Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Review of Encryption Techniques in IoT Devices
Ahmet Furkan Aydogan, Cihan Varol, Amar Rasheed, Narasimha Karpoor Shashidhar
Pages - 17 - 37     |    Revised - 31-03-2023     |    Published - 30-04-2023
Volume - 14   Issue - 1    |    Publication Date - April 2023  Table of Contents
MORE INFORMATION
KEYWORDS
Symmetric Encryption, Asymmetric Encryption, Hybrid Encryption, Lightweight Encryption, Authenticated Encryption with Associated Data (AEAD), Post-quantum encryption, IoT Security, IoT Encryption.
ABSTRACT
IoT devices are now frequently used in living spaces, education systems, military, police surveillance mechanisms and critical government systems. At the same time, cyberattacks against IoT devices are on the rise. The main element of protecting IoT security is encryption methods. However, it is difficult to say that each of the encryption methods with dozens of different approaches can provide security for IoT devices. This study examines symmetric, asymmetric, hybrid, lightweight, Authenticated Encryption with Associated Data (AEAD) and postquantum encryptions, which are among the encryption methods used to ensure IoT security. In addition, the study has a wide examination of the differences, advantages, disadvantages, complexity and costs between the mentioned methods. Finally, the study conveys the results of the examined encryption methods against popular attack methods. Our study reveals that while a small portion of current IoT encryption methods uses asymmetric or symmetric encryption methods, hybrid and lightweight encryption techniques make up most of the remaining work. Although lightweight methods have been getting popular in the IoT field, it does not create a balance between cost and security, unlike hybrid encryption methods.
Agren, M., & al., E. (2011). Grain-128a: A New Version of Grain-128 With Optional Authentication. International Journal of Wireless and Mobile Computing, 5(1), 48. doi:10.1504/ijwmc.2011.044106
Ajtai, M. (1996). Generating Hard Instances of Lattice Problems (Extended Abstract). Symposium on the Theory of Computing. doi:10.1145/237814.237838
Alrawi, O., & Others. (2019, May). SoK: Security Evaluation of Home-Based IoT Deployments. 2019 IEEE Symposium on Security and Privacy (SP). doi:10.1109/sp.2019.00013
Avast, P. (2019b). Avast Highlights the Threat Landscape for 2019.
Avast. (2019a). Avast Smart Home Security Report 2019.
Bamiduro, W. (2018). Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018. Gartner.
Bao, Z., Wang, L., Guo, J., Wang, L., & Wu, W. (2019). PHOTON-Beetle Authenticated Encryption and Hash Family, Submission to the NIST Lightweight Cryptography Standardization Process.
Beierle, C. (2020). Lightweight AEAD and Hashing Using the Sparkle Permutation Family. IACR Transactions on Symmetric Cryptology. Retrieved from https://tosc.iacr.org/index.php/ToSC/article/view/8467.
Belguith, S., & Others. (2018). PU-ABE: Lightweight Attribute-Based Encryption Supporting Access Policy Update for Cloud Assisted IoT. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). doi:10.1109/cloud.2018.00137.
Bellare, M., Rogaway, P., & Wagner, D. (2003). A conventional authenticated-encryption mode. manuscript, April.
Bellare, M., Rogaway, P., & Wagner, D. (2004). Breaking and provably repairing the SSH authenticated encryption scheme. ACM Transactions on Information and System Security (TISSEC), 7(2), 206–241. doi:10.1145/996943.996945.
Berlekamp, E. (1973). Goppa codes. IEEE Transactions on Information Theory, 19(5), 590–592.
Bertoni, G., Daemen, J., Peeters, M., & Van Assche, G. (2012). Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. Selected Areas in Cryptography, 320–337. Springer.
Binance Academy, (2018). Symmetric Vs. Asymmetric Encryption. Retrieved from https://academy.binance.com/en/articles/symmetric-vs-asymmetric-encryption
Brown, A. (2017). Sonos and Bose Speakers Can Be Remotely Hijacked, Is YOUR Speaker Safe? Express. Co. Uk.
