A Survey of Lightweight Image Encryption for IoT

1. Introduction

In the field of cutting-edge remote media communication, the Internet of Things (IoT) is quickly establishing itself as a new paradigm. In the Internet of Things, people, data, processes, and things are connected to make network connections that are more relevant and useful than ever before. With the rapid advancement of IoT, it is exposed to numerous risks and challenges, such as handling huge amounts of data, processing energy efficiently, responding to security threats, and encrypting/decrypting huge amounts of data. The concept refers to a system of interlinked computing items, such as RFID tags, sensors, actuators, and cell phones; digital machines; and people, allowing the sharing of data over a network without the need for human-to-human interactions. In an IoT world, massive amounts of raw data will be continuously collected, requiring real-time sensor data streams as well as techniques for converting this raw data into useful information. Furthermore, data privacy and security will be a serious concern. A cryptographic algorithm designed for a device with incredibly low resources will have different design criteria than one commonly used. Modern cryptography has evolved from this very specific area into lightweight cryptography. The low energy requirement of these algorithms makes them resistant to physical attacks.

The storage space requirements of multimedia applications are more challenging due to the size of multimedia data, the need for real-time processing, transmission delay, and security protection. Many new applications have emerged in the Internet of Things (IoT) and cloud computing fields, where multiple devices and servers perform thousands of operations at the same time. Multimedia applications require real-time processing, resulting in a critical role for encryption and decryption speed. A variety of technological fields, including smart cities and homes, have benefited from the Internet of Multimedia Things (IoMT). Most multimedia contents require large storage discs to be uploaded and streamed to different devices. As a result, video data or media content can be thoroughly analyzed if an issue occurs. IoT devices are low-powered and small in size, so they have been needed a cloud platform or third-party storage device to store, operate, and process information collected.

A majority of encryption is related to encrypting and decrypting text messages or documents, but images are also a prime bearer of crucial information, therefore, they have been needed to be encrypted. The encryption process involves modifying the pixels of an image so they had no longer representative of the original image. Once the receiver receives the encrypted image, it must be decrypted to reconstruct the image. Having encrypted images ensures that even if an interceptor gets access to a picture during transmission they had incomprehensible to them. Another practical use of encrypted images is for the security of biometric data. Fingerprint and retina scans involving biometric identification have become increasingly common, so these data must be securely shared and stored. When data is encrypted, it can be unintelligible to the intruder even if it is accessed maliciously.

IoT security has been emphasized by many organizations and research agencies. Open Web Application Security Project has identified privacy issues, inadequate authentication/authorization, lack of transport encryption, and poor physical layer security as the main causes of cyber-attacks on IoT. Identifying a device, validating its identity, authorizing it, establishing keys and managing them, as well as establishing trust and reputation are the five features in IoT security. Cryptographic primitives can help accomplish all of these objectives, including authentication, access control, non-repudiation, confidentiality, integrity, and availability. Figure 1 shows the Thrust area in IoT security.

This chapter is organized in the following manner: in Section 2, I have presented a literature review. In Section 3, I have discussed the Advanced Encryption Standard (AES) and have described its detailed architecture framework. Section 4 presents the compared the current algorithms and approaches. Section 5 presents the results and discussion, while I have discussed the conclusions and provided further suggestions.

2. Literature review

Several systems and approaches have been proposed to address the challenges and restrictions involved with the encrypted transmission of big multimedia data. Moreover, the security of multimedia data needs to be researched further. This section presents studies that have been previously conducted in different categories.

In their study, Shadi Aljawarneh, Muneer Bani Yassein & We’am Adel Talafha [2], the encryption of big multimedia data, developed and designed a multithreaded encryption algorithm system. An advanced encryption standard (AES), genetic algorithms, and the Feistel Encryption Scheme (FEES) are used in this system. The system was evaluated concerning computational run time and throughput for the encryption and decryption process to analyze the performance of the system on actual medical data and benchmarked against the RC6, MARS, 3-DES, DES, and Blowfish algorithms. They have been also implemented the encryption system with a multithreaded programming approach to improve efficiency and performance. Finally, they have been tested their system against the sequential version to evaluate its resource efficiency. Comparing our system to other available encryption algorithms, their results showed that our system took the least amount of time to run and delivered a higher throughput. Furthermore, they have been also able to achieve a 75% improvement in computation run time and a 4-fold increase in throughput versus their sequentially structured version. Based on the security objectives, our algorithm performed better than existing algorithms in achieving the Avalanche Effect, and they could therefore include it in any encryption/decryption process of large, plain, multimedia data.

