Securing Internet-of-Things

  • Guang GongEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11358)


In this survey, we first present some vulnerabilities and attacks on IoT systems, and classification of IoT devices, we then show the evolution of the development of lightweight cryptography for securing IoT, the metrics for the design of lightweight cryptography, and the applications in privacy preserving authentication protocols. We use examples including the development of Simon, Simeck, and sLiSCP/sLiSCP-Light lightweight ciphers to demonstrate those approaches.


Internet-of-Things (IoT) Security and privacy Lightweight cryptography 


  1. 1.
    Zigbee smart energy profile specification (sep) 1.2, revision 4. ZigBee Alliance, December 2014Google Scholar
  2. 2.
    CPS PWG draft cyber-physical systems (CPS) framework. National Institute of Standards and Technology (NIST), September 2015.
  3. 3.
    EPC radio frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860mhz-960mhz version 2. EPCglobal Inc., Specification documents, April 2015.
  4. 4.
    5G-PPP: Deliverable d2.7 security architecture (final) - 5G-Ensure, August 2018.
  5. 5.
    AlTawy, R., Gong, G.: \(Mesh\): a supply chain solution with locally private transactions. In: Privacy Enhancing Technologies, pending revisions (2018)Google Scholar
  6. 6.
    AlTawy, R., Rohit, R., He, M., Mandal, K., Yang, G., Gong, G.: sLiSCP-light: towards lighter sponge-specific cryptographic permutations. ACM Trans. Embed. Comput. Syst. 17, 1–26 (2018)CrossRefGoogle Scholar
  7. 7.
    AlTawy, R., Rohit, R., He, M., Mandal, K., Yang, G., Gong, G.: Towards a cryptographic minimal design: the sLiSCP family of permutations. IEEE Trans. Comput. 67, 1341–1358 (2018)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). Scholar
  9. 9.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013).
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Permutation-based encryption, authentication and authenticated encryption. In: DIAC (2012)Google Scholar
  11. 11.
    Bogdanov, A., Shibutani, K.: Generalized feistel networks revisited. Des. Codes Crypt. 66(1), 75–97 (2013)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Chai, Q., Gong, G.: BUPLE: securing passive RFID communication through physical layer enhancements. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 127–146. Springer, Heidelberg (2012). Scholar
  13. 13.
    Chen, L.: Lightweight cryptography standards developed in ISO/IEC SC27 (2016).
  14. 14.
    Columbus, L.: A roundup of 2018 enterprise Internet of Things forecasts and market estimates (2018)Google Scholar
  15. 15.
    Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In: Sion, R., et al. (eds.) FC 2010. LNCS, vol. 6054, pp. 3–18. Springer, Heidelberg (2010). Scholar
  16. 16.
    Fan, X., Gong, G.: Securing NFC with elliptic curve cryptography - challenges and solutions. In: RFIDSec Asia 2013, vol. 11, pp. 97–106 (2013)Google Scholar
  17. 17.
    Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). Scholar
  18. 18.
    Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24, 381–394 (2006)CrossRefGoogle Scholar
  19. 19.
    Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). Scholar
  20. 20.
    Knežević, M., Nikov, V., Rombouts, P.: Low-latency encryption – is “Lightweight = Light + Wait”? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 426–446. Springer, Heidelberg (2012). Scholar
  21. 21.
    de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008). Scholar
  22. 22.
    Krebs, B.: Hacked cameras, DVRs powered todays massive internet outage, October 2016.
  23. 23.
    Li, Z., Gong, G., Qin, Z.: Secure and efficient LCMQ entity authentication protocol. IEEE Trans. Inf. Theory 59(6), 4042–4054 (2013)MathSciNetCrossRefGoogle Scholar
  24. 24.
    McKay, K., Bassham, L., Sönmez Turan, M., Mouha, N.: Report on lightweight cryptography (NISTIR8114) (2017).
  25. 25.
    Nyberg, K.: Generalized Feistel networks. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996). Scholar
  26. 26.
    Perera, C., Liu, C., Jayawardena, S.: The emerging Internet of Things marketplace from an industrial perspective: a survey. IEEE Trans. Emerg. Top. Comput. 3, 585–598 (2005)CrossRefGoogle Scholar
  27. 27.
    Ronen, E., Shamir, A., Weingarten, A., O’Flynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 195–212, May 2017Google Scholar
  28. 28.
    Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: CCS 2017, October 2017Google Scholar
  29. 29.
    Wu, T., Gong, G.: The weakness of integrity protection for LTE. In: Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2013), Budapest, 17–19 April 2013, pp. 79–88 (2013)Google Scholar
  30. 30.
    Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations