Lightweight Cryptographic Algorithms for Guessing Attack Protection in Complex Internet of Things Applications

Center form Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), 43600 Bangi, Selangor, Malaysia Cyberspace Institute of Advanced Technology, Guanghzou University, Gaungzhou, China Institute of Computer Science and Digital Innovation, UCSI University, 56000 Kuala Lumpur, Malaysia Department of Computer Science and Engineering, Birla Institute of Applied Science, Bhimtal, India Faculty of Informatics and Computing, University Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia School of IT and Telecommunication Engineering, Melbourne Institute of Technology, Melbourne, Australia School of Software Engineering, National University Mayor de San Marcos, Lima, Peru Universidad Nacional Federico Villarreal UNFV(INERN), Lima, Peru


Introduction
Our way of life changes with the continuous scientific developments in society, where life is now heavily driven by data. e advancements in semiconductor and communication technologies have led multiple devices to be interconnected to deliver communications and services to humans. is phenomenon is often referred to as the Internet of Everything (IoE) that includes the IoT as its subset.
e IoE can be applied in various fields such as smart cities, smart homes, intelligent transportations, automated agriculture, and convenient healthcare (Figure 1). e IoE often suffers from its computation limitations in processing capabilities and fixed storage, leading to the lack of device safety, privacy, and performance [1][2][3][4][5][6]. Considering the ubiquitous application of IoE in our society, it is imperative to improve their security and performance Fig 1. In the IoE/IoTdomainsʼ physical layer, the MAC layer and the physical layer control the security procedures mainly in GPRS applications, sensors, or RFID. IEEE 802. 15.4. is used because of its low-cost and low-energy-consumption rates, but it sustains some limitations against the potential attacks. e network layer collects the data from the physical layer to partition a message into a bundle and to route the data packets from the source to the destination. With the rapid rise of IoT, IPv6 address loses its precedence to IPv4. AES, DES, or Inbuilt cryptography conventions are realizable by utilizing the IPsec in this layer. User Datagram Protocol (UDP) is used in IoT for end-to-end communication at the transport layer. However, Datagram Transport Layer Security (DTLS) is constructed in this layer because UDP is not reliable. e application layer is where the intelligence of IoTresides. e application layer can be used for social action, retail, wellbeing, or personal needs. Constrained Application Protocol (CoAP) [7] is employed to satisfy the IoT networkʼs low resource restriction.
IoTfaces challenges in security assurance, data reliability, and user confidentiality in its edge network. Furthermore, some of the challenges remain in IoT edge networks because of the lack of a mechanism to perform authorization, key management, authentication, and access control. Moreover, because the compelled edge devices interface with the Internet, fortifying the edge system is essential for the global IoT/IoE network. In an IoT wireless sensor network, there is much literature that explores the security vulnerabilities that cause attacks in eavesdropping, reply attack DoS/DDoS, and so on. Many applications can lose our private information on banking, health, and location services due to these security constraints. A security measure is required to secure communication in which the interception of messages by malicious users cannot harm our privacy [3,8].
is workʼs main contribution is the experimental assessments on the technologies and cryptographic algorithms that can be used in the messages exchanged between the nodes to create a secure IoT network in a way that protects our communication. is article will conduct a comparative study of RSA, DES, AES, 3DES, and Blowfish encryption algorithms to protect the Internet of ings (IoT) applications. e experimental analysis includes the comparison of computational resources required versus the security improvement. e study can lead us to find an optimal tradeoff point between computational resources versus security performance in future IoT/IoE applications.