Haidar Raad Shakir [3], a new method that combines the Haar wavelet transformation with the Advanced Encryption Standard (AES), as well as pixel shuffling based on chaotic logistic maps. This method calculates the Haar wavelet transform from the original image and uses the fields of the approximation coefficient (LL) and detail confidences (LH, HL, and HH) to derive the different frequency domains of the image. Using the AES algorithm, the approximation part (LL) is encrypted, and the Haar wavelet transformation inverse is then applied. In addition to the chaotic logistic map, a shuffled image is used to impede malicious image reconstruction attempts to strengthen the encryption. Several representative methods from the literature were examined and compared to the method. According to the test results, it achieved better levels of encryption and less image degradation across a variety of images.

Yong Zhang [4], designed a C program that uses AES in cipher block chaining mode for image encryption. He presented an image cryptosystem that is compared with existing chaos-based image cryptosystems based on encryption/ decryption speed and security performance. In simulations, AES is shown to apply to image encryption, which argues against the commonly held perception that AES is not suited to image encryption. As a result of this paper, He recommends using AES-based image encryption as a benchmark for the speed of image encryption algorithms. And all other encryption algorithms whose speeds are lower should be discarded in practical communications.

Yong Zhang, Xueqian Li, Wengang Hou [5], According to their study, AES cannot cryptograph images in CBC mode. However, AES in CBC mode could be used to encrypt images. AES can be used to encrypt an image and generate an initial vector (IV). AES is secured by far, so the tested image cryptosystem is secure. Simulation results indicate the AES-based image cryptosystem is faster than some chaotic systems-based image cryptosystems. The tested system can thus be used as a reference for comparing other newly offered image cryptosystems. Cryptosystems for images that perform encryption and decryption slower than AES in the same computer need to be enhanced.

Sohel Rana. Saddam Hossain, Hasan Imam Shoun, Dr. Mohammod Abul Kashem [6], propose a lightweight cryptographic algorithm with 16.73% lower power usage than the existing cipher. Modern electronics and the internet will enable resource-constrained devices to become daily necessities for everyone, so data security will be an important consideration. Those devices will be communicating with one another incessantly, so information must be protected at all times. The implementation shows promising performance making the algorithm an ideal candidate for resource-constrained devices.

Charanjit Lal Chowdhary, Pushpam Virenbhai Patel, Krupal Jaysukhbhai Kathrotia, Muhammad Attique, Kumaresan Perumal, and Muhammad Fazal Ijaz [7], an analysis to decrypt and encrypt images using hybridization of Elliptic Curve Cryptography (ECC) and Hill Cipher (HC), ECC and AES (Advanced Encryption Standard), and ElGamal and Double Playfair Cipher (DPC). The measurements used in this analysis are (i) encode and decrypt times, (ii) entropy of the encrypted image, (iii) intensity loss of the decrypted image, (iv) Peak Signal to Noise Ratio (PSNR), (v) Number of Pixel Change Rate (NPCR), and (vi)Unified Average Changing Intensity (UACI). ECC and ElGamal cryptosystems offer asymmetric key cryptography, while HC, AES, and DPC provide symmetric key cryptography. Hybrid processes combine the speed and ease of implementation of symmetric algorithms with the security of asymmetric algorithms. According to the metric measurement with test cases, ECC and HC have a good overall solution for image encryption with smaller image sizes when using AES with ECC.

Bing Ji, LLijunWang an, d Qinghua Yang [8], an improved AES-ECC hybrid encryption system that has good flexibility and versatility and optimized ECC multiplication unit design according to the characteristics of wireless sensor networks. It was capable of generating and authenticating digital signatures at a faster rate. It also fully met wireless sensor networks’ reliability, processing power, and power consumption requirements. AES encryption module is currently undergoing high-performance enhancements (increase throughput, decrease logic unit occupancy) and optimizations of ECC cryptographic module random point multiplications are currently being implemented. There are three properties of the scheme: (1) it provides better security with relatively low resource requirements, (2) it is straightforward to administer keys, and (3) it is resistant to some attacks and a digital signature can be generated and verified quickly and easily.

Alireza Jolfaei(B), Xin-Wen Wu, and Vallipuram Muthukkumarasamy [9], method encrypts texture images via bit masking and permutation procedures using Salsa20/12 stream cipher as part of a novel texture encryption scheme that complements the existing methods for 3D object encryption. As a result, the method has very low overhead and meets the security requirements, and protects the 3D surface geometry from partial disclosure by keeping the texture patterns hidden. Compared to full encryption and selective encryption (using the 4 most significant bits), the scheme has a higher speed-security profile. The schemes are implemented and tested with 500 sample texture images. Comparing the experimental results with full/selective encryption by 128-bit AES, the scheme demonstrated better encryption performance.

M. Sankari P. Ranjana [10], To protect the image data in the mobile cloud through privacy-preserve lightweight image encryption (PLIE), they have been introduced a method that keeps metadata on mobile while maintaining user privacy. Mobile data is split, distributed, and scrambled (SDS) to maintain user privacy and store it in the cloud. As a result, the throughput increases, the encryption time is sped-up, and the complexity is minimized. Using the PLIE method implemented in Python language, the encryption time was approximately 50% shorter than that of AES. They have been measured the performance of the existing method (AES) versus the method (PLIE) using various parameters. Furthermore, they have been evaluate the security level by presenting some security attacks.

3. Advanced encryption standard (AES)

The AES encryption algorithm is symmetric in the group, and there are three different key lengths: 128 bits, 196 bits, and 256 bits, with the packet size being 128 bits. The algorithm is reasonably flexible in its application. The AES algorithm is widely used in software and hardware. In the three key lengths, the 128bit key length is commonly used. The internal algorithm performs a ten-time iterative process when the key length is under. The five sections of the final round are joined by the Sub Bytes, S-box, Shift Rows, Mix Columns, and Add Round Key. AES has five different units of measurement: bits, bytes, characters, groups, states. A round of AES is composed of byte replacement (Sub Bytes), line displacement (Shift Rows), mixed column displacement (Mix Columns), key replacement (Add Round Key), and so on. AES algorithm design should meet three criteria during all phases of the data packet transformation, in the beginning, and ending stages of encryption:

1. Can resist all known attacks.

2. Fast and coding compaction.

3. Simple in design.

Figure 2 shows the process of AES Encryption and Decryption. It relies on the packet size and the length of the key, and it is controlled by the key. The iteration round of the number is controlled by the key and the length of the block.

As a Figure 2, a cryptographic algorithm is shown on the left and a cryptographic algorithm is shown on the right of the figure. A key expansion algorithm is shown in the middle of the figure. It consists of N iterations having four different steps: byte replacements (Sub Bytes), line displacements (Shift Rows), mixed column shifts (Mix Columns), and key shifts (Add Round Key). There are no mixed column transformations in the final round. The decryption algorithm is the opposite of encryption (inverse byte substitution, inverse shift rows, and inverse mix columns).

For full encryption, the data is passed through Nr rounds (Nr = 10, 12, 14). These rounds are governed by the following transformations:

• Sub byte Transformation: A non-linear substation table is used (s-box). It’s constructed by multiplying inverse and affine transformation.

• Shift rows transformation: The offset of the left shift varies between one and three bytes, and the last three rows of the state are cyclically shifted.

• Mix columns transformation: The result is equivalent to multiplying columns of the states by a fixed matrix for each column vector. Note that the bytes are treated as polynomials rather than numbers.

• Add round key transformation: The round key is XORed with the working state, which is its overexpansion

• key: Even if an eavesdropper knows the plaintext and ciphciphertexte AES algorithm cannot be determined, because the secret key is known to both the sender and the receiver. According to its specifications, AES uses one of three key sizes (Nk). AES-126, AES-196, and AES-256 respectively use 128 bit (16 bytes, 4 words) and 196 bit (24 bytes, 6 words) key sizes. Key values have no weak point, unlike DES. All key values are equally secure, therefore no key-value renders encryption more vulnerable than the other. Key values are expanded via key expansion routines before being used in the AES algorithm. In addition to performing “on the fly” word expansion, this routine can be performed at any time.

