active attack, the attacker sees SR2 
Data integrity is a process in which the data sent
the data and alter the content of the data and transmits the by a sender should reach the receiver unaltered. In
altered data back to the network. other words, intruder should not be able to scramble/
modify the data.
SR3 
User privacy is required as IoT involves activities
5.2.4 Host‑based attack related to human beings and with the knowledge
of their personalized information, hence providing
Many devices in an IoT system are made up of different security to such sensitive information demands more
manufacturers (Nawir et al. 2016). These devices are sub- security concern.
jected to user compromise attack, software compromise SR4 
Non-repudiation is a scenario wherein either sender
attack and hardware compromise attack. This is because the or receiver deny to participate in the communication.
manufacturer can hold the devices’ information which can SR5 
Authentication is a task of validating and verifying
be misused by him. Hence the production of such poorly the user.
secured goods results in compromising user privacy. At SR6 
Authorization is a process that enables the authentic
the same time, any manufacturer can attack his competitor user to access the resources.
through its devices. SR7 
Availability ensures that the network must be opera-
Atamli and Martin (2014) have analyzed the impact of the tional in all types of circumstances. The network ser-
above attacks on the IoT applications like power manage- vices must be available to all legitimate users even if
ment, smart car and the smart health-care system. Through the network is hacked by intruders.
their study, they have projected that there is a need for secu- SR8 
Access control instruct the communication end point
rity and privacy considerations at the level of (a) actuators, to be authenticated, i.e., the entities accessing the net-
(b) sensors, (c) RFID tags and (d) the Internet/network. work should possess the authentication to access the
Attack on actuators in power management applications can network.
lead to financial loss due to excessive power consumption.
Similarly, in smart cars, these compromised actuators may
control the brake system causing human casualty. Also, 6 Lightweight integrity schemes
in the health-care system, these compromised actuators
can inject the wrong dosage of medicine to a patient who ECC was introduced in early 1985 by Miller (1985). They
is remotely monitored by the doctor. Likewise, a compro- defined that the hardness of ECC security depends on the
mised sensor can fake the data that may lead to the wrong discrete logarithmic problem defined on the elliptic curve
diagnosis of a patient. At the same time, these compromised Eq. Later, Gura et al. (2004) experimented ECC and RSA on
nodes can reveal the personal information of the patient or an 8-bit CPU to compare their performance and found that
the data related to a user’s home through the power manage- the use of ECC for a lower bit processor provides the same
ment system. level of security as that of RSA. Later during 2013, Wenger
(2013) developed an ECC based access control scheme over
a prime field on 16-bits MSP430 micro-controller whereby
5.3 Security requirements the results confirmed the feasibility of ECC for resource-
constrained devices.
Smart network is composed of a large number of network ECCs are often implemented by using a static pub-
components, which can be either of people-to-people (P2P), lic elliptic curve that are shared among all the users in
people-to-machine(P2M), or machine-to-machine (M2M), the network. In (SEC 2000) the recommended elliptic
the concern of security is more. When two objects of such curve domain parameters are provided for the Weier-
diverse network initiate to communicate over the public strass curve equation y2 = x3 + ax + b that is followed
channel, the attackers can eavesdrop, replay, or alter the mes- by various researchers (Silverman 2009). Liu and Ning
sage. So some of the security requirements that the network (2008) and Wenger (2013) have proposed software and
security algorithms should possess are (Luhach et al. 2016; hardware architecture for resource-constrained embedded
Babar et al. 2011): devices. Their work has shown the feasibility of ECC on

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8843

the embedded system. But the use of a fixed elliptic curve composed of IoT devices, independently of communica-
can be challenged on intensive crypt-analysis. Wang and tion protocols.
Cheng (2017) made a study on using a fixed prime field to A simple block-cipher-based message authentication
build a crypto-system for applications developed for dif- encryption scheme is proposed by Mazumder et al. (2017).
ferent processors varying from 8- to 256-bits. The system takes variable message size as input along with
To address the usage of the static curve in ECC, Wang the initial vector (IV). The use of nonce and associated data
et al. (2018) proposed a dynamic elliptic curve based on is replaced with the concept of IV to reduce the overhead
Internet-of-Vehicular (IoV) network. Their work showed incurred due to nonce. A block-cipher based compression
good computational efficiency and security for a smaller function is used with the OFB model of encryption as the
key size. But storing the elliptic curves as a plain text in system encrypts variable size of data, padding of the mes-
embedded systems would lead to security concerns. To sage is removed, which reduces communication overhead.
address the data integrity issue of Java card-based appli- But the entire work is studied under serial communication of
cation, Gayoso Martínez et al. (2011) initiated the use of the participants, which is not feasible for IoT based applica-
ECC based encryption algorithm called an elliptic curve tions where each device can communicate parallel to each
integrated encryption scheme (ECIES) and concluded other or/and the base station.
that ECIES based encryption is best among encryption Shivraj et al. (2015) have proposed a one-time password
schemes for resource-constrained devices. authentication scheme based on ECC for IoT. They have
Lin et al. (2018) proposed a two-tier device-based handled the end-to-end authentication of devices and their
authentication protocol for primary user emulation attack application. As these end devices have dynamic topology
(PUEA) for IoT applications. Their work used a spectrum and non-standardized framework has led the security con-
management method to guard against common types of cern of IoT devices and applications; hence a two-layered
security threats. They have proposed that the work can be authentication is proposed. They have used lightweight iden-
extended to movable objects based on the detection per- tity based elliptic curve cryptography with Lamports OTP
formance to increase the reliability of the protocol. Tiwari algorithm with smaller key size and limited infrastructures.
and Kim (2018) have used Deoxyribonucleic acid (DNA) When compared with existing schemes like Hashable OTP
and ECC to provide double folded security for mobile and (HOPT), Time based OPT (TOTP), Bicakai OTP (BOTP)
cloud-based applications. They have used Kobliz’s algo- methods, their proposed scheme reduced the storage over-
rithm to choose the elliptic curve and compared the results head on the devices as past keys were not being stored.
with RSA based schemes. For the vehicular network, providing PKI based security
Uninterrupted and accurate functioning of IoT devices is difficult. Tan et al. (2016) has proposed a secure authenti-
in smart city applications is a crucial task. Such applica- cation key management protocol that maintains a list of keys
tions have major challenges to ensure the authenticity of bonded to the entitys identities. These entities can either
devices so as to make better decisions. Hence to balance placed on road-side or vehicles. SA-KMP used 3D-matrix
the performance between efficiency and communication based key agreement scheme with symmetric encryption.
cost, Li et al. (2017) have designed a lightweight mutual The use of symmetric encryption has reduced the high com-
authentication protocol based on public-key encryption putational cost and the performance is analyzed in terms
scheme for smart city applications. They have evaluated of transmission and storage overhead, network latency and
their work on a Contiki OS and CC2538 evaluation model. key generation time. They have used ProVerif tool to prove
The encryption process was performed offline and then the the method under Dolev and Yao mode to check the system
ciphertext was subjected to an authentication process that against DOS, collision attack and wide range of malicious
was done online. This online and offline process of the attacks. Through numerical analysis, the SA-KMP scheme
digital signature consumed more time and created over- has shown good efficiency and scalability than the existing
head on the node’s resources. Parrilla et al. (2018) had certificate-based PKI schemes.
designed a compact crypto co-processor for FPGA based To handle the overhead that occurred due to runtime,
IoT devices. This co-processor uses elliptic curve cryptog- firmware size, communication and energy consumption
raphy (ECC) with advance encryption standard (AES) and on an ARM-based device, Mössinger et al. (2016) has pro-
group keys. The proposed processor ensures the security posed ECC based signature scheme. They have considered
of wireless sensor networks independent of the communi- Secp192r curve parameters with 192-bits key length. The
cations protocols used. The crypto-processor is named as work provides proof against message integrity via cryptog-
ECC163AES128 as it can handle symmetric cipher with raphy that is greater than the cost of encryption. They have
128-bits and ECC cryptography over GF(2163) binary found that the amount of sending unsigned messages cre-
filed. The developed crypto-processor provides the secu- ated two-third of overhead that the cryptographic operation
rity of heterogeneous local Wireless Sensor Networks against the signed message. The work was simulated using

