Open access peer-reviewed chapter

Lightweight Cryptographic Techniques in 5G Software-Defined Internet of Things Networking

Written By

Sumita Majhi and Pinaki Mitra

Submitted: 09 January 2022 Reviewed: 01 February 2022 Published: 25 May 2022

DOI: 10.5772/intechopen.102984

From the Edited Volume

Lightweight Cryptographic Techniques and Cybersecurity Approaches

Edited by Srinivasan Ramakrishnan

Chapter metrics overview

270 Chapter Downloads

View Full Metrics


Lightweight cryptography (LWC) is an area of cryptographic techniques with low computational complexity and resource requirements. There must be a reason for using it in Internet of Things (IoT) network with a strict resource constraints environment. The key features of a 5G network are low latency, high throughput, heterogeneous network architecture, and massive connectivity. A new area of network architecture called SDN-IoT comes into the picture to control and manage IoT devices in a network with low latency and high throughput. SDN helps to reprogram the network according to the application’s requirements. Also, higher mobile applications lead to higher data growth. SDN helps to secure, manage, and control the huge data in the network. SDN-IoT architecture divides the network into three layers: The infrastructure layer, the control layer, and the service or application layer. In this chapter, we are focusing on the LWC algorithms from different perspectives so that they will fit into different layers of SDN-IoT network. We will discuss all the pros and cons of implementing LWC algorithms in hardware and software environments and also, the different layers of the SDN-IoT network. We also discuss SDN security architecture and different performance metrics for LWC algorithms.


  • lightweight cryptography
  • SDN
  • IoT
  • 5G
  • SDN-IoT security
  • architecture
  • cryptographic algorithm

1. Introduction

Software-Defined Networking (SDN) is an intelligent architecture in networking. It decouples the control and data plane which helps to improve the network performance and make it scalable, secure, and programmable. Internet of Things (IoT) network embedded with sensors nodes, RFID tags, smart cards, low resource devices which can communicate and share huge data to provide services to the clients. It is too difficult to provide security to the IoT system in heterogeneous and large networks. To combine SDN and IoT in a single architecture as SDN-IoT, it can make the infrastructure plane controllable, smart, reliable, and scalable [1]. IoT has many applications in different areas such as smart cities, smart vehicular networks, and security surveillance. To make these secure, SDN plays a huge part since it controls the whole network from its control plane. IoT devices capture and store sensitive information which is a great concern to make the network and physical devices secure from the eavesdroppers. 5G is the latest communication technology that is famous for low latency, massive connectivity, high throughput, and heterogeneous nature. By making SDN-IoT architecture in 5G, it can be flexible, dynamic and helps to improve the bad scalability due to hardware differences in heterogeneous environments. To make these happen there are many security challenges that need to be taken care of. One of the major necessities of 5G is low latency which is a real challenge with a huge growing market. Many cryptographic algorithms exist, but due to their high time and space complexity requirements, it will be a good choice to avoid these in a fast communication system like 5G. Recently, a lightweight cryptographic algorithm (LWCA) is a new area of cryptography applied in 5G [2]. These algorithms do not require much space, and the time complexity is also low which makes this technique applicable in IoT networks where limited battery life and strict physical constraints both need to be considered. Currently, many researchers tend to shift their focus from cryptographic aspects of security to lightweight security algorithms [3]. This helps the system to become less complex, provide high performance and also lower the cost. Traditional cryptographic techniques have high complexity as well as it is difficult to implement. In this chapter, we discuss different lightweight cryptographic algorithms and their applications in the SDN-5G network. There are three vulnerable areas in SDN-IoT architecture: Control Plane, Data Plane, and the Interfaces between Control and Data Plane due to their programmable nature and open access architecture.

LCAs are divided into four types: 1. Block cipher, 2. Stream cipher, 3. Hash functions, 4. Elliptic curve cryptography. Each of the techniques has its own strength and weaknesses. Based on the application’s requirements, it can be used in different layers of SDN-IoT architecture. Block ciphers are AES, DES, DESL, DESX, DESLX, Piccolo, TEA, XTEA, mCRYPTON, PRESENT, TWINE, LBlock whereas SNOW-V and Espresso are the stream cipher presented in this chapter maintaining the strict requirements of LWCA. Apart from the above-mentioned algorithms also, GRAIN works as a stream cipher and can use as one of the LWC algorithms in the SDN-IoT network. It uses very few gates with high security and less power consumption. When it comes to security perspectives, HIGHT, ICEBERG, CLEFIA are good choices. Hummingbird holds both of the properties of block and stream cipher and can implement in both hardware as well software. This flexibility of implementation and maintaining the lightweight properties can use this technique in both the infrastructure and control layers of the SDN-IoT network in 5G. SHA-1, SHA-2, SHA-3, BLAKE2 are the algorithms used as Hash function techniques. We will discuss each of them and their applications in the SDN-IoT network later in this chapter. There are some application areas of cryptography where we work with such devices that operate on battery power and need cryptographic algorithms which consume less power, such devices are medical implant devices or environment-measuring devices. Although very few works have been done in this direction and many exposures are open for future research work in this subarea of cryptography which we mention here as lightweight cryptography (LWC). Most of the LWC algorithms can resist linear and differential attacks which are the basic criteria of any general cryptographic algorithm. It is important to measure the performance of LWC algorithms before using them in any application. One of the key criteria of the LWC algorithm is low latency. For that, some of the automobile sectors which require immediate response use LWC techniques for security purposes. IoT devices that require less CPU cost and memory consumption such as smart TV, tablet PCs are the application area of LWCAs. Also, medical sensors, smart agriculture sensors, RFID tag applications, electrical home appliances, automobile industry are the different applications of LWCAs.


2. Software-defined networking architecture

Software-defined networking (SDN), a network architecture, provides an environment that enables the network traffic and connectivity provided by a set of network resources that are centrally controlled or programmed by software applications. It manages the data traffic forwarding or processing functions, such as QoS, filtering, monitoring, or tapping. Except the traditional network architecture, the SDN architecture logically decouples data and control plane which helps to control the network centrally from the control plane. This helps to improve the scalability of SDN architecture. Figure 1 illustrates the working principles of SDN. SDN architecture comprises three basic components: Data Plane, Control Plane, Application Plane.

Figure 1.

Software defined networking architecture.

2.1 Data plane

It consists of hosts and Open Flow (OF) switches. OF forwards data from source to a destination following the instructions of the Control layer. The data plane handles the data traffic forwarding and processing based on the configuration set by the control plane. It implements all the forwarding and processing decisions which have been made and commanded by the control plane. Also, the data plane needs to respond to network failure which is configured by the control plane. The controller plane interface with the data plane is called D-CPI. It executes the function which is capable of event notification.

2.2 Control plane

It controls the network resources of the data plane. Resources that are involved to forward and processing data traffic. It may comprise a set of SDN controllers based on the number of applications. The concern of control plane in case of multiple SDN controllers also to execute different applications with no overlapping with one another. To execute multiple application controllers, it has to communicate with one another. SDN controller which is a network operating system (NOS) is a logical concept. It is programmable and centrally keeps track of the global view of the network and data traffic. It dynamically configures the working strategy of the devices in the data plane.

2.3 Application plane

It consists of one or more applications that have the capability to communicate with them. The controller plane interface with the application plane is called A-CPI. Each SDN application may consist of a coordinator, SDN application logic, and A-CPI agent. An SDN application may invoke more than one SDN controller through the A-CPI interface to achieve its goal.


3. Internet of things

A heterogeneous network of smart devices that are connected and communicated for transferring a large amount of data to provide services according to client application’s requirements technically called IoT. To make the physical structures, such as buildings, transportation vehicles, transportation networks, information technology networks more smart, secure, and automated, IoT is a great solution. It can make the physical devices interact with each other. It divides the whole network into three main abstract levels, sensing layer, network layer, the application layer. Figure 2 illustrates the working principles of IoT with detailed descriptions of all layers.

Figure 2.

Internet of things architecture in 5G network.

3.1 Sensing layer

It is also called the perception layer. All the hardware integration has been done in this layer. In traditional internet, this layer is equivalent to the physical layer. It senses and collects data from physical devices. The data can be temperature, humidity, presence or absence of some observable, etc.

3.2 Network layer

It is also called the transport layer. It acts as a bridge between the sensing layer and the application layer. It transmits the data collected from the sensing layer and sends it to the application layer based on applications requirements. The network layer can be wired or wireless, sometimes both wired and wireless networks can together make an IoT network. This layer is responsible for receiving instructions from the controller.

3.3 Application layer

This is the last layer of abstraction in the IoT network. It receives data comes from the networks layer and based on this; it provides service. The applications can be a smart home, smart cities, smart vehicular network, security, and surveillance of a building.


4. Software-defined internet of things architecture

SDN architecture plays an important role for security purposes and traffic analysis. This architecture will help in SDN-IoT network for security purposes which is better than traditional internet in many different ways. As the name implies SDN working principle is based on software programming and control by the control plane. The advantages of an SDN network over the traditional network are it helps to modify the software functions based on dynamic requirements really quickly which is a great concern of traditional networks where the software functions are fixed. The inability for scaling, poor network security, and performance are the great concern in the traditional network which has been mitigated in SDN architecture.

Recently IoT is the fastest growing technology with dynamic characteristics. Traditional internet has static constraints which is the most difficult barrier to work with IoT networks. The dynamism and centralized control architecture of SDN helps IoT to be a great partner of SDN rather than of traditional internet. Also, SDN provides debugging tool which helps the IoT environment to enhance security which earlier was not possible on the traditional internet.

Figure 3 illustrates SDN with IoT architecture. This configuration divides the network into three layers, the infrastructure layer, control layer, and service layer or application layer.

Figure 3.

Software-defined internet of things architecture.

The infrastructure layer is divided into two sublayers sensing layer and the communication layer. The sensing layer consists of different smart IoT devices and the communication layer consists of different data forwarding devices. The IoT devices help to create different IoT applications. These IoT devices collect a large volume of data from the physical plane. In comparison to SDN architecture, the infrastructure layer is equivalent to the data layer. The infrastructure layer consists of Open Flow (OF) switches which work exactly the same as what OF works in SDN architecture.

The next layer in SDN-IoT architecture is called the control layer which contains an SDN controller or a number of controllers. This layer is responsible for global controlling and monitoring communications between the infrastructure layer and the application layer. Multiple controllers can help in this regard if anyone fails since controllers are communicating with one another. This type of configuration called the multi-controller master–slave deployment model, where one controller act as a master controller and others are act as slaves waiting for the instructions of the master controller if any one of the slave controllers fails to follow the instructions of the master controller. There are more than 30 controllers available up to now where some of them are open source and others are proprietary with their own programming languages and interfaces.

The application layer is responsible for different IoT services, such as smart home and smart city. This is also called the service layer in standard SDN-IoT architecture. The control layer communicates using the D-CPI interface to get required data from the sensing layer and using the A-CPI interface communicates with the application or service layer.


5. SDN security architecture

The difference between a traditional network and SDN is it decouples the control and data plane which divides the network into a set of components and interfaces. This unique feature of SDN makes it different from the traditional network also makes it vulnerable in terms of security. The controller plane is the central part of SDN, an attack in the controller plane may collapse the whole network. There are a few vulnerable areas that SDN encounters due to its centralized control and open programmable interfaces. The attacks can target to different areas of SDN described below:

Centralized Control: The policies defined by the application layer are followed by the control layer where the failure of the controller eventually leads to failure of the application program which may, in turn, fail the overall system.

Open programmable interfaces: There are three basic programmable interfaces that make SDN programmable in comparison to the traditional network.

  1. Between Application Layer and Control Layer: The application plane submits policies to the control plane. Any malicious action while submitting the policy may fail the original application program to execute. REST API is used which is a set of architectural constraints, not a protocol or standard, where it uses JSON, HTML, XLT, Python, or plain text. Since it is not a protocol like SOAP (Simple Object Access Protocol), rather a set of guidelines that can be implemented as per requirement, it takes less time to execute and is lightweight which is best for IoT networks.

  2. Between Control Layer and Infrastructure Layer: Control layer submits the forwarding instruction to the infrastructure layer of network devices according to the application’s requirement. Open Flow is a communication protocol used in this regard that is programmable and has centralized control.

  3. Between Different Controllers in the Control Layer: Different controllers in the SDN-IoT structures may have been assigned for different tasks in the network. These are interconnected and dependent on each other. Failure of one controller invites failure not only for that particular task but also for the other task depending on the output of the task.


6. Lightweight cryptography

To measure the performance of lightweight algorithms, there are some performance metrics are described below.

  1. Hardware area: This is the total area consumption to implement the code in hardware and is measured by gate equivalence (GE). In CMOS technology, the number of two-input NAND gate constitutes the total area referred to as GE and the unit used 𝜇m2.

  2. Throughput: This signifies the speed of an encryption or decryption operation that takes at a particular frequency and the unit used is Kbps. For a 5G network, the uplink and downlink speed is 10Gbps and 20Gbps, respectively. All of the encryption algorithms described below almost meet the criteria of 5G. The hardware and software implementation speed must be different for lightweight encryption algorithms. Some of the algorithms are generic to implement in both the hardware and software architecture but some of them strictly follow either hardware or software architecture. Based on their implementation strategy they can use different layers of the SDN-IoT network. One of the examples SIMECK 64/128 algorithm can implement in hardware and provide good GE and throughput value for using it in low-memory IoT devices, for that, it is suitable to use in the infrastructure layer of SDN-IoT network. On the other hand, the LED algorithm gives great throughput while implementing in a software environment as well as good security aspects which leads to the use of the algorithm in the cloud environment of the control layer. Throughput can be increased by using different signal processing methods, such as pipelining or parallel computations.

  3. Security: The security level is defined by the key lengths in bits. The designer of the algorithm defined the security level based on the known attacks which have been applied to the algorithm and observed the behavior such as whether the algorithm can resist the attack or not.

  4. Latency: Latency is defined as the total time required to complete a task. Here the number of clock cycles required for encryption of a single block message is defined as N. So, the latency is defined by:

    Latency = N ∗ CriticalPathoftheCircuit

  5. Power and energy consumption: Power consumption is dependent on the operating frequency, critical path, and so on the execution time. The unit used to define power consumption is 𝜇W. For hardware implementation power calculation is done by using GE and operating frequency. Energy consumption per bit can be calculated as and the unit used is 𝜇J:

    Energy = Latency ∗ Power/blocksize.

    RAM/ROM memory: Total RAM or ROM memory required in bytes to execute the algorithm.

  6. Efficiency: This is a trade-off between the performance of the algorithm and the cost to implement it. For hardware implementation, the efficiency can be calculated as:

    Efficiency = Throughput/Complexity.

Complexity in terms of chip area is defined by GE and so the unit used to define complexity is KGE. For a software implementation, the efficiency can be calculated as:

Efficiency = Throughput/Codesize.

In this case, code size is defined in KB.


7. Lightweight cryptographic techniques in SDN-IoT for 5G network

The major constraint of IoT devices is it has limited resources in terms of processing power, storage and memory. This must be a primary reason when lightweight cryptographic (LWC) techniques came into the picture. This technique works in tight memory and resource constraints environments and has low computational complexity. Resources can be the size of the chip, cost of the IoT device, total speed, and power consumption. The size of the chip used in smart IoT devices must be small, so the encryption algorithm code size should be small enough to fit into these chips. The overall cost of the IoT devices should not increase much after using an encryption algorithm. The programming languages used to code the algorithm should be energy efficient, require less run time and memory [4]. LWC techniques are used for extremely low resource constraints devices which are communicating in IoT networks. LWC is one of the subbranch of cryptographic techniques. The battery technology is increasing relatively slowly and most of the encryption algorithm takes huge energy, so there is a trade-off between energy consumption and security.

5G mobile communication architecture is divided into three sections [2]—radio access network (RAN), core network, and application network. RAN in the infrastructure layer of the SDN-IoT network connects devices with one another to the control layer. In comparison with the hardware architecture, using software architecture reduces the equipment, development cost and improves flexibility. RAN can be modified to C-RAN which is a cloud/centralized RAN that works using software programming in 5G network. The security operations then moved to the cloud and implemented using software programs. This makes the cryptographic designer focuses more on the security aspects of the algorithm than the hardware efficiency which measures in GE. In this context, AES-256 is a great solution against quantum computing. There are a few algorithms discussed below, such as AES-256, SNOW-V, DES, Piccolo, Hash Algorithm, Espresso, which are potential for 5G security perspectives in the software platform. It is recommended to use in the cloud environment and is suitable for SDN-IoT architecture.

The security concern of SDN-IoT architecture comes into three layers as mentioned above. The first layer is an infrastructure layer, in IoT architecture, the infrastructure layer is equivalent to the sensing layer and in comparison to SDN architecture, this layer is equivalent to the data layer. All the LWC algorithms suitable for strict memory constraint IoT devices are used in this plane. The second layer is the control layer, which controls the overall system’s architecture and the third layer is the service layer or application layer. Below we discuss all three layers and the potential LWC algorithms for each layer.

7.1 Control layer/infrastructure layer

SDN-IoT control layer is responsible for controlling the whole structure and traffic monitoring in a centralized manner, for that any malicious action can be detected from the control plane easily and for immediately taking an action. Multiple controllers connected by east/westbound interfaces with one another to maintain the connection. These interfaces are suffered from a lack of security support protocols and are easily vulnerable by the attacker. Identity-based cryptography (IBC) and elliptic curve cryptography (ECC) [5] are the two security solutions for this problem. Other cryptographic algorithms used in the control layer are Hash algorithms [6], AES [7], PRESENT [8], DES [9], etc.

  1. Elliptic Curve Cryptography (ECC): ECC belongs to the category of LWC techniques. The key size has a significant role in cryptographic algorithms. The more the key size, the hard the algorithm to break. ECC which is based on a public-key cryptographic approach provides the same level of security as Rivest-Shamir-Adleman (RSA) algorithm but with a smaller key size. ECC with the 521-bit length of key provides the same level of security as Conventional RSA with a 15,360-bit length which implies ECC uses less memory than Conventional RSA signifies a great impact of mobile optimization. The key creation also takes less time in ECC which uses an elliptic curve to generate faster and smaller keys than the Conventional RSA algorithm which uses large prime numbers. To break the 228-bit ECC key, it would take more energy than the total energy required to boil all the water on the earth. This technique is called the next generation of cryptography since this is not a widely accepted method in the cryptographic system yet. It uses a complex mathematical algorithm to protect data which is a game-changer in the near future of cryptography. ECC is an asymmetric algorithm like RSA.

  2. Hash Algorithms: Hash technique is considered a lightweight one-way authentication technique for generating a digital signature. SHA-1 and SHA-2 both are used in the control plane of SDN-IoT architecture of 5G network. The SHA-2 uses 256-bit digest whereas SHA-1 uses 160-bit digest confirms SHA-2 is more difficult to break than SHA-1 was the reason SHA-1 has not been used since 2010. The most recently developed Hash algorithm is SHA-3 which can be a future concept of SDN-IoT security architecture. All the hash algorithms from the SHA family standardize by the National Institute of Standard and Technology (NIST). The total number of iterations taken by SHA algorithms is 80 which leads to a power-hungry situation. This in terns leads to a requirement of using the BLAKE2 hashing algorithm which uses eight rounds to generate a message digest of 256-bit. Also, the time and space requirement of the BLAKE2 algorithm is much better than SHA in digital signature-based authentication schemes. All the security threats can handle by SHA-2 algorithms up to today. SHA-3 will be used in the near future if any such situations are beyond the capability of SHA-2.

  3. AES-256 [7]: It is a block cipher algorithm with a 128-bit data block and 256-bit key length used for encryption purposes in the control layer. The key length is variable; therefore, 128-bit key length requires 10 rounds, 192-bit key requires 12 rounds, 256-bit key requires 14 rounds. The throughput achieves for plaintext size 256 bytes is 22.67Gbps which is more than the targeted downlink speed requirement of 5G, which is 20Gbps. An AES implementation for RFID tag takes 3600 GE which is far beyond the minimum criteria of IoT nodes which is 2000 GE. This is one of the reason; AES-256 is used in cloud or software environments rather than hardware constraint environments such as the infrastructure layer of the SDN-IoT network. The control layer uses cloud and virtualization technologies to virtualize and centralize the function where securing the system using AES, DES, or other highly secure algorithms are recommended. Here security is more important than hardware cost. One of the famous lightweight IoT app “Flutter” includes AES-256 for encryption purposes.

  4. SNOW-V: A 256-bit key length stream cipher can implement both in hardware as well software as SNOW-V [10]. Here V stands for virtualization. This algorithm takes the design and security techniques from SNOW 3G techniques. In this cryptographic technique, the throughput achieves for 256 bytes of plaintext is 26.37 Gbps. In comparison with SNOW 3G where the throughput achieves for 256 bytes of plaintext is 5.38 Gbps does not meet the minimum criteria of 5G network. So, there is a need to revise SNOW 3G to SNOW-V to meet 5G requirements. Both of the technique works with a key length of 256-bit. In a hardware implementation, it may require a large portion which may reach up to 19,179 GE. It is recommended to use this technique in a software environment and may not use for hardware constraint IoT devices.

  5. DES: The main difference between AES and DES [9] is DES has a key size lesser than AES. This block cipher uses 56-bit keys with 64-bit blocks. Reducing the key size also reduces the hardware requirements of this algorithm while implementing it in a hardware environment. A smaller key size will lead to a lower security level. There are two variants of DES: DESL and DESX. Hardware implementation costs for DES and DESX are 2309GE and 2629GE. DESX uses the key-whitening technique to improve security performance. Another variation of the DES algorithm is DESXL which is the combination of DESL and DESX with GE 2169. On the other hand, DESL uses 1848 GE which is fairly a great deal for using it in hardware constraint devices such as RFID tags. DESL optionally uses the key-whitening method and avoid brute-force attack also reduces gate complexity by using serial hardware architecture and replacing 8 S-Boxes with a single box. This algorithm also improves the resistance against linear cryptanalysis and differential cryptanalysis attacks. One of the variants of DES is 3DES also used in the control layer for encryption purposes.

  6. Piccolo [11]: It is a 64-bit block cipher supporting 80-bit and 128-bit keys. From a security perspective as well as compact design aspects, this lightweight encryption technique can handle both. Both encryption and decryption take 818GE. This algorithm is not only famous for its minimal GE requirement but provides strong security against many attacks, such as Differential Attack, Linear Attack, Boomerang-Type Attacks, Impossible Differential Attack, Related-Key Differential Attacks, Meet-in-the-Middle Attack. This algorithm is suitable in a cloud environment which confirms to use it in the control layer of the SDN-IoT network. Due to its small memory requirements, it can also use in the infrastructure layer.

  7. Espresso: This is a stream cipher that combines both of the primary constraints of 5G and IoT network which is hardware area requirements and throughput and provides a solution as an encryption technique. This technique is called the best trade-off between GE measure and throughput while security standards are also maintained. The hardware implementation requires 2045GE with 8.88Gbps throughput and 59 ns latency which meet most of the 5G requirements [12].

7.2 Infrastructure layer

The SDN-IoT infrastructure layer is integrated with constrained devices that require security algorithms that take less area to execute. Apart from timing, power, and energy [13] constraints, the area is another primary constraint of IoT devices. One of the metrics to measure the efficiency of the algorithm in terms of hardware area is gate equivalence. It is noted that GE less than 2000 is recommended for IoT devices in 5G network since they have very strict hardware and timing constraints, such as RFID tags, sensor nodes, smart and cards. All the encryption algorithms described here mostly have less than 2000 GE and are very efficient in terms of power consumption and timing.

  1. TEA: TEA [14] is a lightweight cryptographic block cipher algorithm that is the fastest and is famous for its simple implementation. This algorithm is implemented in software with very few lines of code that can be implemented in any programming language is the main reason for its high-speed nature. This approach is resistant to differential attacks which is one of the major problems for IoT devices. XTEA and XXTEA are the two variants of TEA that are more efficient in terms of security and implementation. TEA follows the architecture of IDEA, a symmetric key block cipher that brings the gap between AES and DES. TEA uses 64-bit blocks and 128-bit keys. XXTEA which is the modified variant of block TEA, another variant of TEA works on variable-length blocks.

  2. mCRYPTON: Another block cipher for resource constraint tiny devices, such as low-cost RFID tags and sensors is Miniature CRYPTON (mCRYPTON) [15]. mCRYPTON follows the architecture of CRYPTON, a 64-bit block cipher with key size options 64, 96, and 128-bits. mCRYPTON provides an economic hardware cost of 2400 GE for encryption under 0.13 m CMOS technology. This hardware cost is affordable for RFID tags and sensor nodes. For further size reduction of 30% requires compact implementation of each component in both hardware and software.

  3. PRESENT: PRESENT is another cryptographic technique known to be ultra-lightweight block cipher. In the case of PRESENT, it uses 1570 GE which is considered to be one of the lowest areas consumed while evaluating code for the algorithm. It is designed to be implemented in hardware and it is very difficult to implement it in software for the use of bitwise permutation.

  4. HIGHT: HIGHT [16] is another lightweight algorithm for low resource IoT devices that require 3000 GE. In comparison with AES which requires 3400 GE, this algorithm takes less time to execute with a block length of 64-bit and a key length of 128-bit. Although the GE requirement of HIGH is much higher than other lightweight algorithms but the security aspects confirm this algorithm to use for IoT devices.

  5. TWINE: TWINE [17] is another approach for lightweight cryptography with 1800 GE. It can be implemented in hardware as well as software signifies a good balance for hardware and software. TWINE is a 64-bit block cipher that supports the key value of 80-bit and 128-bit.

  6. LBlock: LBlock [18] is a lightweight block cipher of block size 64-bit and the key size is 80-bit. The area efficiency of this algorithm is 1320 GE on 0.18 m technology with a throughput of 200 Kbps at 100 KHz and the software implementation on an 8-bit microcontroller requires 3955 clock cycles to encrypt a plaintext block.

7.3 Service layer or application layer

The application layer is responsible for different IoT services, such as smart home, smart city, etc. This is also called the service layer in standard SDN-IoT architecture. Different protocols work on the application layer of the IoT network. Message Queuing Telemetry Transport (MQTT) is one of the protocols used in the application layer which enhances machine-to-machine communication between client and server. The challenge of the MQTT protocol in 5G is to work with constraint IoT devices. The security improvement of the MQTT protocol is called Secure MQTT (SMQTT). The new version improves the security perspective of MQTT. For this purpose, there are many lightweight security algorithms are used, such as AES and RSA. Arduino is an open-source IoT development tool that uses the RSA algorithm. Diffie-Hellman (DH) and Elliptic Curve Cryptography (ECC) can be an alternative solution to the RSA algorithm. ECC is the most efficient public-key encryption technique in terms of power consumption for resource constraints IoT devices in comparison with other encryption techniques, such as RSA, Diffie-Hellman, and Digital Signature Algorithm (DSA). In ECC, it uses less key size and provides higher security. It is also a low latency algorithm that can be implemented in hardware as well as software environment leads to use this in infrastructure layer as well as cloud security environment. This technique also supports the minimum requirements of 5G security in terms of key value which must be at least 256-bit. We present the comparison of different LWCA in terms of GE, block length, and key length in Table 1.

SDN-IoT different layersLWCAHardware area (GE)Key length (bit)Block length (bit)
Infrastructure layerTEA [14]210012864
mCRYPTON [15]240064/96/12864
PRESENT [8]157080/12864
HIGHT [16]300012864
TWINE [17]180080/12864
LBlock [18]13208064
Control layer and Infrastructure layerAES-256 [7]3600128/192/256128
SNOW-V [10]19,179256
DES [9]23095664
Piccolo [11]81880/12864
Espresso [12]2045128
Service LayerAES [7]3600128/192/256128

Table 1.

Comparison of different LWCA for different layers of SDN-IoT network in 5G.

Experimental Study:

All the LWC algorithms presented in this chapter can implement in software/hardware/both environments. We are here to present a code snippet of the TEA algorithm using c language with a few lines of code. Here we present the algorithm for implementation purposes. The algorithm uses 32 rounds, although 16 rounds are sufficient. The term “delta” indicates here golden ratio serves for encryption/decryption purposes to get different values in each round.


  1. Initialize:

    1. int. round = 0;

    2. unsigned long delta = 0x9e3779b9, a = 0, data[], key[], p, q;

  2. p = data[0], q = data[1];

  3. While (round <32)

    1. a = a + delta;

    2. p + = ((q < <4) + key[0])^(q + a)^((q> > 5) + key[1]);

    3. q + = ((p < <4) + key[2])^(p + a)^((p> > 5) + key[3]);

    4. round ++;

  4. data[0] = p, data[1] = q;


  1. Initialize:

    1. int. round = 32;

    2. unsigned long delta = 0x9e3779b9, data[], key[], p, q, a;

  2. p = data[0], q = data[1], a = (delta<<5);

  3. While (round >0)

    1. q + = ((p < <4) + key[2])^(p + a)^((p> > 5) + key[3]);

    2. p + = ((q < <4) + key[0])^(q + a)^((q> > 5) + key[1]);

    3. a = a - delta;

    4. round --;

  4. data[0] = p, data[1] = q;


8. Conclusions

In the above, we describe different lightweight cryptographic algorithms that are used in different layers of the SDN-IoT network depending on the feature of the algorithm. We mainly focus on all the algorithms that satisfy the minimum requirements of 5G and IoT nodes in terms of throughput, power consumption, and hardware area requirement. There are many algorithms considered as lightweight encryption techniques based on different criteria, such as GE measure, code size, RAM/ROM, used. We here only focus on those encryption algorithms that satisfy the criteria of 5G network that is throughput value must be fair enough to support the minimum requirement of uplink and downlink speed and GE must be small enough for IoT nodes. Apart from throughput and GE constraints, there are other aspects that we have considered, such as implementation aspects of the algorithm, best suited in hardware or software environments. There is always a trade-off among different performance metrics of LWC algorithms. Depending on the requirements of the SDN-IoT network layer, the algorithms are set for a particular layer.