California Legislative Information (2018). SB-327 Information Privacy: Connected Devices. Retrieved from https://legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
Castryck, W., & Decru, T. (2022). An efficient key recovery attack on SIDH (preliminary version). Cryptology EPrint Archive, 2022, 1–13. Retrieved from https://eprint.iacr.org/2022/073.pdf
Chandu, Y., & Others. (2017). Design and Implementation of Hybrid Encryption for Security of IOT Data. 2017 International Conference on Smart Technologies for Smart Nation (SmartTechCon). doi:10.1109/smarttechcon.2017.8358562
Chang, Z. (2020). IoT Device Security Locking Out Risks and Threats to Smart Homes. Trend Micro Research.
Chaudhry, S. (2018). An Encryption-based Secure Framework for Data Transmission in IoT. 2018 7th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). doi:10.1109/icrito.2018.8748523
Constantin, L. (2016). Update Your Belkin WeMo Devices Before They Become Botnet Zombies. Computerworld.
Constantin, L. (2017). Researchers Find Vulnerability in Smart Home Control Apps. Retrieved from https://www.pcworld.com/article/3223737/researchers-find-vulnerability-in-smart-home-control-apps.html
Consumer Reports (2018). Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds. Consumer Reports.
Costello, C., Longa, P., & Naehrig, M. (2016). Efficient Compression of SIDH Public Keys. Retrieved from https://eprint.iacr.org/2016/963.pdf
Crane, C. (2021). Block Cipher Vs Stream Cipher: What They Are and How They Work.
Daddala, B., & Others. (6 2017). Design and Implementation of a Customized Encryption Algorithm for Authentication and Secure Communication Between Devices. 2017 IEEE National Aerospace and Electronics Conference (NAECON). doi:10.1109/naecon.2017.8268781
Davis, D. B. (2019). ISTR 2019: Internet of Things Cyber Attacks Grow More Diverse. Symantec.
Denis, S. T. (2007). Cryptography for Developers. Syngress.
Farooq, M., & Others. (2015). A Critical Analysis on the Security Concerns of Internet of Things (IoT). International Journal of Computer Applications, 111(7), 1–6. doi:10.5120/19547-1280
Federal Trade Commission. (2015). Internet of Things Privacy and Security in a Connected World.
Fischer, M., & Others. (3 2019). Using Attribute-Based Encryption on IoT Devices With Instant Key Revocation. 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). doi:10.1109/percomw.2019.8730784
Fruhlinger, J. (2018). The Mirai Botnet Explained: How Teen Scammers and CCTV Cameras Almost Brought Down the Internet.
García, L. C. C. (2005). On the security and the efficiency of the Merkle signature scheme. Retrieved from Cryptology ePrint Archive website: https://eprint.iacr.org/2005/192.pdf
Garey, M. R., & Johnson, D. S. (1979). Computers and Intractability: A Guide to the Theory of NP-completeness. W.H. Freeman.
Gatlan, S. (2019). Medical IoT Devices With Outdated Operating Systems Exposed to Hacking. BleepingComputer.
Graham, J. (2018). Your Smart TV May Be Prey for Hackers and Collecting More Info Than You Realize, ‘Consumer Reports’ Warns.
Gunathilake, N. A., & Others. (2019). Next Generation Lightweight Cryptography for Smart IoT Devices:?: Implementation, Challenges and Applications. 2019 IEEE 5th World Forum on Internet of Things (WF-IoT). doi:10.1109/wf-iot.2019.8767250
Guo, J., Peyrin, T., & Poschmann, A. (2011). The PHOTON Family of Lightweight Hash Functions. Advances in Cryptology--CRYPTO 2011, 222–239. Springer.
Hell, M., & al., E. (2019). Grain-128AEADv2-A lightweight AEAD stream cipher. Information Technology.
