Introduction
In near future, it is expected that billions of humans will be connected through trillions of smaller devices which might be regulated without direct human interaction and only using the IoT (Internet of Things). The main challenges with the number of increasing devices are i. The infrastructure and ii. The security issues. This is really alarming in the field of Internet of Things (IoT) as the ecosystem is yet to be developed, especially in the security field. The fundamental security challenge of IoT is that it increases the number of devices behind a network firewall. This paper concentrates on current cryptographic security algorithms, implementing them on a low powered machine and analyzes the overall impact it creates on the device. It also shows the use of cryptographic algorithms and algorithms which use anonymous key agreement protocols that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel. It covers widely used cryptographic routines and the use of these under various conditions to test their performance. To contribute towards getting a clearer mapping of the future of IoT security. The implementation methodologies were not easy due to Raspberry Pi not originally being supported by the libraries itself. The build files had to be customized to suit the needs of the low powered device and achieve our goal.html
From past few decades, working with and working for Internet of things (IoT) has become an interesting area in computer science. Though the research on this topic is still in progress and security and privacy are some enormous concerns along with the infrastructure issue. In IoTworld the drawback is that the processing cycles are smaller and power supplies are lower. In such cases, it is known that for faster computation elliptic curves are used. There are numerous books and research articles describing how elliptic curves are effective and use smaller keys to encrypt and decrypt data [8], they are useful in wireless environment compared to other algorithms [5] but there exists very little work on IoT security enhancement using elliptic curves. For example, work has been done with elliptic curves to implement security for IoT devices. [3] [10] Again, there are works with cipher algorithms where they introduce an open framework of lightweight block ciphers on a multitude of embedded platforms. [2]git
Now, people are going for hybrid methodology to solve the low computational issues. In some papers, they have addressed some lightweight ciphers, compared them and came up with a new algorithm.[9] Again there are some who proposes a hybrid semantic service matchmaking method which merges their previous work on probabilistic service matchmaking using latent semantic analysis with a weighted-link analysis based on logical signature matching.[1] However, to the best of this paper's knowledge based on literature review done, there are very few articles which propose a new kind of algorithm to balance these kind of problems with IoT devices. For example, some proposes an encryption method based on XOR manipulation, instead of complex encryption. [6] They have proposed it for RFID system which requires particular hardware design.github
There are quite a few reliable articles telling which methodologies should be embraced to secure the IoT system yet lots of people are still working on it as the field is not yet completely stable in infrastructure or complete secure. [11] [12], [4] A in depth study of current security methods is needed to develop this field.app
Contribution of the Paper
This paper is trying to contribute towards better understanding of security algorithm performances by studying the performance of various algorithms that can be implemented on IoT devices; applying a number of security algorithms, for example, authenticated encryption schemes, AES, block ciphers message authentication codes, hash functions, elliptic curves etc. to compare and analyse their performances on an IoT platform, Raspberry Pi, an embedded system which is referred to as the black box and used as an IoT device in may work.[7] This paper shows some optimal cases, presented a comparative analysis and hence helped identifying areas for improvement or constraint based selection of the algorithms worked on. The detailed work can be understood in the section below.less
System Implementation
Getting the results of library implementation in specific hardware is a challenge because the device was not natively supported by the libraries. The estimated time is based on how much time is needed for a) building the library for specific platform and b) creating test environment for the specific platform and c) carrying out result data and calculations.dom
A. System Implementation Details
To achieve the results, primarily, the use of Crypto++®Library (version 5.6.5) has been taken into account; github repository of Crypto++®2 has been used to download the library and later compiled in a local environment. Testing datasets were generated, optimized and put to test environment. The platforms used, is Raspberry Pi 3 Version B. The system was readied to compile the library and run the test codes afterwards.jsp
Secondarily, the use of FLECC _ IN_ C, a library written in C for implementing cryptographic algorithm, has been taken into account. It is again implemented in Raspberry Pi 3 Version B. CMake was used to compile library codes and cov&genhtml was used for code coverage testing. The benchmark information and reviews are illustrated in the below graphs.ide
Hardware, Tools & Libraries
a. Hardware & Tools
This system model makes use of test environment's CPU. The test system makes use of CPU cores, which means performance would be better for higher number of core count. For conducting tests on a low powered device, the platform used was Raspberry Pi 3 model B. It has a 1.2 GHz ARM V8 Quad Core CPU. We used CMake 3.8,. 2Clangs3.9; Clang is used for compiling C++ files in Raspberry Pi, Raspbian Jessie (with kernel version 4.4), Doxygen 2.0, LCOV 1.13, GenHTML 1.0, Clang-Format (Bundled with Clang 3.9)ui
b. Libraries
In order to evaluate the system different tests has been conducted with two different libraries.this
i. Crypto++® 6.0.0
First library used is Crypto++® 6.0.0.
The reason to use the library is that it supports 32-bit and 64-bit architectures for many major operating systems and platforms and compilation using C++03, C++11, etc. runtime libraries; and a variety of compilers and IDEs, In speed tests seven open source security libraries with 15 block ciphers, it was the top performing library under two block ciphers, and did not rank below the average library performance under the remaining block ciphers.
ii. Flecc in C
The second library used is FLECC in C.
The reason to use FLECC is that it supports multiple elliptic curves at runtime and is designed to be executed on lightweight embedded processors. It is written in C, to make sure that it is supported by the compiler that comes with an embedded microprocessor.
B. Input Data
For testing purpose, in elliptic curve cryptography we have used 5 input curves.
For public-key cryptosystems: PKCS1v15 was used for key generation.
C. Testing Procedure
For testing procedure the use of the below algorithms in Crypto++® library has been made:
The generated input data was run through these algorithms and the necessary findings were printed. After that, calculation of which algorithm is better suited for different platforms and made a listing of comparative algorithms was done.
The procedure followed is shown below.
D. Results Using Crypto++®
First library used is Crypto++® 6.0.0.
Host OS is RASPBIAN JESSIE WITH PIXEL (ARM 64/32-bit). The Host CPU is an ARMv8-A, frequency is 1.22 GHz.
For all algorithms discussed in this section the input keys are generated based on the standard mentioned in section C.
As shown in Figure 2 and Table 3, for the first part of the experiment, we considered a script with 13 arguments to compare the performance on the two factors as shown in the graph below. It analyses the performance of quite popular and useful cryptographic primitive types such as specific stream & block ciphers as well as AES models and MAC algorithms. Time taken for setting up key and initialization vector is lowest for ARIA/CTR and highest for SOSEMANUK. However, bytes processed are slowest for VMAC. Overall, on average, from the algorithms tested in the specific constraint environment considered here, the optimal performance is considered as Kalyna and ARIA among these algorithms that here is considered of the primitive type.
The final batch consisted of DLIES, RSA, LUC, etc. as shown in Figure 3 and Table 4. These are over 1024 bits mostly in this test LUCDIF and RSA came out with the best result with 7.6 and 14.1 milliseconds approximately. The worst was 44.9 milliseconds approximately from LUCELG.
Overall, on average, from the algorithms tested in our specific constraint environment under the key generation standard used, the optimal performance is considered as that of RSA signature and least optimal is of LUCELG among these algorithms that here is considered of not the primitive type.
E. Results Using Flecc_in_C
FLECC_IN_C or Flexible Elliptic Curve Cryptography shows detailed information of the elliptic curve algorithm when implemented and tested. The library used isFLECC_IN_C to determine the overall performance of an elliptic curve security algorithm. Here, ECDSA signatures is used (FIPS 186–3 standard) along with EC-DH key exchange.
Now. for secp192r1 it took a total of 5.86 milliseconds to generate the key and create the signature. For secp224r1, secp256r1, secp384r1, secp521 it took 8.62, 11.94, 35.28, 85.34 respectively. Hashing functions are in negative values which mean it did not run on any of the mentioned curves. From the Figure 7, therefore we can conclude that Big Integer processing as well as ECC and RFC processing remained more or less stable throughout and the protocols processing step was the costliest, hence it could be the area of modification for easiest improvement.
Conclusion
From the above data we getRSA 1024 (14.1 milliseconds), LUCDIF 512 (7.6 milliseconds) are the algorithms that takes least time to perform the security routine in different tests. Based on our tests, algorithms like ECMQVC takes far more time to process than the algorithms discussed here. The paper gives an overview of several algorithms implemented under constrained environment. These results will contribute towards understanding and designing security algorithms for IoT devices, easily choosing an algorithm for a specific device with certain key size or easily understanding performance of aIoT device by having a look at the graphical comparison given in this paper. So, this paper can be used as a guideline to design security structure for any specific IoT device. Again, there are lots of scopes for further research in the IoTdomain where this paper can provide crucial information in a succinct manneron security issues for those devices. Overall it gives an easy overview for the field of further research or tools or algorithms to use for IoT security purpose.