Cryptography and Encryption Algorithms and Its Challenges
is section will provide the related works in data encryption for IoT applications. Literature shows studies on power consumption, processing speed, packet size, data types, and avalanche effect in data encryption for IoT applications.
As per Gartner report (Stamford 2013), IoT can bring forth more than a three hundred billion US dollar revenue in 2020, excluding smartphones, tablets, and PCs. In addition, by 2020, amounts of smartphones and tablets reached over 7.3 billion units. For a large number of data communication over the network, a complex and massive network will be created. Many internet-based applications have been introduced, such as online shopping, instant payment, and electronic bill payment. Other than web applications, several new concepts are emerging in Cryptocurrency, Blockchain, and the Internet of ings (IoT).
In an IoT environment, the demand for using the appropriate cryptographic solution is increasing. Nevertheless, because of the limited battery life, low power computation, small memory, limited power supply, and small size of the edge devices suffer limitations in applying cryptography. A typical cryptographic primitive may not be suitable for these low-powered edge devices. For instance, an RFID tag cannot employ a 1204-bit RSA algorithm due to a lack of resources [9]. e current smart industry requires an intelligent cryptographic solution that can provide adequate security performance in pervasive computing and only resourcelimited edge devices. e classification of different encryption algorithms is illustrated in Figure 2 [10].   Figure 3, two processes are associated with this-encryption and decryption [11]. ey are used for protecting messages or data from fraud attacks on the network. Security of data is a significant issue in the Cloud IoT environment. Cryptography is addressed in some ways.
ree types of cryptographic algorithms are as follows: (i) Symmetric cryptography (ii) Asymmetric password (iii) Hash encryption 2.1.1. Symmetric Cryptography. Symmetric cryptography (i.e., secret key cryptography) refers to cryptography that employs the same encryption key for plaintext encryption and decryption. e same key is shared between the two sides, which is a significant disadvantage of symmetric key encryption [12]. Compared with public key encryption (aka asymmetric key encryption shown in Figure 4), the main advantages of symmetric key encryption are that it does not consume too much energy, and the encryption speed is breakneck. It is divided into two categories: block ciphers and stream ciphers. Advanced Encryption Standard (AES), Data Encryption Standard (DES), Blowfish, Triple DES, etc., are some algorithms of standard symmetric key employed in cloud computing [11] as shown in Figure 5.
(1) Types of the symmetric algorithms: block cipher and stream cipher. In the block cipher, the secret message of any length is transformed into fixed blocks, and if the message length is smaller than the block size, then zero paddings are done. Next, on each block, an encryption algorithm and key are applied to generate the cipher message. e most preferred algorithms are DES, AES, Blowfish. Next, based on the algorithmʼs structure, a block cipher is classified into two types: substitution-permutation network (SPN) and Feistel network (FN). In the SPN network on the whole block, substitution and permutation layer is applied to generate the ciphertext, as shown in Figure 6. e plaintext and key XOR is done in the initial stage. Next, the XOR output is passed through s-box and p-layer. After that, on the fly is key generated for each round.
On the other side, in the Feistel network, the block is divided into two halves. Next, the functions f 1 , f 2 , and f 3 and key are applied to one-half of the block. en the swapping function is functional with the repetitive process for all rounds, as shown in Figure 7 [13].
In the stream cipher, the cipher is generated by combining the message with the key using a simple transformation (e.g., XOR) as shown in Figure 8.
In the stream cipher, the block size is 1 bit long, and the algorithmʼs overall security depends on the key size (which is generated using key and initialization vector (IV)). e most preferred stream cipher is RC4 in the SSL/TLS and A5 in the GSM. Typically, stream cipher algorithms are fast, require fewer resources for encryption purposes, and also are preferred for encrypting the small message. Further, block cipher can be turned into stream cipher using various modes of operations, e.g., counter mode. is means that if you have a secure block cipher, you can build a fast stream cipher. Comparative analysis between the block and stream cipher is shown in Table 1.
Some examples of popular and well-respected symmetric algorithms include AES (aka Rijndael), Blowfish, DES, TDES, and IDEA, as an example of the symmetric algorithm (Figures 9-11).
DES: Data Encryption Standard (DES) is a symmetric key block cipher where the key length is 56 bits, and the block size is 64 bits in length [14]. When a weak key is used, it is vulnerable to key attacks. DES was discovered by IBM in 1972 using an algorithm for data encryption. It is approved by the US government as a standard algorithm for encryption. It starts with a 64-bit key, and then, the NSA limits the consumption of DES with a 56bit key. us, DES removes 8 bits of the 64-bit key and subsequently utilizes a reduced 56-bit key obtained from the 64-bit key to 64-bit block size encrypted data. DES can function in different modes-CBC, ECB, CFB, and OFB, rendering it flexible. When a weak key is used, it is vulnerable to key attacks. In 1998, the Triple DES: Triple DES, a block cipher, is called a triple data encryption algorithm and cryptography. In 1998, the Triple Data Encryption Standard (3DES) was initially released. Hence, its name is like that because it uses three DES ciphers to each block of data, namely, "encryption and decryption-using DES encryption," as shown in Figure 8. e key length is 112 bits or 168 bits, and the block size is 64 bits in length. As the computing power available today continues to increase, and the original DES ciphersʼ capabilities are weak, it has suffered brute-force attacks and several cryptanalysis attacks. For providing a comparatively simple way of increasing the key size of DES, Triple DES aims to prevent such attacks with no design of a different block cipher algorithm. e encryption function used is C � E (K 1 , E (K 2 , D (K 3 , C))) and by using the same    4 Complexity operation with keys reverse produces the decryption function of P � D (K 1 , E (K 2 , D (K 3 , C))). e 3DES is a formidable algorithm because DEA is an underlying cryptographic algorithm. us, similar resistance to cryptanalysis of DES can be claimed for 3DES. Besides, the 168-bit key length makes brute-force attacks effectively impossible. International Data Encryption Algorithm (IDEA): International Data Encrypt Xuejia Lai and James L. Massey of ETH minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES early versions of the Pretty Good Privacy cryptosystem. K can be represented as TDES-EDE, which shows the structure of the triple DES. Encryption algorithm (IDEA) is a block cipher designed by ETH-Zürich and was first described in 1991. Based on the previous sectionʼs study, it can conclude that there are differences between the DES algorithm, Triple DES algorithm, and IDEA (shown in Figure 9). Table 2 shows the comparison between DES, Triple DES, and IDEA. e AES algorithm is a symmetric key block cipher which is established by Joan Daemen and Vincent Rijmen in 1998. e AES algorithm strengthens any amalgamation of data with key lengths of 128, 192, and 256 bits, as shown in Figure 10. AES allows 128-bit data length, which can be divided into four basic operation units.
ese units are regarded as byte arrays and arranged into a matrix with 4 × 4, also known as states, and undergo various transformations through rounds. For full encryption, for cases where the key lengths are 128, 192, and 256, the number of rounds used is the variable N � 10, 12, and 14. Each round of AES utilizes permutation and replacement networks and is fitting for hardware and software implementations. Blowfish: Blowfish was originally released in 1993. It is a symmetric key block cipher with key lengths ranging from 32 bits to 448 bits and a block size of 64 bits. Its composition is the Festival Network. As a symmetric block cipher, Blowfish can be exploited as a casual alternative to DES or IDEA. It uses a variable-length key ranging from 32 bit to 448 bit, making it ideal for home and business use. Devised by Bruce Schneier, Blowfish is a speedy, free complementary of prevailing encryption algorithms. Since then, it has been extensively investigated, and as a robust encryption algorithm, it is gradually gaining popularity. Blowfish is not patented, has a free license, and is free for all uses. e process of the Blowfish encryption algorithm is shown in Figure 11.
Lightweight cryptography has been essential for the last few years, driven by the lack of primitives capable of running on devices with deficient computing power [22]. One of the most ciphers in lightweight cryptography is the PRESENT algorithm.
(2) PRESENT algorithm: the PRESENT algorithm is an asymmetric cryptography algorithm that is based on the substitution permutation network. e PRESENT algorithm has a block size of 64 bits and supports two key sizes 80 bit and 128 bit and required 32 rounds for the data encryption. In the initial phase, the plaintext and key XOR operation is performed which transforms the original bits. Next, the XOR operation output is given to the substitution layer, which transforms the actual bits.
e 64 bits are processed in the 4-bit chunk. us, 2 4 � 16 combination is required in the look-up table for the s-box, as shown in Table 3. e authors do not disclose the s-box mathematical modeling. erefore, the algorithm is secure and preferred in the number of applications. Next, s-box output-input to the permutation layer shuffles the bits at bit level as shown in Table 4. e PRESENT algorithmʼs permutation layer consumes a large number of cycles due to the bit-level permutation. Further, a layer of key scheduling is performed in the round  Figure 9: Structure of Triple DES: encryption (a) and decryption (b) [12,15].
Complexity 5 as shown in Figure 12.
e PRESENT algorithm key scheduling is most preferred in the other lightweight ciphers due to the more straightforward key scheduling step. erefore, other lightweight cipher algorithms are explored in work, providing better security and consuming less permutation and encryption purposes. Next, in Table 5, a comparative analysis of various conventional and lightweight cryptography algorithms is done. e comparative analysis found that, in conventional cryptography, AES is the most recommended NIST algorithm and preferred in several applications such as e-commerce, social media, and Internet banking. On the other side, in the lightweight algorithm, NIST recommended the PRESENT algorithm. Even up to now, no benchmark algorithm is proposed which are used for validating the lightweight algorithm. Due to the PRESENT algorithmʼs popularity, we have studied the PRESENT algorithm and found a large number of cycles for encryption.