13
8844 V. Rao, K. V. Prema

Contiki OS through which they have shown the performance A review of ECIES is done by Bernstein et al. (2013).
of additional 200 ms of the runtime. The ECIES use both symmetric and asymmetric cryptogra-
The most commonly used communication medium in phy that provides double-level security. The analysis is done
healthcare is RFID. Basically, RFID based security scheme on the Java Card and the performance evaluation has con-
uses either a hash function or symmetric key encryption. cluded that encryption using ECIES is best. Based on card
Zhao has analyzed the method proposed by Liao and Hsiao shuffling-logic, a data confidentiality algorithm is designed
and found that the private keys stored, are easily hacked. using ECC by Rahaman (2017). The use of random card
Hence to overcome the private key compromise attack, shuffling has exhibited double encryption and increased the
an authentication protocol for Healthcare Environments security of the scheme. In this work, they have removed the
Using Elliptic Curve Cryptosystem is proposed by Zhao mapping process of every alphabet to corresponding ASCII
(2014). Through security analysis, the proposed scheme has values of the plain text to be paired up. The algorithm can
shown better performance than Liao and Hsiaos method. encrypt or decrypt any ASCII value-based input. The use of
Le et al. (2009) has presented a public key-based access ECC has proved that the algorithm is suitable for resource-
control mechanism using ECC. The work is compared with constrained devices.
HBQ and symmetric key encryption and uses online KDC. The integration of IoT and cloud has taken a major share
Through the result analysis, its been proven that their work in the communication industry. As the IoT infrastructure
has shown resistance to a drawback of the HBQ scheme. needs to combine with cloud, the existing infrastructures
But the use of online KDC has led to the issue of network exhibit difficulty in ensuring distributed computing. A
breakdown in case the Internet goes down. Internet Protocol/Multiprotocol label switching (IP/MPLS)
For automatic control application (AAC), Li et al. (2014) based security framework using ECC is proposed by Bai
has provided an attribute-based encryption (ABE) key man- et al. (2015). Their framework ensures the protection against
agement to develop a privacy-preserving protocol (P3). The security risks like confidentiality, integrity and authentica-
P3 protocol is based on ciphertext policy attribute-based tion and privacy is used. The model has eliminated ambigu-
encryption (CP-ABE) and Rivest Shamir and Aldman ity and has shown that a smart card-based application for the
(RSA) public-key encryption algorithm. Their work used a evaluation process has shown that in the future, there can be
key revocation scheme to generate a periodic batch rekeying one smart card per citizen that can be used anywhere, any-
strategy that is apt for resource-limited smart meters. The time. The multifactor authentication and message encryption
ABE revocations reduce the vulnerability window, authorize have ensured the CIA requirements.
the legal activities of smart meters and cover the privacy for To an IP-based communication technology of smart
both the control server end and appliance end. An effective grid applications, Mahmood et al. (2016) have proposed a
multifactor authentication method is proposed by Ahmed lightweight authentication scheme. They have used RSA
and Ahmed (2019) that uses combiner hash functions. Their and AES algorithm to develop a hybrid Diffie-Hellman
work achieves collision resistance, pseudo-randomness and based lightweight authentication scheme. Li et al. (2018)
one-way properties of hash functions. But they lack in pro- have presented a study on ciphertext-only fault analysis
viding complete encryption and decryption solution for IoT (CFA) on light encryption device (LED). The analysis is
applications. done for LEDs like square Euclidean imbalance (SEI), the
Pan et al. (2017) has proposed an ECC based server called goodness of fit (GF), the goodness of fit-square Euclidean
GUESS, which is implemented under the key size of 256-b imbalance (GF-SEI), maximum likelihood (ML), hamming
on a Linux platform. GUESS is used for a heavily loaded weight (HW) and maximum a posteriori (MAP) distinguish-
application like e-commerce and other online transaction ers. Their CFA method took about 152 ciphertexts and 304
required authentication. Also, GUESS supports various ciphertexts to recover the 64-bit and 128-bit secret keys of
categories of ECC schemes like DSA, key agreement and LED, respectively. Through this study, they were able to
encryption. In the near future, the GUESS server is checked analyze the threat of CFA over IoT.
for side-channel attacks. To protect the patient data, Farash A stateful based forwarding stores the routing informa-
and Sabzinejad (2014) developed HiDE to provide a hierar- tion on forwarding state table. Such storages create overhead
chical clustered based framework that as a backbone cluster on the devices and also is susceptible to “varietal” Denial-
with several area clusters. Under this setup, there is an area of-Service expected to occur due to complicated forward-
cluster having a secure access point (SAP) that collects the ing state operations. Liu et al. (2019a) have proposed an
data and aggregates to the root SAP located in the backbone enhanced distributed low-rate attack mitigation (eDLAM)
cluster. HiDE is used to establish a secure session between mechanism. eDLAM stores a lightweight malicious request
each pair of cluster head and cluster members. Hence HiDE table (MRT), which is very small and removed the burden
has maintained the confidentiality of sensitive medical data over the resource-constrained device that incurred during
with low computational overhead. the forwarding state table. Wang et al. (2019) has designed

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8845

a secure, lightweight entity authentication scheme for keys that make the system more complicated. Even if the
hardware primitive called SLATE. SLATE is a challenge- common key is leaked or forged, it is difficult to find the
response based verification system that has shown efficiency specific key. Hence by using collision-free one-way hash-
against the exiting lightweight ciphers. SLATE is resistant ing and XOR operations, they are able to provide consider-
to logic obfuscation and Boolean satisfiability (SAT) attacks able fast computation.
under theoretical information analysis. For an RFID based application, John and Thampi (2016)
have implemented mutual authentication using hybrid ECC
(HECC). The hardness of the proposed method was in solv-
7 Lightweight authentication schemes ing the hyper-elliptic discrete logarithm problem (HCDLP)
that provides security over eavesdropping from breaking
For smart dust based resource-constrained devices, Lee into the cryptosystem. They have used a D-Quark hashing
et al. (2016) have designed an energy-efficient authentica- algorithm. HECC is used to exchange the symmetric keys
tion scheme. Their scheme ensures lightweight mutual veri- between the communicating parties. Pereira et al. (2016)
fication and key exchange mechanism. They have used a has evaluated the proposed method using AVR low-power
simple hash calculation and certificate framework to support micro-controller ATmega-128l controller and have shown
devices with limited hardware resources. For the existing the proposed method is suitable for resource-constrained
security configurations of IEEE 802.11x, (Kim et al. 2017) devices. The proposed Hash-based signature scheme has
designed an authentication and key management scheme shown resistance against pre-image resistance due to the
(AKM) for IEEE 802.11ah based IoT communication. The adoption of randomized hashing using a particular nonce.
design was able to delegate the burden of AKM processes to Wazid et al. (2018) have designed a secure authentica-
a station-side authentication server (SAS). The IoT devices tion scheme for hierarchical IoT networks (HIoTN). HIoTN
delegated the burden of AKM to SAS and had to just ver- is made up of different nodes, gateway nodes, cluster head
ify the authenticity with an access point (AP) using basic node and sensing nodes arranged in a hierarchical manner.
encryption and decryption. Such delegation showed better For such a network, they have proposed a three-factor remote
performance by reducing the authentication workload of the user authentication scheme for HIoTNs called user authenti-
access network. cation key management protocol (UAKMP). UAKMP uses
For applications involving a long period of time like the smart card, password and personal biometric entities to
healthcare, industrial automation system and public facilities provide three-tier user authentication. Even though UAKMP
management, Kim et al. (2016a) have proposed a session key is proved to provide security against known attacks through
establishment based scheme for a clustered sensor network simulation, they were unable to show the same performance
by using ECDH key exchange and hash chain. It showed on a real-time based scenario with resource-constrained
resistance against session key attack, node impersonation devices.
attack, reply attack and node capture attack. It showed the Le et al. (2009) discussed the issues of mutual authen-
main advantage of storing the past and future session keys tication problems in mission-critical applications related
in a repository. But on the real-time work model, these pro- to WSN. They present an ENergy-efficient Access control
cesses consumed device memory space and created over- scheme Based on ECC (ENABLE). The performance of
head on the device. Similarly, for a health care based IoT ENABLE is compared with HBQ[Enable-4] and symmet-
application Chen et al. (2017) has provided a solution to ric key based schemes on SENSE simulator under AODV
secure the patient’s privacy. The devices placed over the protocol that showed ENABLE provided better scalability
patient’s body undergo many physiological movements and with lesser memory requirement and no key predistribution.
are subjected to collect a lot of data. Hence when a doctor As they have used online KDC, if the Internet goes down,
wants to access this data through remote login, the patient providing access control would be difficult.
has to authenticate the doctor. To enable the privacy of user In a cognitive IoT architecture, there are security con-
identity, Yuwen et al., have designed a scheme where a gate- cerns over the radios, hence Lin et al. (2018) have proposed
way knows the shared keys and these keys are shared using two-tier device-based authentication schemes. This setup has
ECDHA to maintain key secrecy. helped them to explore the tradeoff between the detection of
Chung et al. (2015) have proposed a novel anonymous malicious node and spectrum management. But by develop-
authentication scheme that uses the virtual identification ing a joint spectrum allocation and topology control, their
for the IoT devices by ensuring anonymity and authenti- system could be extended to real-time sensing through which
cation. By keeping the uniqueness and virtual identities, they could reduce the end-to-end delay and control the net-
they are providing untraceability of devices. This scheme work access. Using an iterative MerkleDamgard (MD) hash
has helped them to withstand replay attack, forgery and function, a lightweight signing and verification method was
impersonation attacks; they are using common and specific proposed for IoT applications.