Hell, M., Johansson, T., Maximov, A., Meier, W., Müller, F., & Robshaw, M. (2007). Grain: A Stream Cipher for Constrained Environments. International Journal of Wireless and Mobile Computing, 2(1), 86. doi:10.1504/ijwmc.2007.013798
Henriques, M. S., & Vernekar, N. K. (5 2017). Using Symmetric and Asymmetric Cryptography to Secure Communication Between Devices in IoT. 2017 International Conference on IoT and Application (ICIOT). doi:10.1109/iciota.2017.8073643
Hoffstein, J., Pipher, J., & Silverman, J. H. (1998). NTRU: A Ring-based Public Key Cryptosystem. Lecture Notes in Computer Science, 1423, 267–288. doi:10.1007/bfb0054868
Hollister, S. (2019). No, Nest Cams Are Not Being Hacked to Issue Fake Nuclear Bomb Threats.
Hussain, I., & Others. (8 2018). Proposing an Encryption/ Decryption Scheme for IoT Communications Using Binary-bit Sequence and Multistage Encryption. 2018 7th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). doi:10.1109/icrito.2018.8748293
Ibrahim, N., & Others. (2019). Hybrid Cryptosystem for Preserving Data Privacy in IoT Application. IOSR Journal of Mobile Computing & Application (IOSR-JMCA), 6(3), 1–8. doi:10.9790/0050-06030108
Insights, F. B. (2019). Internet of Things Market Size, Growth IoT Industry Report 2026.
Jian, M.-S., & Others. (2 2019). Internet of Things (IoT) Cybersecurity Based on the Hybrid Cryptosystem. 2019 21st International Conference on Advanced Communication Technology (ICACT). doi:10.23919/icact.2019.8701957
Journal, T. (2017). Lightweight Cryptography Applicable to Various IoT Devices. NEC.
Katagi, M., & Moriai, S. (2008). Lightweight cryptography for the internet of things. Sony Corporation 2008, 7–10.
Khomlyak, O. (2017). An Investigation of Lightweight Cryptography and Using the Key Derivation Function for a Hybrid Scheme for Security in IoT. Blekinge Institute of Technology.
Kinast. (2017). Talking Doll Deemed to Be ‘Concealed Listening Device’.
Kumar, M., & Others. (2016). Lightweight Data Security Model for IoT Applications: A Dynamic Key Approach. 2016 IEEE International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). doi:10.1109/ithings-greencom-cpscom-smartdata.2016.100
Lamport, L. (2018). Constructing Digital Signatures From a One Way Function. Microsoft Research. Retrieved from https://www.microsoft.com/en-us/research/publication/constructing-digital-signatures-from-a-one-way-function/
Latest Hacking News (2019). LIFX IoT Smart Light Bulb Hacked in Under an Hour. Cyber Security News, Hacking Tools and Penetration Testing Courses.
Library of Congress, (2020). H.R.1668 - 116th Congress (2019-2020): IoT Cybersecurity Improvement Act of 2020. Retrieved from https://www.congress.gov/bill/116th-congress/house-bill/1668
Lodge, D. (2020). Hijacking Philips Hue. Pen Test Partners.
Lyubashevsky, V., Peikert, C., & Regev, O. (2012). On ideal lattices and learning with errors over rings. Advances in Cryptology--EUROCRYPT 2010, 1–23. Retrieved from https://eprint.iacr.org/2010/119.pdf
Makwana, S. (8 2017). An Application of Homomorphic Encryption on IoT Based Green House. 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS). doi:10.1109/icecds.2017.8389949
McEliece, R. J. (1978). A public-key cryptosystem based on algebraic coding theory. Coding Thv 4244, 114–116.
Merkle, R. C. (1979). Secrecy, authentication, and public key systems.
Mohananthini, N., & Others. (2020). Lightweight Image Encryption: A Chaotic ARX Block Cipher. Journal of Circuits, Systems and Computers, 30(02), 2150026. doi:10.1142/s0218126621500262
Muhammad, N., & Others. (2019). Conceptual Framework for Lightweight Ciphertext Policy-Attribute Based Encryption Scheme for Internet Of Things Devices. Malaysian Journal of Computing, 4(1), 237. doi:10.24191/mjoc.v4i1.6107
Munro, K. (2022). IoT Encryption: The Challenge of Missing Entropy. Pen Test Partners.
Nagpal, S., & Others. (2019). A New Method for Modifying Blowfish Algorithm for IoT. International Journal of Innovative Technology and Exploring Engineering, 8(9S), 331–334. doi:10.35940/ijitee.i1053.0789s19
Naif, J. R., & Others. (2019). Secure IoT System Based on Chaos-Modified Lightweight AES. 2019 International Conference on Advanced Science and Engineering (ICOASE). doi:10.1109/icoase.2019.8723807
Nedbal, M. (2018). IoT Insecurity: 6 Common Attacks and How to Protect Customers. Channel Futures.
Netscout. (2019). Highlights Dawn of the Terrorbit Era.
Omale, G. (2018). Gartner Identifies Top 10 Strategic IoT Technologies and Trends.
Owasp. (2018). Internet of Things (IoT) Project. Retrieved from https://owasp.org/www-project-internet-of-things-security/
Peshwe, N., & Das, D. (10 2017). Algorithm for Trust Based Policy Hidden Communication in the Internet of Things. 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops). doi:10.1109/lcn.workshops.2017.77
Peterson, W. W., & Weldon, E. J., Jr. (1972). Error-correcting codes. MIT press.
Rosen, M. (2019). Driving the Digital Agenda Requires Strategic Architecture.
Saha, A., & Srinivasan, C. (2019). White-Box Cryptography Based Data Encryption-decryption Scheme for IoT Environment. 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS). doi:10.1109/icaccs.2019.8728331
Shor, P. W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. Proceedings 35th Annual Symposium on Foundations of Computer Science, 124–134. doi:10.1109/SFCS.1994.365700
Shor, P. W. (1997). Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing, 26(5), 1484–1509. doi:10.1137/s0097539795293172
Sysman, D. (2019). California’s IoT Security Law: Why It Matters and the Meaning of ‘Reasonable Cybersecurity’. Forbes. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2019/11/20/californias-iot-security-law-why-it-matters-and-the-meaning-of-reasonable-cybersecurity/?sh=6c90b0d85f6c
Thirumalai, C., & Shanmugam, S. (4 2017). Multi Key Distribution Scheme by Diophantine Form for Secure IoT Communications. 2017 Innovations in Power and Advanced Computing Technologies (i-PACT). doi:10.1109/ipact.2017.8245059
Turner, P. S. D. (2018). Symmetric Key Encryption - Why, Where and How It’s Used in Banking.
Vuldb. (2022). CVE-2019-10999. “D-Link DCS-5009L Alphapd wireless.htm Memory Corruption. Retrieved from https://vuldb.com/?id.134434
Watters, A. (2022). 30 Internet of Things Stats and Facts for 2022. Default. Retrieved from https://www.default.com/statistics/iot-stats-facts
Wei, B., & Others. (7 2017). A Practical One-Time File Encryption Protocol for IoT Devices. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). doi:10.1109/cse-euc.2017.206
Williams, A. (2018). Harmony Hub Hacked and Patched. Hackaday.
Yousefi, A., & Jameii, S. M. (5 2017). Improving the Security of Internet of Things Using Encryption Algorithms. 2017 International Conference on IoT and Application (ICIOT). doi:10.1109/iciota.2017.8073627
Zassenhaus, H. J. (2013). The theory of groups. Courier Corporation.
Zinevych, M. (2021). Does Encryption Protect Data Against Man-in-the-Middle Attacks? Apriorit.
Mr. Ahmet Furkan Aydogan
Computer Science, Sam Houston State University, Huntsville, 77340 - United States of America
axa184@shsu.edu
Professor Cihan Varol
Computer Science, Sam Houston State University, Huntsville, 77340 - United States of America
Professor Amar Rasheed
Computer Science, Sam Houston State University, Huntsville, 77340 - United States of America
Professor Narasimha Karpoor Shashidhar
Computer Science, Sam Houston State University, Huntsville, 77340 - United States of America


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS