International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 07 Issue: 12 | Dec 2020 www.irjet.net p-ISSN: 2395-0072

A Cryptographic Approach for Securing IoT Devices

Vipul Goyal1, Abu Zafar2
1Student, Computer science and Engineering, ASET, Amity University, Noida, U.P., India
2Student, Computer science and Engineering, ASET, Amity University, Noida, U.P., India
---------------------------------------------------------------------***----------------------------------------------------------------------
Abstract - Cryptography is a way of communication that is can transmit information and send messages to each other.
secure. The prefix "crypt" means "hidden" and the suffix The concepts of Internet of Things devices are like thinking
"graphy" means "writing". In cryptography, plain text is out of the Box. For example, an IoT-based chair can be
converted to encrypted text before it is sent, and it is adapted to the size of the occupant. Based on these
converted to plain text after communication on the other calculations, you can automatically increase or decrease
side. The algorithms are utilized to create cryptographic sleep hours.
keys, for digital signatures, for verification to secure the
confidentiality of information, to browse the Internet and to IoTs change people's lifestyles, increase productivity and
ensure confidential transactions such as credit and debit reduce life stress to protect the environment. IoTs are next
card transactions. The Internet of Things (IoT) is a vastly generation networks and a new and moderate way of the
growing area in computer science as it helps exchange data Internet to offer the ultimate in wisdom. IoT devices can
by interconnecting devices over the internet, therefore, it collect and analyze a large amount of data, make a smart
should be secured. IoT’s are making smart devices smarter decision, and share information with devices so they can act
and of higher quality to enhance the user experience. IoT’s smart.
security challenges are more vulnerable because the devices
are openly accessible to all in the network. In this paper, These additional services are accompanied by their own
cryptographic methods are proposed to secure the IoT prerequisites and limitations; therefore, several challenges
devices i.e. four of the most used encryption algorithms have been raised:
namely: AES (Rijndael), DES, Triple DES and Blowfish.
• Network difficulties for endless number of devices to
Key Words: Cryptography, Internet of Things communicate with each other.

1. INTRODUCTION • Security challenges: The number of nodes in the network

and its wide range of IoT networks for deployment and
These days, the figure of connected gadgets is expanding applications have become more engaging both as a target
exponentially, forming the so-called Internet of Things (IoT). and as an attack tool.
In the sight of IoT, every real object has virtual components,
for example, a person in real has a virtual counterpart that • Power consumption faces the impossibility of
can be located, addressed and read. It's a network of devices implementing heavy conventional cryptographic
that are connected to the internet, thus they have their own mechanisms and security protocols on small devices with
IP addresses and can interface with one another to automate limited power sources.
simple tasks. IoT is among the developing advances that
Security concerns are important. The Internet of Things talks
would be the best specialists to change the current world
about existing cybersecurity vulnerabilities and presents
scenarios. These devices are used in various fields, e.g. in
new security threats. This poses the usual risks associated
smart homes, in public health, in smart cities, in
with sending information through the system. Each terminal
environmental monitoring, in smart traffic systems, etc. The
(node) can be an access point and connectivity analysis will
Internet and its users are already under attack and a
increase damage. Hacker attacks on intelligent energy
growing economy full of models is undermining the moral
systems can power millions of households and businesses,
use of the Internet: it is only aimed at developing the basic
causing tremendous financial damage and threatening health
concepts of the weaknesses of the current version. This is
and safety. IoT security breaches impact both personal data
not a good signal for IoT, which integrates many limited
abuse and device theft. Therefore, when developing IoT
devices. In fact, the implementation of the IoT concept can
applications, security is a fundamental requirement and
lead to the emergence of new malicious models. The
security plays an important role in preventing unauthorized
challenge is to prevent the growth of these models, or at
access in IoT application systems.
least reduce and limit their impact.
Cryptographic algorithms should develop security solutions
Internet of Things is a new development and a huge set of
that protect IoT networks and minimize security risks.
computing components that are currently connected to each
However, the actual implementation of these cryptographic
other on the Internet. IoTs are essentially distributed
algorithms depends on the performance limitations of IT and
physical network devices that work intelligently to collect
IoT devices. However, choosing the right hardware, software
information from environmental parameters. These devices
© 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1222
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 07 Issue: 12 | Dec 2020 www.irjet.net p-ISSN: 2395-0072