Asymmetric Password.
Asymmetric key algorithms (secret key algorithms) use different keys for plaintext encryption and ciphertext decryption. It consists of two keys: a private key and a public key. e public key is used to encrypt the sender everyone knows, and the private key is used for the decryption of the confidential receiver [12]. Unlike symmetric ciphers, which share different keys, this is one of the main advantages of asymmetric ciphers. However, the main disadvantage of asymmetric encryption is that it consumes too much energy, and it is not as fast as symmetric encryption. Some popular asymmetric key algorithms used in cloud computing are Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC) [11], as shown in Figure 13.
(1) RSA. Established in 1977, RSA is a public key cryptosystem. RSA is an asymmetric cryptographic algorithm named after its founder Rivest, Shamir, and Adelman. It produces two keys: a public key to encrypt and a private key to decrypt messages. ere are three steps in the RSA algorithm. At the first step, the key generation is performed, which is operated as a key to encrypt and decrypt data. e next step is to encrypt, where the actual process is performing conversion from plaintext to ciphertext. Finally, the third step is to decrypt. At this step, the encrypted text is translated to plaintext on the other end. RSA is established on the problem of retrieving the product of two large prime numbers. 1024 to 4096 bits are found for the key size. To secure the key on the Internet, the original key and public key are given to the RSA algorithm, which generates the encrypted key in the output [23]. e detailed description of the RSA algorithm key creation, encryption, and decryption is shown in Table 6.