13
8846 V. Rao, K. V. Prema

Based on the challenge-response phase of physically application. But providing integrity on sensed data is the
unclonable functions (PUF) of IoT devices, Aman et al. major concern of a secured IoT system. To overcome the
(2017a) have proposed a mutual authentication scheme for shortcoming of Mun et al. scheme, Zhao et al. (2014) has
communication between a device and server and between proposed a unique anonymous authentication scheme for
two devices. The challenge-response method was also used global mobility network (GMN). BAN logic is used to val-
for session key establishment. Even though their system idate the authentication of the scheme. The scheme does
showed improvement in their performance, the latency of not use time-stamp; hence clock synchronization problem
authentication was more due to the number of messages is overruled. The scheme ensures authentication and estab-
exchanged between the entities were increasing with every lishes a session key when the user is in the home network.
session created. For the WSN environment, Lavanya and The efficiency of the scheme has proven for low-power and
Natarajan (2017) proposed a lightweight authentication limited resourced mobile devices.
scheme using mBLAKE2b as hashing method for ECDSA To address the issues related to scalability and resil-
based authentication scheme. Their method was studied for ience to the node compromise attack, hop-by-hop message
performance parameters like energy consumption, through- authentication, and source privacy is proposed by Le et al.
put, latency, packet delivery ratio and signature verification (2009). As the polynomial based scheme has the issue of
using the NS-2 simulator. The security of the method was when a number of message transmission is larger than the
evaluated using the SCYTHER tool. Through the result anal- threshold, the message can be easily cracked by the hacker.
ysis, they have shown a better performance of the authentica- Thereby, the ECC based authentication method is proposed
tion process when compared with traditional authentication that ensures message source privacy. They have presented
schemes. an unconditional secure and efficient source anonymous
The standard methods to provide user authentication are message authentication (SAMA) scheme based on the opti-
password, tokens or biometrics. But these methods also mal modified Elgamal signature (MES) scheme on ECC.
possess security issues. Hence, Srinivas et al. (2017) has The scheme authenticates every intended node and ensures
introduced a new method called biohashing. Biohashing to identify the corrupted message and sources. To setup a
eliminates false acceptance rates without an increase in the secure communication channel between sensor nodes and
occurrence of false rejection rates. This scheme supports the Internet host, a heterogeneous online-offline signcryption
user-friendly password reset and dynamic node addition. method is proposed by Li and Xiong (2013). The work has
Under BAN-logic, their scheme has shown mutual authen- shown resistance against adaptive chosen ciphertext attack
tication between the nodes and also, under the AVISPA under Bilinear Diffie Helman Scheme and unforgeability
tool, they were able to test for man-in-the-middle(MITM) against the chosen message attack. The online phase does
attack and replay attack. But their scheme possessed limi- lighter computations using the message and in the offline
tations in lack of dynamic identities for large growing IoT phase, the heavy computations are done in the absence of
networks. Based on a one-time-password (OTP) based secu- a message. The work has fulfilled CIA and non-repudiation
rity scheme, Shivraj et al. (2015) have proposed a security properties.
scheme to ensure end-to-end authentication between various Lee et al. (2016) have suggested lightweight mutual veri-
IoT devices. They have used a lightweight identity-based fication and key exchange method for smart dust applications
ECC scheme and Lamport’s OTP algorithm. With the argu- of wireless sensor networks based on the IoT environment.
ment of having a two-factor authentication scheme, their In their work, they have used the group signature scheme
experimental proof has shown significantly better perfor- where each sensor node elects a middle node (MN) and
mance than existing standby OTP algorithms. But they are transmits the data collected in the one-hop communication
unable to provide the same efficiency for a widely spread model. In the course of the MN election, the node having
IoT network as generating OTP simultaneously for many more existing resources is selected and complex calcula-
devices is infeasible. tions are performed in MN. During authentication and smart
Kumar et al. (2016) have proposed the ECC-based Access device registration, gateways verify the smart nodes through
Control Protocol (ACP) solution to prevent malicious nodes CA. The security and energy verification of the method is
from eavesdropping the network and also to protect the node performed through functional evaluation. But their work
privacy. During the comparative study of their scheme, the showed drawbacks while updating the group keys of sub-
time taken by ACP in computing point multiplication is miniature devices as they are resource deficit in nature.
much lesser when compared with existing protocols and Lu et al. (2017) proposed a heterogeneous data aggre-
energy consumed during the multiplication is also less. They gation scheme called lightweight privacy-preserving
have concluded that their method is feasible for access con- data aggregation (LPDA) scheme. LPDA is implemented
trol and privacy of the node. But they have failed to address using the Chinese Remainder Theorem, homographic Pail-
the data integrity of the wireless sensor network-based lier encryption scheme and one-way hashing techniques.

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8847

Their scheme was successful in identifying false data and To provide energy efficient authentication for IoT devices,
aggregate hybrid IoT devices data. The proposed scheme Aman et al. (2017b) has proposed a lightweight mutual authen-
is not evaluated for the security of the adversary model. tication protocol that uses Physically Unclonable Functions
In health-care based IoT applications, wearable sensors (PUFs). The protocol is evaluated for two different scenarios,
transmit the data to the server that helps the doctors to firstly, communication between the device and the server and
obtain information using Telecare Medical Information secondly, communication between the devices. Their proto-
System (TMIS). As these data transmission between cols work on a challenge-response mechanism using PUFs
patients and doctors needs continuous authentication, a and stores the secret values of each IoT device with the server.
secure authentication and prescription safety (SAPS) pro- Such storing reduces the performance of the device as it has
tocol is developed by Mahmood et al. (2017). A secure to constantly request the server for the secret values before
three-party key establishment scheme is developed to initiating the communication with other clients.
provide security between doctor and patient during the In the heterogeneous environment, the attacker is prone to
prescription of medicine. The process begins when the impersonate legitimate users. To solve the impersonate attack,
patient registers with the trusted server and obtains the a lightweight anonymous authentication and key agreement
validation before establishing the session key. The SAPS scheme are proposed by Liu et al. (2019b). Their proposed
protocol is analyzed for security using Rubin Logic and method can toggle between the public key infrastructure (PKI)
exhibited properties like verification, user anonymity and and certificateless cryptography. Through security analysis, the
untraceability of the patient in TMIS. method can resist replay and DOS attacks and has shown good
The use of a chaotic map with ECC based cryptosystem scalability. A certificate revocation scheme (CRS) is proposed
has helped to enhance the security of authentication. Dur- by Mahmoud et al. (2015) for smart grid-based applications
ing recent research, the existing research has shown lacking under the vehicle network (Automatic Metering Infrastructure-
security concerns. To improve the security of authentica- AMI). The method uses certificate revocation in pseudony-
tion protocol for resource-constrained devices, Kang et al. mous public-key infrastructure (PPKI) -here a large number of
(2016) have proposed a Markov Chain based authentication certificate public and private keys are assigned to nodes. The
that has shown more security efficiency than the existing. work showed efficiency for vehicle grid application. But not
The work is in comparison with Djellali et al. (Djellali et al. suitable for other IoT applications.
2015) which uses Markov Chain for ubiquitous devices. The As the user and the smart devices communicate over the
work is extended to scalable and changeable networks like insecure communication channel, the sensitive data that is
the multi-server environment and the cloud services system. traveling across the channel are subjected to security and pri-
They have proved a theorem of not saving the verification vacy concerns. To avoid such issues, Shuai et al. (2019) has
table, which leads to passed verification drawbacks in the proposed an anonymous authentication system using ECC
registration phase. Internet Engineering Task Force (IETF) for smart home applications. Their scheme avoided the stor-
has proposed a standard communication protocol called age of verification tables for the authentication process and
Internet Protocol version 6 (IPv6) over Low Power Wire- used a random number method to resist replay attack and
less Personal Area Networks (6LoWPAN) for enabling the resist clock synchronization problems. They have performed
communication of machine-to-machine communication. security analysis using the random oracle model and BAN
Qiu and Ma (2016) has proposed a hybrid scheme called logic. Also, the verification of the method is verified using
enhanced mutual authentication and key establishment ProVerif tool, under which they were able to show secrecy
scheme (EMAKES) for such 6LoWPAN networks. They of the session key and achieve mutual authentication suc-
were able to show resistance towards replay attacks, man- cessfully. To enable direct device-to-device communication,
in-the-middle attack, impersonation attack and Sybil attack Dang et al. (2020) have proposed a ECC based lightweight
using Protocol Composition Logic (PCL). authentication scheme. Their scheme provides secure data
To address the security and privacy issues under smart transmission between cloud server to devices and also
grid applications, Afianti et al. (2019) has proposed a novel between devices too. The protocol is formally evaluated
method using a dynamic cipher puzzle (DCP) called multi- using BAN-logic and shown the resistivity against common
DCP (M-DCP). M-DCP uses RC5 encryption with the ellip- security attacks.
tic curve digital signature algorithm (ECDSA) to ensure the
integrity and authenticity of the user. Also, the DCP hash
function was modified with Merkle Hash Tree and chain 8 Lightweight hash functions
based hash table. But performing double hashing during the
time of new node addition gave computational overhead on Federal Information Processing Standards (FIPS) proposed
the devices and such a setup would be infeasible for real- hash function that took variable data size as input and
time evaluation. produced a fixed size of output (McAndrew 2016b). The

13
8848 V. Rao, K. V. Prema

cryptographic hash function generates a condensed represen- pointed the need for improved BLAKE and hence proposed
tation of the message. These hash functions have two major a new version as BLAKE2 that used 32% less RAM when
properties like, one-way hash function and collision resist- compared to BLAKE and has less overhead with minimized
ance. The one-way hash property, it is defined as, if H(m) is padding. To provide user authentication using a password,
known by the adversary, it should be impossible to extract tokens, or biometrics has raised an issue regarding password
the message “m”. Collision resistance is a property where or token being stolen or forgotten. To handle such condi-
no two hash values should be same i.e., H(m) ≠ H(m� ) . tions, Srinivas et al. (2017) has proposed a new biohashing
Because of these properties, hash function are used in vari- based authentication and key agreement scheme to eliminate
ous applications like message authentication, digital sig- the false accept rate. They have simulated the work using
natures, one-way password file, intrusion detection, virus AVISPA tool and shown resistance against MITM and replay
detection applications (Center 2018). attack. Their work uses the BAN logic to ensure mutual
The commonly used hash functions are message digest authentication. The work supports dynamic node addition
(MD5) and secure hash functions (SHA). During 1993 and user-friendly password change.
National Institute of Standard and Technology (NIST) pub-
lished SHA under FIPS-180-4 specification. FIPS-180-4 has
seven variants of SHA-1 and SHA-2 family has algorithms 9 Security analysis of lightweight
of SHA-224, SHA-256, SHA-384, SHA-512, SHA2-224, cryptography
SHA2-256 and SHA2-512 (Center 2018). Later in 2012 at
SHA competition, FIPS proposed the need of an alternative A statistical analysis of different ECC based authentication
for SHA-2 as SHA-3: Standard Permutation-based Hash and key exchange protocols are subjected to security analysis
and Extendable-output Functions (FIPS-202). SHA3 has and threat modeling by Roy and Khatwani (2017). They have
four fixed-length hash algorithms as SHA3-224, SHA3-256, provided the vulnerability of ECC based cryptosystem under
SHA3-384, and SHA3-512 (NIST 2018; Dworkin 2015). attacks like MITM, clogging attack and database. Hence is
At the Cryptographic Hash Algorithm Competition along it essential to add additional defense layers to guarantee the
with SHA3, BLAKE was also among the top five finalists security against the suspected attacks. An ECC based Light-
proposed by Jean Philippe Aumasson, Luca Henzen, Willi weight authentication protocol with key agreement protocol
Meier and Raphael C (Aumasson et al. 2008; Hao 2014). is proposed for smart-card based IoT applications by Reddy
Even though BLAKE was not selected as SHA3 finalist, it et al. (2016). Their protocol involves a one-way hash func-
has its own high-security margins and good performance. tion, message authentication code and exclusive OR opera-
Ever science BLAKE is proposed it has attracted consider- tions. The work is resistance against replay attack, clock
able applications in resource-constrained device security. synchronization problem, smart card stolen attack, insider
BLAKE is built on a widely known hash structure called attack, user impersonation attack. It also provides forwards
HAsh Iterative FrAmework (HAIFA) that has round itera- secrecy, two factor authentication and mutual authentica-
tions schemes, local wide-pipe internal organization and a tion. RFID based automated patient medication system has
compression function under modified Salsa20 stream cipher. taken a major share in the health care industry. Zhang and
BLAKE-256 produces 256 bits hash digest working on 512 Qi (2014) has presented an ECC based authentication sys-
bits state with 32 bits size of internal word (Hao 2014). Core tem. Through the theoretical proof, their work has shown
BLAKE block transformation combines 16 words of input resistance against tag-information privacy, tag-anonymity,
to 16 working variables and it has 14 or 16 rounds with four backward-traceability and forward-traceability, tag imper-
steps based on BLAKE-256 or BLAKE-512, respectively. sonation attack, spoofing attack and DOS attack. A hybrid
During the course of research, BLAKE showed a better elliptic curve based multi-message signcryption is designed
performance with respect to speed and space complexity. by Rahman et al. (2018). The work is evaluated for security
This was proved on Qualcomm’s krait micro-architecture, requirements like replay attack, integrity, authentication,
during which SHA3-256 took about 20% longer than SHA- non-repudiation, public verifiability, forward secrecy and
256 and SHA3-512 took twice the time of SHA-512. But for unforgeability, using AVISPA tool.
the same platform, BLAKE-512 outperformed SHA-512 by The combination of cloud-based services with IoT has
showing 1.41 times faster than SHA-512 and BLAKE-256 raised to the limitations regarding low-latency and high
showed 1.70 times faster than SHA-256. BLAKE-512 per- mobility of the application. To handle the latency and
formed 5.76 cycles per byte, which is approximately 579 KB mobility limitations, a fog based environment is deployed
per second against 411 KB of SHA-512 on a CPU clocked remotely that are susceptible to security attacks. Hence
at 3.5 GHz (Aumasson et al. 2013). Later, Preneel (Pre- for a health care based Fog-IoT, an authentication scheme
neel 2010) observed that BLAKE’s security and efficiency is proposed by Jia et al. (2018). The three-party bilinear
could be ruled out with an extensive crypt-analysis. Thus he key-agreement protocol is proposed that is resistive against

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8849

MITM, replay attack, known-session key attack, and intrac- share their session keys to the KDC prior to communication.
tability. The WSN applications of IoT are designed to use a Their scheme is resistant towards attacks like replay attack,
pair-wise key, which is used for the long term in the process MITM attack and wiretapped secret-key attack. But the
of communication. As these pair-wise keys have a long life- scheme lack the security of the session key, which sharing
time when being hacked, the data can be altered, and the with the KDC, i.e., if the session key KIR is compromised,
privacy of the user can be questioned. To reduce such an the whole device could be hacked. In a large-scale system
impact on the device, a session key based key exchange is communicating over LTE, the network is skeptical about
developed by Kim et al. (2016b). In this work, an elliptic data security and user privacy. For such an environment,
curve Diffie–Helman (EDHA) based session key exchange is Saxena et al. (2016) have proposed an authentication and
proposed for clustered based sensor networks. To provide the key agreement (AKA) protocol. They have used sequence
authentication for the participanting entities, the hash-chain numbers for each authentication package instead of MAC
is used between the gateway and the cluster head. Through verification information and shown resistance against chosen
the proposed method, the number of communicating mes- message attack, key secrecy and theft, MITM attack, replay
sages is reduced and has provided security against MITM attack and impersonation attack.
attacks, session key attacks, replay attacks, node impersona- In machine-type communication devices (MTCDs),
tion attacks and node capture attacks. the communication is based on LTE/LTE-A network, the
A multi-factor remote login based authentication method MTCDs access the network simultaneously and each MTCD
is proposed by Dhillon and Kalra (2017). This method is a has to be independently authenticated with the network base
combination of three different authentication mechanisms station. During such a simultaneous process, there maybe
like password-based, biometric and smart devices. The be congestion and signal overhead on the network. To
biometric-based authentication has complied with Discrete avoid these issues, Fu et al. (2016) has presented a group
cosine transform (DCT) and Principal component analysis authentication mechanism that reduces signal overhead
(PCA) based hashing function. Under formal and informal and provides robust privacy-preserving for each MTCD
security analysis, the proposed three-factor authentica- along with anonymity, unlinkability and traceability. Their
tion has shown resistance to attacks like password guess- method is evaluated using ProVerif tool and the method has
ing attack, password change attack, parallel session attack, shown resistance against DoS attacks, MITM and imper-
denial of service attack, stolen smart device attack, and sonation attacks. In multi-server based mutual authentication
impersonation attack. Annor-Asante and Pranggono (2018) schemes, the user must log in separately for each service
has designed a real-time test-bed that is created using the and remember the login credentials like multiple identities
Arduino Uno and Xbee module to check the resistance of and passwords. Such an environment is inclined to password
smart grid application against Distributed Denial-of-Service guessing attacks, MITM, eavesdropping, replay attacks. To
(DDoS). They have developed cyber-security software with avoid such attacks, Tomar and Dhar (2019) has designed a
SCADA and PLC programming for the evaluation of cyber- multi-control server environment that uses the user’s biom-
security research. etric and password to authenticate them. The ECC is used
As the Wireless Body Area Network (WBAN) based to strengthen security. Through informal security analysis
application carries sensitive data of the patient and any using Burrow–Adabi–Needham (BAN) logic and fuzzy
incorrect data of the sensor reading into the server, it can extractor, their work has shown resistance against DOS
lead to severe wrong diagnostic by the doctor. Thereby, Wu attacks, MITM attacks, replay attacks and stolen smart card
et al. (2016) have proposed an anonymous authentication attacks.
scheme that provided mutual authentication and privacy To a wearable devices based application, Kumar et al.
preservation along with session key generation for data (2019) has proposed an ECC based authentication scheme.
encryption. Their work is in comparison with existing Wang They have verified their work using ProVerif tool and shown
and Zhang (2015), which showed a drawback in providing resistance against known attacks. As the user and the smart
an impersonation attack between adversary or a legal client devices communicate over the insecure communication
and another legal client. But the authentication proposed channel, the sensitive data that is traveling across the chan-
by Libing Wu et al. has not shown the resistance towards nel are subjected to security and privacy concerns. To avoid
eavesdropping and chosen-ciphertext attacks. such issues, Shuai et al. (2019) has proposed an anonymous
An inter-device authentication and session key sharing authentication system using ECC for smart home applica-
scheme is proposed by Park and Kang (2016). To overcome tions. Their scheme avoided the storage of verification tables
the drawbacks of the key distribution center (KDC) shar- for the authentication process and used a random number
ing the session keys to all the participants, they have made method to resist replay attack and resist clock synchroni-
each participant generate their own session keys. Thereby zation problems. They have performed security analysis
each device involving the network communication shall using the random oracle model and BAN logic. Also, the

13
8850 V. Rao, K. V. Prema

verification of the method is verified using ProVerif tool, theorem checking, proofs are established using higher-order
under which they were able to show secrecy of the session logic. Also, they have mentioned about few model checking
key and achieve mutual authentication successfully. tools like AVISPA, CryptoVerif, ProVerif and SCYTHER
To overcome the reusing of existing protocol for IoT as the second option for formal method analysis.
based applications, a CoAP based bootstrapping method is Rubin and Honeyman (1993) have used Meadow’s classi-
designed and implemented by Garcia-Carrillo and Marin- fication (Meadows 1992) of analysis to categorized the veri-
Lopez (2016). The Extensible Authentication Protocol fication model into four types. Type-I uses specific language
(EAP) and Authentication Authorization and Accounting and tools that are not designed for cryptographic protocols.
(AAA) technologies are used to ensure flexibility, scalability Type-II helps to develop a system that can be used by a
and accountability. They have compared the proposed design designer to develop and investigate different scenarios/cases.
by implementing it under Contiki and PANATIKI tools and Type-III use knowledge and belief strategy to analyze the
have analyzed the work under memory footprint, data pro- model logically. Lastly, Type-IV uses algebraic terms and
cessing time, message length, bootstrapping time and energy equations to rewrite the cryptographic system. Zhu (2003)
consumption. They are unable to check the proposed method has developed a scheme that provides the security of ECC
under real-time Low Power Wide Area Network, which has against the adaptive chosen message attack (ACMA). He
smaller message sizes and also security over post-bootstrap- has used decisional Diffie–Hellman assumption to prove the
ping is not shown. ACMA.
For the authentication of mobile-based communication Nam et al. (2014) have extended Bellare, Pointcheval and
Li (2012) had proposed a scheme with roaming services Rogaway (BPR) (Bellare et al. 2000) to evaluate the user
and user anonymity. However, an attacker could intercept anonymity property and two-factor security. They showed
the identity of a mobile user’s home agent, Chain et al. that their model could capture insider attacks, an offline dic-
(2016) have proposed an elliptic curve-based wireless tionary attack with security properties like authentication,
roaming anonymous login method that resolves the issues perfect forward secrecy, known-key security, session key
of Li’s scheme. They have used Burrows–Abadi–Needham and resistance against insider attack. The security properties
(BAN) logic for analyzing the security of their authentica- were proved using elliptic curve computation Diffie–Hell-
tion scheme. man (ECCDH) assumptions. Chen et al. (2015) have pro-
For smart meter based application, Garg et al. (2019) posed a two-way user authentication and secure session key
has proposed a mutual authentication based key exchange agreement scheme based on a self-certified public key sys-
mechanism using ECC. They have performed formal secu- tem. Through their formal security analysis, the proposed
rity analysis and proved the resistance against DoS attacks, scheme showed resistance towards attacks like impersona-
replay attacks, impersonation attacks. With mutual authen- tion, known-key security, masquerading, forward and back-
tication, the forward secrecy is also maintained. Further, the ward secrecy, MITM and replay attack.
security analysis is studied under two different categories.
Primarily, a study of existing authentication scheme under 9.2 Real‑time security analysis
theoretical proof is analyzed and later, a various real-time
testbed for performing attacks on a Raspberry Pi-based net- Featuring the rapid growth of smart cities, Al Barghuthi
work is briefed. et al. (2017) has made a study of how the increase in the
population of smart cities shall add to an increase in the
9.1 Theoretical security analysis security breach and damage the business by 2050. Thus, they
have proposed Kali Linux based vulnerability assessment
Over the past three decades, many security protocols, frame- and penetration testing solution using low-cost Raspberry
works, and technologies have been developed to evalu- Pi-3 devices. Through their results, it has been concluded
ate real-life security solutions for various networks and that Raspberry Pi 3 can be used as a machine to check the
domains. Matsuo et al. (2010) have proposed a framework vulnerability check similar to any traditional PC or laptop-
that includes protocol design and protocol certification. They based Kali Linux machine.
have studied various formal verification methods under three To replace the expensive and resource-intense devices
different categories; the first study is done under the capacity used for industrial vulnerability and assessment tests, Hu
of the method used, second is based on various skills needed et al. (2016) has proposed an automated vulnerability assess-
by the designer to evaluate, and lastly, a question-answer ment using OpenVAS and Raspberry Pi-3 device. They have
based security requirements. Using the inductive approach detailed methods for analyzing the vulnerability assessment
provided by Paulson (1998) has further sub-classified their of distributed architecture. They have made the study on var-
work under model checking and theorem proving. The iables like CPU temperature, CPU usage and CPU memory
model checking is a form of algorithm verification, and in of the device at the time of vulnerability assessment.

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8851

Visoottiviseth et al. (2017) have developed a GUI based Before modeling a threat, there are four questions to be
penetration testing tool called PENTOS used for IoT devices. answered and they are:
PENTOS runs on Kali Linux and is specifically designed
for the ethical hacking of wireless communication like 1 What are we building?
WiFi and Bluetooth. PENTOS enables the analysis of pass- • A detailed data flow diagram (DFD) is designed by
word attack, web attack and wireless attack that ensure to specifying various roles and responsibilities of each
gain access privilege of the various algorithms. They also participants.
have explained the Open Web Application Security Project 2 What can go wrong?
(OWASP) specified ten vulnerabilities of IoT applications. • The various possible threats are analyzed using meth-
Finally, they have given the recommendations for the secure ods available in STRIDE, PASTA, STRIKE or VAST.
deployment of the IoT environment. 3 What are we going to do about that?
Denis et al. (2016) have performed various penetration • Potential mitigation strategies against the threats are
testing using tools available on Kali Linux. They were able framed.
to set up a private network and generate attack reports and 4 Did we do a good job?
visualize the reports using Kali Linux tools. The attacks they • Once the mitigation are applied, the system is vali-
performed were hacking phones, MITM attack, smartphone dated for the stability and security against the threats.
penetration testing, spying, hacking phones Bluetooth, hack-
ing WPA protected and then hacked the remote PC using IP 10.1 Microsoft secure development lifecycle
and open ports. (microsoft SDL)
Liang et al. (2016) have experimented on different meth-
ods of doing DOS attack using Raspberry Pi based Kali Microsoft SDL was introduced in 2008 to ensure security
Linux. They have provided an attack framework and com- and privacy considerations throughout all the phases of the
pared various DOS attacks on their framework. They have development process. This helped developers to build highly
used Hping3 with random IP, SYN flood with sproofed IP secure software, addressing security compliance require-
and TCP connect flood tools. The comparison was made ments and reduce development costs. The core of Microsoft
under the parameters like CPU utilization, memory utility, SDL is threat modeling. The threat modeling helps in shap-
time for the success of an attack and packet loss rate. Mur- ing the application design and meet the security objectives
ray (2017) has proposed a forwarded looking approach for of the company by reducing the risk severity. The five major
a secure eHealth solution called HealthShare. That could steps of threat modeling involves (Fig. 8):
share data among various organizations that were hosting
the patient’s data over the cloud. He has provided detailed 1 Defining security requirements: To understand the eco-
steps as to conduction of MITM and DOS attack using tools system of the device, i.e., analysis of the ToE by fram-
like Ettercap, Pexpect, manual SET, threads using the timer ing various use-cases. In this process, the external and
and Nmap timer and Scapy. internal assets are identified.
2 Creating an application diagram: Here, a detailed data
flow diagram of the proposed ToE is framed with appro-
10 Threat modeling for smart applications

Threat model (TM) is a process of identifying the potential

threats, enumerating and prioritizing the threats and pro-
viding countermeasures to mitigate the threats. TM can be
applied to any platform of a working process like software,
application, networks, IoT devices or business processes.
(Shostack 2014) has summarized the reason to incorporate
the threat model in software development life cycle (SDLC)
as (1) to find the bugs at the earliest, (2) understanding the
security requirements, and (3) engineering and delivering
a better product. Basically, TM includes components like
Target-of-Evaluation(ToE) (a design or model of environ-
ment that need to be analyzed), a list of assumptions that can
be threat on ToE, a list of potential threats on ToE, possible
countermeasures towards the identified threats and verifica-
tion of Success (VoS), that validates the threat model. Fig. 8  Microsoft secure development life-cycle (SDL) using TMT

13
8852 V. Rao, K. V. Prema

priate trust boundaries and security requirements for The below section helps the user to customized his own tem-
each participant. plate on the default Microsoft SDL template.
3 Identifying the threats: Microsoft TMT follows STRIDE When the threat model section is selected with the appro-
based threat modeling where the threats are identified. priate template, a new window is open, which can be seen
Potential adversaries are identified under four categories in Fig. 10. By using Drawing area, a Data Flow Diagram
called remote software attacker, network attacker, mali- (DFD) can be built using the options available in Stencil
cious insider attacker and advance hardware attacker. sub-window located at the right corner of the window. This
4 Mitigate the threats: For the threat identified, relevant view is called as Design View. Every DFD must contain at
countermeasures are established. least each one of process, data flow direction, data storage,
5 Validating that threats have been mitigated: Finally, the internal inter-actors and trust boundaries from the stencil
verification of a threat model against the mitigation is sub-window.
performed to check the stability of the proposed system. Once the DFD is framed, the threats can be analyzed
using Analysis View tab as shown in Fig. 11. Under this
page, we can observe the threats that are identified by the
SDL template and also possible mitigation strategies are
10.2 STRIDE framework methodology displayed for the users conveniences based on the default
template definition. The user can scroll down the page to see
It is essential to develop a secure design for any software the threats and its severity level. When scrolled down, at the
application or system. Failing to do so may cost about 30 status box the message would be Not started, which means
times higher than estimated cost (Verheyden 2018). Hence the threat needs to be attended. Once the threat is handled,
threat modeling plays a vital role is the software develop- it can be changed to mitigated.
ment lifecycle. Among various threat modeling methods Figure 12 displays an HTM page of threat analysis report
like STRIDE, PASTA, VAST and STRIKE, STRIDE has generated by the TMT tool. It displays the summary of the
taken a major share among the industrial development pro-
cess (Bodeau et al. 2018; Meghanathan et al. 2010). Micro-
soft develops STRIDE as a part of its security development
lifecycle. STRIDE is an acronym for Spoofing, Tampering,
Repudiation, Information Disclosure, Denial of Service and
Elevation of privilege (Khan et al. 2017). The security prop-
erties and attack type associated with STRIDE are summa-
rized in Table 3 (Verheyden 2018).

10.3 Overview of threat modeling tool (TMT)

Microsoft TMT is used to analyze the design of a system

or an application in order to check for security risks and
provide a solution for the threat found. Figure 9 displays the
initial page of TMT when launched. This page has two sec-
tion, and the top section is used to create the threat model of
the user’s choice using the templates provided by Microsoft. Fig. 9  Microsoft TMT initial screen

Table 3  STRIDE threat model Threat Security property Definition

with associated security
properties Spoofing Authentication Unauthorized access
Using another user identity
Tampering Integrity Unauthorized information changes
Malicious modification
Repudiation Non-repudiation Denying to perform action
Information disclosure Confidentiality Unprivileged users gain access and compromises the system
Denial of service Availability Deny services to valid users
Threats to system availability and reliability
Elevation of privilege Authorization Exposure of information to individuals not suppose to access

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8853

As the IoT applications are deployed on resource-con-

strained devices, it is essential to design lightweight
cryptographic solutions. In this chapter, an overview of
existing lightweight authentication and data integrity
techniques are discussed.
• These current lightweight cryptographic solutions
majorly use hashing methods like message digest (MD5)
or variants of SHA hash functions. These existing hash
functions have complex rotational and XOR operations
that consume more resources on the device. An improved
hash function is introduced as a part of the proposed
work to reduce the resource consumption of the embed-
Fig. 10  Microsoft TMT design view
ded devices.
• The study has shown the various lightweight scheme are
based on elliptic curve cryptography (ECC) and these
ECC schemes use single and static elliptic curve parame-
ters for signature generation. These elliptic curve param-
eters are stored on embedded devices that are vulnerable
to node compromise attacks. To enhance the security of
every embedded device, we have proposed secure stor-
age at the node level. Also, to provide data security, a
dual elliptic curve based authentication and data integrity
schemes are proposed. From the literature, it is observed
that various cryptographic schemes are evaluated using
simulation tools and security of these schemes are ana-
Fig. 11  Microsoft TMT analysis view lyzed using various verification tools. The proposed work
is evaluated both under theoretical study and experimen-
tal environment for various real-time attacks.
• In IoT, the communications are between devices and the
server, or among the devices over the publically available
Internet infrastructure. Such communication involves the
frequent distribution of security keys from the key distri-
bution center (KDC) and issues of certificates for every
device across the Internet become a tedious job as there
are thousands of devices being added and removed from
the network. Thereby, the use of standard KDC or key
management servers is difficult among the growing IoT
applications.
• From the review, we have seen that various ECDSA and
ECIES based cryptographic solutions have been using
Fig. 12  Microsoft TMT sample .htm report page
single or static elliptic curve parameters which are stored
on the device and also, these devices are easily accessible
threats modeled with a detailed description of each partici- to the user who can be hackers too. Imbibing secret keys
pant and possible threats on the system with the severity or cryptographic parameters on the device shall lead to
level of each threat. node compromise attacks. Hence, securely storing the
default key values on the devices plays an important
research perspective to be addressed.
11 Research gaps • Providing authentication and data integrity using the
same algorithm has shown more computation and con-
Based on the review, following research gaps are identified. sumes a lot of devices power. Also, from the review, it
is observed that the same public and private values are
• Smart environment involving the Internet-of-Things (IoT) being used for both authentication and data integrity
solutions are vulnerable to data and privacy breaches. methods. But such a setup can easily be broken by the

13
8854 V. Rao, K. V. Prema

attacker if anyone set of keys is obtained using various Afianti F, Suryani T et al (2019) Lightweight and dos resistant mul-
attacks like MITM attacks, chosen cipher-text attacks, tiuser authentication in wireless sensor networks for smart grid
environments. IEEE Access 7:67107–67122
replay attacks. Such a scenario calls for the use of a dif- Ahemd MM, Shah MA, Wahid A (2017) IoT security: a layered
ferent set of PKC keys for different levels of security. approach for attacks and defenses. In: Communication tech-
• From the review, it has been seen that the security evalu- nologies (ComTech), 2017 international conference on, IEEE,
ation of the schemes are either done using a theoretical pp 104–110
Ahmed AA, Ahmed WA (2019) An effective multifactor authenti-
method or using simulation tools like AVISPA, ProV- cation mechanism based on combiners of hash function over
erif etc. But a real-time security evaluation is not done. internet of things. Sensors 19(17):3663
Thereby, a thorough theoretical and experimental secu- Al Barghuthi NB, Saleh M, Alsuwaidi S, Alhammadi S (2017) Eval-
rity analysis is needed. The mapping of experimental and uation of portable penetration testing on smart cities applica-
tions using raspberry pi III. In: 2017 fourth HCT information
theoretical security analysis helps to evaluate the pro- technology trends (ITT), IEEE, pp 67–72
posed security scheme for the real-time scalable network. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash
M (2015) Internet of things: a survey on enabling technolo-
gies, protocols, and applications. IEEE Commun Surv Tutor
17(4):2347–2376
Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet of
12 Conclusion Things security: a survey. J Netw Comput Appl 88:10–28. https​
://doi.org/10.1016/j.jnca.2017.04.002
Machine-to-machine communication plays a vital role in Aman MN, Chua KC, Sikdar B (2017a) Mutual authentication in IoT
systems using physical unclonable functions. IEEE Internet
both wired and wireless environments of IoT. In IoT, the Things J 4(5):1327–1340
devices are equipped with sensing and smaller computa- Aman MN, Chua KC, Sikdar B (2017b) Mutual authentication in
tional capabilities that are driven by energy constraints. IOT systems using physical unclonable functions. IEEE Inter-
These devices communicate among each other over publi- net Things J 4(5):1327–1340
Ammar M, Russello G, Crispo B (2018) Internet of Things: a survey
cally available communication. Thereby, these communica- on the security of IoT frameworks. J Inf Secur Appl 38:8–27.
tions are susceptible to various attacks. The major issue with https​://doi.org/10.1016/j.jisa.2017.11.002
such devices it maintains the privacy of users and data to Annor-Asante M, Pranggono B (2018) Development of smart
be transmitted unaltered. Hence, it is essential to maintain grid testbed with low-cost hardware and software for cyber-
security research and education. Wirel Personal Commun
authentication and data integrity. As these devices use a bat- 101(3):1357–1377
tery and have work for a longer period of time, it is impor- Atamli AW, Martin A (2014) Threat-based security analysis for the
tant to design cryptographic solutions that are lightweight internet of things. Secure Internet of Things (SIoT). Interna-
and secure. This study provides various authentication and tional workshop on, IEEE, pp 35–43
Aumasson JP, Henzen L, Meier W, Phan RCW (2008) SHA-3 pro-
data integrity based schemes that are suitable for resource- posal BLAKE. Submission to NIST. https​://doi.org/10.1093/
constrained devices of IoT. Also, the study describes the gmo/97815​61592​630.artic​le.o9042​47
Microsoft threat modeling tool (TMT) that can be used as Aumasson JP, Neves S, Wilcox-OHearn Z, Winnerlein C (2013)
a part of any secure development life cycle (SDLC) of IoT BLAKE2: simpler, smaller, fast as MD5. In: International
conference on applied cryptography and network security.
based applications. Springer, pp 119–135. https​: //doi.org/10.1007/978-3-642-
38980​-1_8
Babar S, Stango A, Prasad N, Sen J, Prasad R (2011) Proposed embed-
Compliance with ethical standards ded security framework for Internet-of-Things. In: Wireless
communication, vehicular technology, information theory and
aerospace and electronic systems technology (Wireless VITAE),
Conflict of interest First author, Vidya Rao declares that she has no
2011 2nd international conference, IEEE, pp 1–5
conflict of interest. Prema K.V., the second author, declares that she
Bai TDP, Rabara SA, Jerald AV (2015) Elliptic curve cryptography
has no conflict of interest.
based security framework for Internet of Things and cloud com-
puting. In: Conference on recent advances on computer engineer-
Ethical approval This article does not contain any studies with human
ing by WSEAS, pp 65–73. https:​ //doi.org/10.1109/wccct.​ 2016.20
participants or animals performed by any of the authors.
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key
exchange secure against dictionary attacks. In: International
conference on the theory and applications of cryptographic tech-
niques. Springer, pp 139–155
Bernstein DJ, Lange T, et al (2013) Safecurves: choosing safe curves
References for elliptic-curve cryptography. http://safecurvescrypto
Bodeau D, McCollum C, Fox D (2018) Cyber threat modeling: survey,
Abomhara M, Kien G (2015) Cyber security and the Internet-of- assessment, and representative framework. The Mitre Corpora-
Things: vulnerabilities, threats, intruders and attacks. J Cyber tion, HSSEDI, Bedford
Secur 4:65–88 Camtepe SA, Yener B (2004) Combinatorial design of key distribution
Abomhara M, Køien GM (2014) Security and privacy in the Internet- mechanisms for wireless sensor networks. In: European sympo-
of-Things: Current status and open issues, pp 1–8 sium on research in computer security. Springer, pp 293–308

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8855

Center CSR (2018) Hash functions. https:​ //csrc.nist.gov/Projec​ ts/Hash- International workshop on cryptographic hardware and embed-
Funct​ions ded systems. Springer, pp 119–132. https:​ //doi.org/10.1007/978-
Chain K, Kuo WC, Cheng JC (2016) A novel mobile communications 3-540-28632​-5_9
authentication scheme with roaming service and user anonymity. Hafsa Tahir AK, Junaid M (2016) Internet-of-Things (IoT): an over-
Appl Sci 6(12):393 view of applications and security issues regarding implementa-
Chen H, Ge L, Xie L (2015) A user authentication scheme based on tion. Int J Multidiscip Sci Eng 7(1):14–22
elliptic curves cryptography for wireless ad hoc networks. Sen- Hao Y (2014) The boomerang attacks on Blake and Blake2. In: Inter-
sors 15(7):17057–17075 national conference on information security and cryptology.
Chen Y, Martínez JF, Castillejo P (2017) López L (2017) A privacy Springer, pp 286–310
protection user authentication and key agreement scheme tailored He D, Zeadally S (2015) An analysis of RFID authentication schemes
for the Internet of Things environment: PriAuth. Wirel Commun for Internet-of-Things in healthcare environment using elliptic
Mob Comput curve cryptography. IEEE Internet Things J 2(1):72–83
Chung Y, Choi S, Won D (2015) Anonymous authentication scheme Hu F (2016) Security and privacy in Internet of Things (IoTs): models,
for intercommunication in the Internet of Things environments. algorithms, and implementations. CRC Press, London. https​://
Int J Distrib Sens Netw 11(11):305785 doi.org/10.1201/b1951​6
Chung Y, Choi S, Lee Y, Park N, Won D (2016) An enhanced light- Hu Y, Sulek D, Carella A, Cox J, Frame A, Cipriano K (2016) Employ-
weight anonymous authentication scheme for a scalable localiza- ing miniaturized computers for distributed vulnerability assess-
tion roaming service in Wireless Sensor Networks. Multidiscip ment. In: 2016 11th international conference for internet technol-
Digit Publ Inst Sens 16(10):1653 ogy and secured transactions (ICITST), IEEE, pp 57–61
Conti M, Dragoni N, Lesyk V (2016) A survey of Man In The Middle Jansma N, Arrendondo B (2004) Performance comparison of elliptic
attacks. IEEE Commun Surv Tutor 18(3):2027–2051 curve and RSA digital signatures. nicj net/files
Da Xu L, He W, Li S (2014) Internet of Things in industries: a survey. Jia X, He D, Kumar N, Choo KKR (2018) Authenticated key agreement
IEEE Trans Ind Inf 10(4):2233–2243 scheme for fog-driven IoT healthcare system. Wirel Netw. https​
Dang TK, Pham CD, Nguyen TL (2020) A pragmatic elliptic curve ://doi.org/10.1007/s1127​6-018-1759-3
cryptography-based extension for energy-efficient device-to- Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the Inter-
device communications in smart cities. Sustain Cities Soc net of Things: perspectives and challenges. Springer Wirel Netw
20:102097 20(8):2481–2501
Denis M, Zena C, Hayajneh T (2016) Penetration testing: concepts, John AL, Thampi SM (2016) Mutual authentication based on HECC
attack methods, and defense strategies. In: 2016 IEEE long island for RFID implant systems. In: International symposium on secu-
systems, applications and technology conference (LISAT), IEEE, rity in computing and communication. Springer, pp 18–29
pp 1–6 Kang D, Jung J, Mun J, Lee D, Choi Y, Won D (2016) Efficient and
Dhillon PK, Kalra S (2017) Secure multi-factor remote user authentica- robust user authentication scheme that achieve user anonymity
tion scheme for internet of things environments. Int J Commun with a Markov chain. Secur Commun Netw 9(11):1462–1476
Syst 30(16):e3323 Khan R, McLaughlin K, Laverty D, Sezer S (2017) Stride-based threat
Djellali B, Belarbi K, Chouarfia A, Lorenz P (2015) User authentica- modeling for cyber-physical systems. In: 2017 IEEE pes innova-
tion scheme preserving anonymity for ubiquitous devices. Secu- tive smart grid technologies conference Europe (ISGT-Europe),
rity and Communication Networks 8(17):3131–3141 IEEE, pp 1–6
Dworkin MJ (2015) Sha-3 standard: permutation-based hash and Kim J, Moon J, Jung J, Won D (2016a) Security analysis and improve-
extendable-output functions. Tech. rep. https​://www.nist.gov/ ments of session key establishment for clustered sensor networks.
publi​catio​ns/sha-3-stand​ard-permu​tatio​n-based​-hash-and-exten​ J Sens 20:20
dable​-outpu​t-funct​ions Kim J, Moon J, Jung J, Won D (2016b) Security analysis and improve-
ECRYPT I (2012) Yearly report on algorithms and keysizes. ECRYPT ments of session key establishment for clustered sensor networks.
II Network of Excellence (NoE), funded within the Information J Sens 20:20
Societies Technology (IST) Programme of the European Com- Kim KW, Han YH, Min SG (2017) An authentication and key man-
missions Seventh Framework Programme (FP7) agement mechanism for resource constrained devices in IEEE
Farash Sabzinejad M (2014) Cryptanalysis and improvement of an 802.11-based IoT access networks. Sensors 17(10):2170
efficient mutual authentication RFID scheme based on elliptic Kumar P, Gurtov A, Iinatti J, Sain M, Ha PH (2016) Access control
curve cryptography. J Supercomput 70(2):987–1001 protocol with node privacy in Wireless Sensor Networks. IEEE
Fu A, Song J, Li S, Zhang G, Zhang Y (2016) A privacy-preserving Sens J 16(22):8142–8150
group authentication protocol for machine-type communication Kumar D, Grover HS et al (2019) A secure authentication protocol
in lte/lte-a networks. Secur Commun Netw 9(13):2002–2014 for wearable devices environment using ECC. J Inf Secur Appl
Garcia-Carrillo D, Marin-Lopez R (2016) Lightweight coap-based 47:8–15
bootstrapping service for the internet of things. Sensors Lauter K (2004) The advantages of elliptic curve cryptography for
16(3):358 wireless security. IEEE Wirel Commun 11(1):62–67
Garg S, Kaur K, Kaddoum G, Rodrigues JJ, Guizani M (2019) Secure Lavanya M, Natarajan V (2017) LWDSA: light-weight digital signature
and lightweight authentication scheme for smart metering infra- algorithm for wireless sensor networks. Sādhanā 42(10):1629–
structure in smart grid. IEEE Trans Ind Inform 20:20 1643. https​://doi.org/10.1007/s1204​6-017-0718-5
Gayoso Martínez V, Hernández Álvarez F, Hernández Encinas L, Le XH, Lee S, Butun I, Khalid M, Sankar R, Kim M, Han M, Lee
Sánchez Ávila C (2011) Analysis of ECIES and other crypto- YK, Lee H (2009) An energy-efficient access control scheme for
systems based on elliptic curves. Machine Intelligence Research wireless sensor networks based on elliptic curve cryptography. J
Labs. https​://www.resea​rchga​te.net/publi​catio​n/25597​0196 Commun Netw 11(6):599–606
Glissa G, Rachedi A, Meddeb A (2016) (2016) A secure routing proto- Lee J, Sung Y, Park JH (2016) Lightweight sensor authentication
col based on RPL for Internet of Things. Global communications scheme for energy efficiency in ubiquitous computing environ-
conference (GLOBECOM). IEEE, IEEE, pp 1–7 ments. Sensors 16(12):2044
Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Compar- Lenstra AK, Verheul ER (2001) Selecting cryptographic key sizes.
ing elliptic curve cryptography and RSA on 8-bit CPUs. In: Springer J Cryptol 14(4):255–293

13
8856 V. Rao, K. V. Prema

Li CT (2012) A more secure and efficient authentication scheme with conference, CNSA 2010, Chennai, India, July 23–25, 2010 Pro-
roaming service and user anonymity for mobile communications. ceedings, vol 89. Springer, Berlin
Inf Technol Control 41(1):69–76 Meier AV (2005) The Elgamal cryptosystem. http://wwwma​yr.in.tum.
Li F, Xiong P (2013) Practical secure communication for integrating de/konfe​renze​n/Jass0​5 /cours​es /1/paper​s/meier​/paper​.pdf
wireless sensor networks into the Internet-of-Things. IEEE Sens Miller VS (1985) Use of elliptic curves in cryptography. In: Confer-
J 13(10):3677–3684 ence on the theory and application of cryptographic techniques.
Li D, Aung Z, Williams J, Sanchez A (2014) P3: privacy preservation Springer, pp 417–426. https​://doi.org/10.1007/3-540-39799​
protocol for automatic appliance control application in smart -X_31
grid. IEEE Internet Things J 1(5):414–429 Mössinger M, Petschkuhn B, Bauer J, Staudemeyer RC, Wójcik M,
Li N, Liu D, Nepal S (2017) Lightweight mutual authentication for IoT Pöhls HC (2016) Towards quantifying the cost of a secure IoT:
and its applications. IEEE Trans Sustain Comput 2(4):359–370 overhead and energy consumption of ECC signatures on an arm-
Li W, Liao L, Gu D, Li C, Ge C, Guo Z, Liu Y, Liu Z (2018) Cipher- based device. In: World of wireless, mobile and multimedia net-
text-only fault analysis on the led lightweight cryptosystem works (WoWMoM), 2016 IEEE 17th international symposium
in the internet of things. IEEE Trans Depend Secure Comput on A, IEEE, pp 1–6
16(3):454–461 Murray R (2017) A raspberry pi attacking guide
Liang L, Zheng K, Sheng Q, Huang X (2016) A denial of service attack Nam J, Kim M, Paik J, Lee Y, Won D (2014) A provably-secure ECC-
method for an IOT system. In: 2016 8th international conference based authentication scheme for wireless sensor networks. Sen-
on information technology in medicine and education (ITME), sors 14(11):21023–21044
IEEE, pp 360–364 Nawir M, Amir A, Yaakob N, Lynn OB (2016) Internet of things (IoT):
Lin SC, Wen CY, Sethares WA (2018) Two-tier device-based authen- taxonomy of security attacks. In: Electronic design (ICED), 2016
tication protocol against PUEA attacks for IoT applications. 3rd international conference on, IEEE, pp 321–326
IEEE Trans Signal Inf Process Netw 4(1):33–47. https​://doi. NIST (2018) SHA-3 standardization. https​://csrc.nist.gov/proje​cts/
org/10.1109/TSIPN​.2017.27237​61 hash-funct​ions/sha-3-stand​ardiz​ation​
Liu A, Ning P (2008) TinyECC: A configurable library for elliptic Pan W, Zheng F, Zhao Y, Zhu WT, Jing J (2017) An efficient ellip-
curve cryptography in wireless sensor networks. In: Proceedings tic curve cryptography signature server with GPU acceleration.
of the 7th international conference on Information processing in IEEE Trans Inf Forensics Secur 12(1):111–122
sensor networks, IEEE Computer Society, pp 245–256. https​:// Park N, Kang N (2016) Mutual authentication scheme in secure internet
doi.org/10.1109/ipsn.2008.47 of things technology for comfortable lifestyle. Sensors 16(1):20
Liu G, Quan W, Cheng N, Zhang H, Yu S (2019a) Efficient ddos attacks Parrilla L, Castillo E, López-Ramos JA, Álvarez-Bermejo JA, García
mitigation for stateful forwarding in internet of things. J Netw A, Morales DP (2018) Unified compact ECC-AES co-processor
Comput Appl 130:1–13 with group-key support for IoT devices in wireless sensor net-
Liu J, Ren A, Zhang L, Sun R, Du X, Guizani M (2019b) A novel works. Sensors 18(1):251
secure authentication scheme for heterogeneous internet of thing. Paulson LC (1998) The inductive approach to verifying cryptographic
CoRR abs/1902.03562 protocols. J Comput Secur 6(1–2):85–128
Lu R, Heung K, Lashkari AH, Ghorbani AA (2017) A lightweight Peng L, Ru-chuan W, Xiao-yu S, Long C (2013) Privacy protection
privacy-preserving data aggregation scheme for fog computing- based on key-changed mutual authentication protocol in Inter-
enhanced IoT. IEEE Access 5:3302–3312 net-of-Things. China conference wireless sensor networks, pp
Luhach AK et al (2016) Analysis of lightweight cryptographic solu- 345–355
tions for Internet-of-Things. Indian J Sci Technol 9:28 Pereira GC, Puodzius C, Barreto PS (2016) Shorter hash-based signa-
Mahmood K, Chaudhry SA, Naqvi H, Shon T, Ahmad HF (2016) A tures. J Syst Softw 116:95–100
lightweight message authentication scheme for smart grid com- Preneel B (2010) The first 30 years of cryptographic hash func-
munications in power sector. Comput Electr Eng 52:114–124 tions and the NIST SHA-3 competition. Cryptographers track
Mahmood Z, Ning H, Ullah A, Yao X (2017) Secure authentication at the RSA conference. Springer, Berlib, pp 1–14. https​://doi.
and prescription safety protocol for telecare health services using org/10.1007/978-3-642-11925​-5_1
ubiquitous iot. Appl Sci 7(10):1069 Qiu Y, Ma M (2016) A mutual authentication and key establishment
Mahmoud MM, Mišić J, Akkaya K, Shen X (2015) Investigating pub- scheme for m2m communication in 6lowpan networks. IEEE
lic-key certificate revocation in smart grid. IEEE Internet Things Trans Ind Inf 12(6):2074–2085
J 2(6):490–503 Rahaman O (2017) Data and information security in modern world by
Matsuo S, Miyazaki K, Otsuka A, Basin D (2010) How to evaluate the using elliptic curve cryptography. Comput Sci Eng 7(2):29–44
security of real-life cryptographic protocols? In: International Rahman AU, Ullah I, Naeem M, Anwar R, ul Amin N, Khattak H,
conference on financial cryptography and data security. Springer, Ullah S (2018) A lightweight multi-message and multi-receiver
pp 182–194 heterogeneous hybrid signcryption scheme based on hyper ellip-
Mazumder R, Miyaji A, Su C (2017) A simple authentication encryp- tic curve. Int J Adv Comput Sci Appl 9(5):160–167. https​://doi.
tion scheme. Concurr Comput Pract Exp 29(16):e4058 org/10.14569​/ijacs​a.2018.09052​0,
McAndrew A (2016a) Introduction to cryptography with open-source Reddy AG, Yoon EJ, Das AK, Yoo KY (2016) Lightweight authentica-
software tion with key-agreement protocol for mobile network environ-
McAndrew A (2016b) Introduction to cryptography with open-source ment using smart cards. IET Inf Secur 10(5):272–282
software. CRC Press, New York. https​://doi.org/10.1201/97814​ Roy A, Karforma S (2012) A survey on digital signatures and its appli-
39825​716 cations. J Comput Inf Technol 3(1):45–69
McGrath MJ, Scanaill CN (2013) Sensor technologies: healthcare. Roy S, Khatwani C (2017) Cryptanalysis and improvement of ECC
Apress, wellness and environmental applications based authentication and key exchanging protocols. Cryptogra-
Meadows C (1992) Applying formal methods to the analysis of a key phy 1(1):9
management protocol. J Comput Secur 1(1):5–35 Rubin AD, Honeyman P (1993) Formal methods for the analysis of
Meghanathan N, Boumerdassi S, Chaki N, Nagamalai D (2010) Recent authentication protocols. Tech. rep, Center for Information Tech-
trends in network security and applications: third international nology Integration

13
A review on lightweight cryptography for Internet‑of‑Things based applications 8857

Saxena N, Grijalva S, Chaudhari NS (2016) Authentication protocol international conference on security and management (SAM), pp
for an IoT-enabled LTE network. ACM Trans Internet Technol 261–262. https​://csce.ucmss​.com/cr/books​/2017/LFS /CSREA​
16(4):1–20 2017/SAM97​60.pdf
SEC S (2000) Sec 2: recommended elliptic curve domain parameters. Wang J, Li J, Wang H, Zhang LY, Cheng LM, Lin Q (2018) Dynamic
Standards for Efficient Cryptography Group, Certicom Corp. scalable elliptic curve cryptographic scheme and its applica-
https​://www.secg.org/SEC2-Ver-1.0.pdf tion to in-vehicle security. IEEE Internet Things J. https​://doi.
Shivraj V, Rajan M, Singh M, Balamuralidhar P (2015) One time pass- org/10.1109/JIOT.2018.28698​72.https​://ieeex​plore​.ieee.org/
word authentication scheme based on elliptic curves for Internet- docum​ent/84635​02
of-Things (IoT). IEEE, pp 1–6 Wang WC, Yona Y, Wu Y, Diggavi SN, Gupta P (2019) Slate: a secure
Shostack A (2014) Threat modeling: designing for security. Wiley, lightweight entity authentication hardware primitive. IEEE Trans
Oxford Inf Forensics Secur 15:276–285
Shuai M, Yu N, Wang H, Xiong L (2019) Anonymous authentica- Wazid M, Das AK, Odelu V, Kumar N, Conti M, Jo M (2018) Design
tion scheme for smart home environment with provable security. of secure user authenticated key management protocol for
Comput Secur 86:132–146 generic IoT networks. IEEE Internet Things J 5(1):269–282
Silverman JH (2009) The arithmetic of elliptic curves, vol 106. Wenger E (2013) Hardware architectures for MSP430-based wireless
Springer. https​://doi.org/10.1007/978-0-387-09494​-6. https​:// sensor nodes performing elliptic curve cryptography. In: Interna-
link.sprin​ger.com/book/10.1007/978-0-387-09494​-6 tional conference on applied cryptography and network security.
Srinivas J, Mukhopadhyay S, Mishra D (2017) Secure and efficient Springer, pp 290–306. https​://doi.org/10.1007/978-3-642-38980​
user authentication scheme for multi-gateway wireless sensor -1_18
networks. Ad Hoc Netw 54:147–169. https​://doi.org/10.1016/j. Wu L, Zhang Y, Li L, Shen J (2016) Efficient and anonymous authen-
adhoc​.2016.11.002 tication scheme for wireless body area networks. J Med Syst
Stallings W (2006) Cryptography and network security: principles and 40(6):134
practices. Pearson Education India, New York Zeinab KAM, Elmustafa SAA (2017) Internet of Things applications,
Styger E IoT security and the transport security layer. https://dzone. challenges and related future technologies. World Sci News
com/articles/iot-and-the-transport-security-layer 2(67):126–148
Tan H, Ma M, Labiod H, Boudguiga A, Zhang J, Chong PHJ (2016) Zhang Z, Qi Q (2014) An efficient RFID authentication protocol to
A secure and authenticated key management protocol (SA- enhance patient medication safety using elliptic curve cryptog-
KMP) for vehicular networks. IEEE Trans Veh Technol raphy. J Med Syst 38(5):47
65(12):9570–9584 Zhao D, Peng H, Li L, Yang Y (2014) A secure and effective anony-
Tiwari HD, Kim JH (2018) Novel method for DNA-based elliptic curve mous authentication scheme for roaming service in global mobil-
cryptography for IoT devices. ETRI J 40(3):396–409. https:​ //doi. ity networks. Wirel Pers Commun 78(1):247–269
org/10.4218/etrij​.2017-0220 Zhao Z (2014) A secure RFID authentication protocol for healthcare
Tomar A, Dhar J (2019) An ECC based secure authentication and key environments using elliptic curve cryptosystem. J Med Syst
exchange scheme in multi-server environment. Wirel Pers Com- 38(5):46
mun 107(1):351–372 Zheng Y (1997) Digital signcryption or how to achieve cost (signa-
Verheyden L (2018) Effectiveness of threat modelling tools. Master ture and encryption) cost (signature) plus cost (encryption). In:
Thesis. https​://lib.ugent​.be/fullt​xt/RUG01​/002/508/960/ RUG01​ Springer annual international cryptology conference. Springer,
-00250​8960_2018_0001_AC.pdf pp 165–179
Vermesan O, Friess P (2014) Internet of things-from research and inno- Zhu H (2003) A practical elliptic curve public key encryption scheme
vation to market deployment, vol 29. River Publishers, Aalborg provably secure against adaptive chosen-message attack. IACR
Visoottiviseth V, Akarasiriwong P, Chaiyasart S, Chotivatunyu S Cryptol ePrint Arch 2003:87
(2017) PENTOS: penetration testing tool for internet of thing Zolanvari M, Jain R (2015) IoT security: a survey
devices. In: TENCON 2017-2017 IEEE Region 10 conference,
IEEE, pp 2279–2284 Publisher’s Note Springer Nature remains neutral with regard to
Wang C, Zhang Y (2015) New authentication scheme for wireless body jurisdictional claims in published maps and institutional affiliations.
area networks using the bilinear pairing. J Med Syst 39(11):136
Wang J, Cheng LM (2017) Dynamic scalable ECC scheme and its
application to encryption workflow design. In: Proceedings of the

13