platform, and fundamental architecture for your application ● In 2018, El-hajj et al [2] have worked on
is an important step in building an IoT system. Most IoT analyzing the efficiency of various
applications include embedded systems that were used cryptographic algorithms in an IoT device and
many years ago but are now becoming compatible smart comparing it to the basic cost of the device.
devices that require network connectivity, memory usage, Their study provided evidence that security
and scalable features. This integrated hardware system is a protocols with basic cryptographic elements
good example of reducing costs and energy consumption. (symmetric, asymmetric, hash code, and digital
signature) could be entered into the system.
Cryptography is a technique used for converting plain text to
encrypted text and vice-versa. It is used for security ● In 2010, Elminaam et al [3] have worked on this
purposes. The CIA triad is a very important terminology article, we evaluate the performance of some
when we talk about security. Confidentiality means data symmetric encryption algorithms. The
must be kept a secret from both ends. It should not be leaked algorithms used in the study are DES, 3DES,
as it violates the security of the system. Integrity means AES, Blowfish, RC2, and RC6. Various results
ensuring the accuracy and completeness of the data. This is can be obtained from the experimental results.
to protect the data from misuse or alteration by an First, if the results are displayed in hexadecimal
unauthorized party. Authentication confirms that the person or 64 base code, it doesn't make much
entering the network is valid and genuine. difference. Second, they found that Blowfish
outperforms other popular coding algorithms
The three classifications of cryptographic systems are based and outperforms RC6 when the packet size is
along the following three independent parameters- Kind of changed. Third, it turns out that 3DES still
activities utilized for changing plain text to cipher text, the crashes compared to the DES algorithm. Fourth,
number of keys utilized and dealing with plain text. it turns out that RC2 is time consuming
compared to all other algorithms. Fifth, we
All encryption algorithms depend on two general standards. believe that AES works better than RC2, DES,
The first is substitution, where each component of the plain and 3DES. For audio and video files, you get the
text is assigned to a different component, and transposition, same results as for text and documents. As the
where the raw content components are arranged differently. size of the key changes, the size of the key
The basic requirement is that no data is lost. Most systems, increases and eventually the battery
called product systems, had many stages of replacement and consumption and time will change significantly.
conversion.
● In 2016, Awotunde et al [4] have worked on all
If the sender and recipient have the same key, the system is strengths and weaknesses of encryption
called symmetric encryption with the same or private key. If methods. The study summarizes that Blowfish
the sender and recipient use different keys, the system is algorithm uses more memory, CPU usage, and
considered asymmetric two-key cryptography or public-key time to perform its cryptographic operations
cryptography. than it does because it uses a much longer key
length (448 bits).
Block cipher encryption always processes the inputs into an
element block, so an output block is generated for each input ● In 2011, Roman et al [5] have worked on the
block. Current encryption processes input elements theoretical ways to secure IoT devices. They
continuously and leads to a result element. have discussed the threats that have been
caused to the interconnection of the devices on
2. LITERATURE REVIEW
the internet.
● In 2016, Dewanjee et al [1] have worked on a
 In 2016, Joshna et al [6] have worked on a
collated report on security challenges of IOTs
comparative analysis of the symmetric key
and the Cryptographic methods used to
algorithms. It discusses all the details about the
overcome the challenges. As per a report by
cryptographic algorithms with symmetric key.
Cisco, stating that by 2020 there will be an
enormous number of IoT devices which will 3. ALGORITHMS
take over to cover all the sectors like health
services, transportation, and smart devices 3.1 AES
covering all areas of life. IoTs making Smart
devices are becoming smarter and of higher Rijndael's proposal for AES (Advanced Encryption Standard)
Quality to enhance the user experience. IoT's uses 128, 192, and 256 bits to decode a number that allows
security challenges are more vulnerable the block length and key length to be specified
because the devices are openly accessible to all independently of each other. The key length determines
in the network. some parameters of the AES algorithm.

© 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1223
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 07 Issue: 12 | Dec 2020 www.irjet.net p-ISSN: 2395-0072

The above algorithm has the following characteristics: 3.4 Blowfish

• Security or protection against all known attacks. Blowfish is a block cipher and is a part of symmetric key
encryption. It encrypts data in blocks of 8 bytes. The
• Code speed and compactness on various platforms. algorithm consists of two parts, a key extension part and a
data encryption part. The key extension converts a key with
AES-128 uses a 128-bit key length to encrypt and decrypt a maximum length of 56 bytes (448 bits) into several tables
message blocks, while AES-192 uses a 192-bit key length and with subkeys with a total of 4168 bytes.
AES-256 uses a 256-bit key length for encryption and
decryption. Use key length. Each digit of the message uses 4. REVIEW RESULTS
128, 192, and 256-bit encryption keys to encrypt and
decrypt data into 128-bit blocks. The number, also known as Table 1: Performance of Algorithm during the
the secret key, uses the same encryption and decryption Encryption process
keys, so the sender and receiver must know and use the
same secret key. Governments classify information into Paramet AES DES Triple - Blowfish
three categories: confidential, secret, or very secret. All key ers DES
lengths can be used to protect confidentiality and Designer ‘Joan IBM IBM ‘Bruce
confidentiality levels. Key lengths of 192 or 256 bits are s Daemen& Schneier’
required for secret information. Vincent
Rijmen’
A 128-bit key has 10 turns, a 192-bit key has 12 turns, and a Develope 1998 1977 1998 1993
256-bit key has 14 turns. A round consists of several d
processing steps, in which a simple text input is replaced, Attacks Brute Brute Chosen Second
transformed, mixed and transformed into the final output of force force plain text order
encoded text. attack, attack, attacks or differenti
Biclique Differenti known al attack
3.2 DES attack, al plain text
Related- cryptanal attacks
DES (Standard Encryption Standard) is a 64-bit symmetric
key ysis,
block encryption algorithm. This algorithm works on 64-bit
attacks linear
blocks of plain text. Due to the symmetry, the same key can
cryptanal
be used for encryption and decryption. In most cases, the
ysis
same algorithm is used for encryption and decryption. First,
the transition is performed according to a fixed table (initial Type of Block Block Block Block
permutation), which divides a 64-bit block of plain text into Encryptio Encryptio Encryptio Encryptio Encryptio
two 32-bit blocks, each of which performs 16 identical n n n n n
operations, called rounds. The two halves are connected, and Security Secure Insecure Secure Secure
the first inversion of the permutation is performed. The than DES
purpose of the first implementation is clear. This does not MemoryC 25 15 16 30
affect the security of the algorithm. Therefore, small blocks onsumpti
of plain text and cipher text can be loaded into an 8-bit chip. onRate
Only half of the original 64-bit block is used in one run. The (MB)
rounds alternate between the two halves. CPU 94.8532 96.4894 85.0985 120.2343
Usage
3.3 Triple-DES
(%)x100
Triple-DES is a type of computer encryption algorithm in 0
which each data block receives three passes. You can Encryptio 4947.748 4747.297 7157.597 6471.241
increase security by increasing the key length. Triple DES n speed 3 7 9 6
has been replaced by NIST, which received the above AES. (ms)
Triple DES is currently considered obsolete, but some IoT Key 142 132 147 448
products use it for compatibility and flexibility. length
in (bit)
Triple DES is a good encryption algorithm that can be used to
protect against brute force attacks. "Brute force" is a
painstaking effort (as opposed to an intelligent strategy)
through repeated attempts and efforts. The Brute Force
attack automatically uses automated tools and then it
therefore it takes guesses various combinations until a
hacker breaks the key.
© 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1224
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 07 Issue: 12 | Dec 2020 www.irjet.net p-ISSN: 2395-0072

The graph in Figure 3 summarizes that Triple-DES takes

maximum time to encrypt, whereas DES is the fastest and
takes the least time.

Figure 1. Graph showing Memory Usage

The graph in Figure 1 summarizes that out of the four

encryption algorithms, Blowfish takes most of the memory
while DES takes least of the memory.
Figure 4. Graph Showing Key Length

The graph in Figure 4 summarizes that Blowfish reveals the

highest Avalanche effect whereas DES reveals the least
Avalanche effect. Avalanche tells us how much information is
revealed.

5. CONCLUSIONS

Obviously, theoretically any key could be cracked in a brute

force attack with sufficient processing power. A pragmatic
approach to modern encryption is to use a key long enough
that it wouldn't be compromised without extraordinary
computing power, well above the value of encryption to
protect content.

Figure 2. Graph showing CPU Usage Cryptography can be used to protect data by controlling
access to that data that has been around for a long time and
The graph in Figure 2 summarizes that Blowfish utilizes as it grows, as every aspect of our human business depends
most of the CPU time period, and Triple-DES utilizes on information technology. This has resulted in
minimum CPU time, hence being the fastest. cryptography being required and used to protect this data
from snooping eyes. Each of the encryption techniques has
its own strengths and weaknesses. To apply an appropriate
cryptographic algorithm to an application, someone needs to
understand the performance, strength, and weakness of the
algorithms.

6. REFERENCES

[1] Dewanjee, Rita & Verma, Pushpak & Vyas, Dr. (2016),
“Cryptography Techniques and Internet of Things.”, 3rd
International conference on Electronics and Communication
Systems (IEEE, ICECS'16), February 2016

[2] El-hajj, Mohammed & Maroun, Chamoun & Fadlallah,

Ahmad & Serhrouchni, Ahmed. “Analysis of Cryptographic
Figure 3. Graph showing the Encryption Speed of the Algorithms on IoT Hardware platforms”, 1-5.
Algorithms 10.1109/CSNET.2018.8602942. 2018 2nd Cyber Security in
Networking Conference (CSNet)

© 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1225
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 07 Issue: 12 | Dec 2020 www.irjet.net p-ISSN: 2395-0072

[3] Diaa Salama Abd Elminaam, Hatem Mohamed Abdual

Kader & Mohiy Mohamed Hadhoud, “Evaluating the
Performance of Symmetric Encryption Algorithms”
International Journal of Network Security, Vol.10, No.3,
PP.213–219, May 2010

[4] J. B. Awotunde, A. O. Ameen, I. D. Oladipo, A. R. Tomori, M.

Abdulraheem, “Evaluation of Four Encryption Algorithms for
Viability, Reliability and Performance Estimation”, NIGERIAN
JOURNAL OF TECHNOLOGICAL DEVELOPMENT, VOL. 13,
NO. 2, DECEMBER 2016

[5] R. Roman, P. Najera, and J. Lopez, “Securing the Internet

of Things”, IEEE Computer, vol. 44, pp. 51 -58, 2011

[6] S, Joshna. (2016). Symmetric Key Algorithms: A

Comparative Analysis. International Journal of Innovative
Research in Computer and Communication Engineering. 4.
15772-15775.

[7] RIMAN, Chadi, and Pierre E. ABI-CHAR. "Comparative

Analysis of Block Cipher-Based Encryption Algorithms: A
Survey." Information Security and Computer Fraud 3.1
(2015): 1-7.

[8] Chetan Nanjunda Mathur, Karthik Narayan, K. P.

Subbalakshmi. "On the Design of Error-Correcting Ciphers",
EURASIP Journal on Wireless Communications and
Networking, 2007

[9] Dwi Liestyowati. "Public Key Cryptography", Journal of

Physics: Conference Series, 2020

© 2020, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1226