Hash Encryption.
Hash is a numerical function that transforms any type of data into distinctive string bits. Any form or extent of data can be hashed. A unidirectional       Public key Private key Figure 13: Block diagram of asymmetric cryptography. Table 6: RSA key creation, encryption, and decryption.

Sender
Receiver Key creation Choose two secret prime numbers p and q. Choose encryption exponent e with GCD (e, (p − 1) (q − 1)) � 1. Publish N � pq, and e. Encryption Choose plaintext m. Use Bobʼs public key (N, e) to compute c � m e mod N. Send ciphertext c to Bob Decryption Compute d satisfying Ed � 1(mod (p − 1) (q − 1)) Complexity compute m′ � c d mod N en m′ equals the plaintext m.

Complexity 7
process puts data into a hash algorithm and gets a unique text string. Hash functions are fundamental tools in modern cryptography. In hash encryption, the identical message continually results in an equal hash value. It can also quickly calculate the hash value of any delivered message [24]. Also, minor changes to the message will adjust the hash value. It is not possible to get the identical hash value for two separate messages. Secure Hash Functions (SHA-1 and SHA-256) and Message Digests (MD5) [25] are some of the popular hash encryption technologies employed in cloud computing, as shown in Figure 14.

Comparative Time Complexity Analysis of the Symmetric, Asymmetric, and Hash Cryptography.
In this section, based on the previous study, a comparative analysis between symmetric, asymmetric, and hash cryptography is presented. Table 7 shows that symmetric algorithm is faster in encryption compared to asymmetric or hash function. us, the symmetric algorithm is often preferred in steganography.
e studies have used machine learning-based neural network algorithms to solve security issues. Some other authors have been studied the performance of various security algorithms on a single processor and cloud networks for different input sizes [18-20, 26-35, 41]. e purpose of this article is to get quantitative terms such as speedup ratios that help to implement secure algorithms (MD5, RSA, and AES) using cloud resources, which companies can use for encrypting considerable amounts of data. ree distinct algorithms are utilized-AES (symmetric encryption algorithm), RSA (asymmetric encryption algorithm), and MD5 (hash algorithm) [40][41][42][43]. Results stated in this article determine that algorithms realized in a cloud environment (i.e., Google App) are more effective than applying them on a single system. For singleprocessor (on-premises) and cloud (Appengine) environments, MD5 consumes the least time, whereas RSA consumes the most. In the case of low input file sizes, the highest speedup can be obtained in AES, and as the input file size increases, the speedup ratio drops dramatically. AES is the highest in speeding up, followed by MD5, and RSA has the lowest speedup in the case of each input size. ree algorithms are compared and analyzed. RSA, AES, and DES consider specific parameters such as calculation time, output bytes, and memory usage. ese parameters are the main concerns in any sort of encryption algorithm [17]. Experimental findings demonstrate that, in the case of AES and DES algorithms, the DES algorithm consumes the least encryption time. In contrast, the AES algorithm uses the least memory, and the difference in encryption time is small. RSA uses the lengthiest encryption time while the memory usage is also high, but in the RSA algorithm, the output bytes are minimal. e performance of symmetric encryption algorithms is studied.
is article presents an assessment of the six most popular encryption algorithms: 3DES, AES (Rijndael), DES, RC2, RC6, and Blowfish [18]. Comparisons have been made for each algorithm under different settings, such as different data block sizes, various data types, battery power use, various key sizes, and final encryption/decryption speed. e investigational simulation demonstrates the following results. When the results are displayed in hexadecimal base encoding or base 64 encodings, there is no significant difference [18]. In the case of altering the packet size, it is observed that RC6 takes lesser time than other algorithms except Blowfish. In the case of changing data types (e.g., images in place of text), RC2, RC6, and Blowfish were found to be disadvantageous in terms of time consumption over other algorithms. Moreover, compared to the algorithm DES, the performance of 3DES is still very low. Lastly, in the case of altering the key size (only feasible in RC6 and AES algorithms), it can be observed that larger key sizes can cause significant changes in battery and time consumption.
To evaluate the performance of various cryptographic algorithms, we applied various cryptographic algorithms to encrypt video files. We calculated the encryption and decryption time for various video file formats (including .vob and .DAT) with the file size ranging from 1 MB to 1100 MB. e results show that the AES algorithm performs adequately with less processing time than DES but more time than Blowfish [20]. More in-depth analysis is presented in the following section.

Symmetric Cryptographic Algorithm.
Symmetric cryptography is the most widely used and most frequently used encryption algorithm today. It is used in the software industry, but it is also in the hardware industry [10, 22, 23, 25-32, 44, 45]. When various infrastructures are involved in security requirements, symmetric encryption algorithms are given priority. For most symmetric cryptographic algorithms, the encryption and decryption processes are reversed. e features are as follows: (a) Low execution time, fast encryption speed, high encryption efficiency: however, both parties use the   Table 8 presents the comparison of the various symmetric cryptographic algorithms.
For a fair comparison, a common C# language was used to test the encryption methods. We present our testing of symmetric encryptions using DES, 3DES, and AES/Blowfish in the following section.

Symmetric Cryptographic Algorithm Simulation.
To evaluate the symmetric cryptography algorithmsʼ efficiency, a simulation has been conducted on 3 separate computers. e experiments used C# running on Microsoft .NET Framework. Table 9 shows the details of the devices used in the simulation. e simulation tests the speed of encryption and decryption of the selected encryption algorithms. For each encryption and decryption, the tests will execute the same encryption using the same plaintext for 5 separate times, and the average time is compared. e key size used for each encryption algorithm is the maximum bytes the cipher can allow. To make a fair comparison, the average time required to compute the algorithm by the 3 devices is used.
A set of plaintexts are used in the simulation-passwordsized text and paragraph-sized text-which would give a fair comparison between the algorithms in real-time deep learning networks for IoT.

K86a1uZEJ
Paragraph-sized plaintext: In the tree, there was something. From the ground, it was difficult to tell but rachael could see movement. Her eyes were squinted, and peered towards the movement, trying to decipher exactly what she had spied. With the increase of her peering, she increasingly thought it might be a figment of her imagination. Anything seemed not to move until she started to take her eyes off the tree. Then, in the corner of her eye, she would find the movement once again and start staring again. Headphones were on. They had been used on intention. She could listen to her mother shouting in the background, but could not make out exactly what the shouting was about. So, she had put them on. Table 10 shows the simulation result on device 1, and Table 11 presents the simulation results on device 2, Table 12 summarizes the simulation results on device 3, and device 4 results are presented in Table 13.
e results show that the AES performs at a much faster rate in both encryption and decryption.
is was more prominent in encrypting and decrypting a larger size plaintext. Intelʼs proprietary hardware acceleration can explain AESʼs fast encryption rate for AES-AES-NI [15]. is fast encryption speed makes the encryption algorithm the

Asymmetric Cryptographic Algorithm.
e symmetric encryption algorithm utilizes the identical secret key for encryption and decryption; the asymmetric encryption algorithm needs two keys for encryption and decryption (as shown in Figure 15).
RSA is a commonly used encryption mode. e encryption principle can be briefly discussed with the instances presented in Table 14.

Simulation Result.
Simulation results are presented in Table 15.
e above simulation used password-sized plaintext as a sample for encryption and decryption. e purpose is to understand the performance of the RSA algorithm. Although RSA has been the most commonly used asymmetric encryption algorithm, it shows that RSA performs relatively slow compared to symmetric encryption algorithms. us, it should be used only when asymmetric encryption is essential in practice as it will incur extra overhead in both encryption and decryption [47].

Conclusion and Recommendations
is article studied and tested several encryption methods on independent computing devices with the C# programming language. Symmetric encryption and decryption were faster but not highly secure as the keys need to be shared between the computing devices (which render it insecure). Asymmetric encryption utilizes a pair of keys, i.e., public and private keys. us, it has higher security, yet both encryption and decryption were comparatively slower (than its symmetric counterparts). A recommended solution is to encrypt the symmetric encryption key with the asymmetric encryption public key. e receiver utilizes the private key to decrypt the symmetric encryption key. e asymmetric encryption/decryption only occurs to exchange the keys, therefore not requiring significant computing resources (suitable for IoT/IoE applications). en, the two edge devices can utilize symmetric encryption in their further communications.
e simulated results show that the Blowfish offers better performance than the rest of the commonly used encryption algorithms. Because the Blowfish has no known security weaknesses, it can be a good candidate for standard encryption algorithms. Compared to the other algorithms, AES showed poor performance because it required a heavy-duty computing process. e IoT/ IoE application will benefit primarily with Blowfish for data encryption and decryption between the edge devices from the perspective of execution time and cost.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.