LWCLightweight Cryptography
IoTInternet of Things
SDNSoftware-defined Networking
LWCALightweight Cryptographic Algorithm
OFOpen Flow
NOSNetwork Operating System
A-CPIApplication and Controller Plane Interface
D-CPIData and controller Plane Interface
SDN-IoTSoftware-defined Internet of Things
SOAPSimple Object Access Protocol
REST APIRepresentational State Transfer Application Programming Interface
GEGate Equivalence
RANRadio Access Network
C-RANCloud/Centralized RAN
IBCIdentity Based Cryptography
ECCElliptic Curve Cryptography
NISTNational Institute of Standard and Technology
AESAdvanced Encryption Standard
DESData Encryption Standard
SHASecure Hash Algorithm
RFIDRadio Frequency Identification
TEATiny Encryption Algorithm
IDEAInternational Data Encryption Algorithm
MQTTMessage Queuing Telemetry Transport
DSADigital Signature Algorithm


  1. 1. Kanagavelu R, Aung KM. A survey on sdn based security in internet of things. In: Future of Information and Communication Conference. Cham: Springer; 2018. pp. 563-577
  2. 2. Yang J, Johansson T. An overview of cryptographic primitives for possible use in 5G and beyond. Science China Information Sciences. 2020;63(12):1-22
  3. 3. Biryukov A, Perrin LP. State of the art in lightweight symmetric cryptography. Cryptology ePrint Archive. 2017
  4. 4. Pereira R, Couto M, Ribeiro F, Rua R, Cunha J, Fernandes JP, et al. Energy efficiency across programming languages: How do energy, time, and memory relate?. ln: Proceedings of the 10th ACM SIGPLAN International Conference on Software Language Engineering. 23 Oct 2017. pp. 256-267
  5. 5. Shruti P, Chandraleka R. Elliptic curve cryptography security in the context of internet of things. International Journal of Scientific and Engineering Research. 2017;8(5):90-94
  6. 6. Rao V, Prema KV. Comparative study of lightweight hashing functions for resource constrained devices of IoT. In: 2019 4th International Conference on Computational Systems and Information Technology for Sustainable Solution (CSITSS). Vol. 4. IEEE; 2019. pp. 1-5
  7. 7. James M, Kumar DS. An implementation of modified lightweight advanced encryption standard in FPGA. Procedia Technology. (Elsevier). 1 Jan 2016;25:582-589
  8. 8. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJ, et al. PRESENT: An ultra-lightweight block cipher. In: International Workshop on Cryptographic Hardware and Embedded Systems, 10. Berlin, Heidelberg: Springer; 2007. pp. 450-466
  9. 9. Leander G, Paar C, Poschmann A, Schramm K. New lightweight DES variants. In: International Workshop on Fast Software Encryption, 26. Berlin, Heidelberg: Springer; 2007. pp. 196-210
  10. 10. Ekdahl P, Johansson T, Maximov A, Yang J. A new SNOW stream cipher called SNOW-V. Cryptology ePrint Archive. 2018
  11. 11. Shibutani K, Isobe T, Hiwatari H, Mitsuda A, Akishita T, Shirai T. Piccolo: An ultra-lightweight blockcipher. In: International Workshop on Cryptographic Hardware and Embedded Systems, 28. Berlin, Heidelberg: Springer; 2011. pp. 342-357
  12. 12. Dubrova E, Hell M. Espresso: A stream cipher for 5G wireless communication systems. Cryptography and Communications. (Springer). 2017;9(2):273-289
  13. 13. Mohd BJ, Hayajneh T. Lightweight block ciphers for IoT: Energy optimization and survivability techniques. IEEE Access. 2018 Jun;18(6):35966-35978
  14. 14. Williams D. The tiny encryption algorithm (tea). Network Security. 2008 Apr;26:1-4
  15. 15. Lim CH, Korkishko T. mCrypton–a lightweight block cipher for security of low-cost RFID tags and sensors. In: International Workshop on Information Security Applications, 22. Berlin, Heidelberg: Springer; 2005. pp. 243-258
  16. 16. Hong D, Sung J, Hong S, Lim J, Lee S, Koo BS, et al. HIGHT: A new block cipher suitable for low-resource device. In: International Workshop on Cryptographic Hardware and Embedded Systems, 10. Berlin, Heidelberg: Springer; 2006. pp. 46-59
  17. 17. Suzaki T, Minematsu K, Morioka S, Kobayashi E. Twine: A lightweight, versatile block cipher. In: ECRYPT Workshop on Lightweight Cryptography. 28 Nov 2011;2011
  18. 18. Wu W, Zhang L. LBlock: A lightweight block cipher. In: International Conference on Applied Cryptography and Network Security, 7. Berlin, Heidelberg: Springer; 2011. pp. 327-344

Written By

Sumita Majhi and Pinaki Mitra

Submitted: 09 January 2022 Reviewed: 01 February 2022 Published: 25 May 2022