4. Compared the current algorithms and approaches

In refs. [8, 9, 10], by comparing three papers, I presented them in my study, which compared their results.

4.1 Hybrid algorithms

In ref. [8], three hybrid methods have been proposed for image encrypting and decrypting. This section describes the key generation, background process, and algorithm for image encryption and decryption. The algorithms are mentioned below:

• Elliptic Curve Cryptography (ECC) with Hill Cipher,

• ECC with AES,

• ElGamal with Double Play fair Cipher.

In this section I will explain two things:

1. How does the ECC generate the key?

2. ECC with AES for Image Encryption and Decryption.

4.1.1 Key generation of ECC

Here is an overview of the elliptical curve cryptography method. Elliptical curves are used over a finite prime field.

Fp=abpGE1

Y2≡x3+ax+bmodpand 4a3+27b2≠0modpE2

Where F_p is the finite field over a prime number p with generator G. a, b are curve parameters.

Whenever you multiply a point with different scalars, it creates every point on the curve. This is the generator of the curve G. To generate keys for elliptic curve cryptography, they have been defined the order of elliptic curve n as the smallest integer which when multiplied by generator G gives the zero point at infinity, that is, nG = O. Figure 3 shows how does the ECC key generates.

4.1.2 ECC with AES for image encryption and decryption

For the encryption and decryption of images, Elliptic Curve Cryptography (ECC) is used in combination with AES. AES-128, AES-192, or AES-256 encryption and decryption are performed using the Cipher Feedback (CFB) mode. The initialization vector (IV) must be the same length and it should be a multiple of 16 or 24 or 32 bits, respectively. The initialization vector (IV) is not required for the Electronic Code Book (ECB) mode. AES encrypted bytes are converted to large integers to reduce operating costs by encrypting 2 × group size number of bytes in one ECC operation. This is because Base 256 represents values from 0 to 255 on the XY plane, and ECC encryption uses a point addition formula to encrypt any point on the XY plane. The algorithm is working with an 8-bit image whose pixel intensities range from 0 to 255. The benefit of performing such an operation is to eliminate the need to create a mapping table, which would otherwise be computationally impossible if an extremely large prime number was used to generate the finite field and share it between users. Decrypting is achieved by reflecting the SSK coordinates for the x-axis and taking modulus p. The reflected point is then added to the x-axis using the point addition formula for performing the inverse operation. Figure 4 shows an AES-ECC hybrid encryption system.

4.2 Texture encryption scheme

In ref. [9], Using Salsa20/12 for the upper nibble image encryption, the bitstreams of the lower nibble image are scrambled by permuting a zigzag pattern on the bitstream. They have been called our encryption mechanism ‘Salsa Dance’ since it is consistent with (Latin American) Salsa movement. Infer the steps of the encryption algorithm, P being the plain image, N being the nibble image, and C being the cipher image. If RGB is a 24-bit representation, each flat image, nibble image, or cipher image is represented by three M * N matrices, so R, G, and B color layers. For any pair of x (1 ≤ x ≤ M) and y (1 ≤ y ≤ N), multiply p (x, y) by n (x, y) and the result is the flat image, nibble image, or cipher image. P (x, y) and c (x, y) are the entry values for the plain-images, nibble images, and cipher images, respectively; n (x, y) ∈ {0, 1, …, 15}.

A 24-bit texture image with one color layer has the encryption procedure described below. For the other color layers, the procedure is similar. By splitting every entry into upper and lower nibbles, we could break the plain image into two nibble images that correspond to x and y. For any x (1 ≤ x ≤ M) and y (1 ≤ y ≤ N), n1 (x, y) and n2 (x, y) are defined as follows:

n1xy=pxymod24E3

n2xy=pxy−n1xy·2−4E4

Figure 5 shows a zigzag path for scanning an image with the dimensions 3 * 4 in Figure 5a if mod(s, 12) = 7. In this case, entry scanning starts at the 7th entry and ends at the 9th entry, which is the entry immediately before the initial one. Scanning involves the placement of bits, column by column, in a matrix sequentially as they have been encountered. Permutation affects both bit-plane image bits (diffusion) as well as the values of nibbles (confusion). A mod (s, 12) = 7, the permutation result of the test bit-plane image can be seen in Figure 5b. Following the permutation process, when the scrambled bit-plane image is combined with every 4 consecutive columns, the encrypted lower nibble-image with size M * N can be reconstructed.

The final step is to create the cipher image by combining the encrypted upper and lower nibble images. To summarize, the whole encryption process is as follows:

P=24N2+N1E5

C=EP=24·E2N2+E1N1E6

Where,

E2N2=Salsa20/12N2E7

E1N1=PermN1E8

PK (plain image), N1, N2 (lower nibble image), and C (upper nibble image) refer to plain, lower, and upper nibble images, respectively. In decryption, cipher images are further divided into upper and lower nibble images. In 24-bit texture images, there is a close correlation between different layers of color in the image. The upper and lower nibbles are decrypted with the same keystream used in encryption, while the inner nibble is decrypted by inverse permutation. To meet this requirement, Salsa20/12 uses a 64-bit nonce each time the color layer is encrypted. The same message will never be encrypted twice in the same way so that there is always a different ciphertext. If the same nonce and key are used on two different plaintexts, then you can cancel the keystream out by masking the ciphertexts together.

5. Results

After studying the previous papers, I will be compared by showing them the different performance results. Table 1 shows the different results.

5.3 Discussion and comparative analysis

According to the first paper [8], Compression of the image uses techniques that use less space to provide the same information, which solves the computation and high protection problem. The result is a low bandwidth, reduced storage space, and shortened computation times due to the compression.

According to the second paper [9], This paper describes a technical solution for meeting the confidentiality requirements associated with texture images that overcome the limitations of current techniques, in addition, large data volumes and high application requirements, including real-time performance, complexity, and security, are common.

According to the third paper [10], to reduce resource consumption, throughput, increase processing speed and reduce complexity, the PLIE method is an excellent choice for image encryption on mobile devices, It has been shown by a variety of performance measurements to maintain privacy for users in mobile and to reduce encryption time by nearly 50% compared to existing methods such as AES.

For the study, input and output images include Mona Lisa (Grayscale 256 * 256 Pixels), Mona Lisa (Colored 256 * 256 Pixels), and Eggs (Grayscale 256 * 256 Pixels). Representative input and output images, with encryption and decryption algorithms, are provided [8]. Figure 6 shows Sample input and output for hybrid algorithms.

An example texture image and its encryption results are shown in Figure 7. Salsa Dance seems to disrupt the correlation between entries of the image while both full and selective encryption using AES fail to destroy the coarse pattern.

6. Conclusion

Nowadays, all smartphones, laptops, and other communication devices connect to the cloud, making data accessible to everyone. IoT network is a group of various devices interconnected over the internet that exchange data between themselves and other services. It has a wide application range from smart applications to a variety of industrial applications. Encryption is one of the best techniques to guarantee end-to-end security in the IoT network, as the volume of data transferred is so high. Because nodes in an IoT network have limited resources, classical cryptography methods are costly and inefficient, so lightweight block ciphers are one of the most sophisticated ways to overcome security shortcomings in this environment. When we have compared the systems, we have found that these modifications were made to the original AES algorithm, while the original algorithm security remains robust, the modified AES algorithm remains lightweight and faster, providing more satisfaction for embedding in IoT devices and sensors that consume little power. Especially this algorithms that compared, improved AES-ECC hybrid encryption system that has good flexibility and versatility and optimized ECC multiplication unit design according to the characteristics of wireless sensor networks. It was capable of generating and authenticating digital signatures at a faster rate. It also fully met wireless sensor networks’ reliability, processing power, and power consumption requirements. Salsa 20/12 method that encrypts texture images via bit masking and permutation procedures using Salsa20/12 stream cipher as part of a novel texture encryption scheme that complements the existing methods for 3D object encryption. Therefore, mobile data is split, distributed, and scrambled (SDS) to maintain user privacy and store it in the cloud. As a result, the throughput increases, the encryption time is sped-up, and the complexity is minimized. Using the PLIE method implemented in Python language, the encryption time was approximately 50% shorter than that of AES.