Scholarly article on topic 'Hardware Implementation of Blowfish Algorithm for the Secure Data Transmission in Internet of Things'

Hardware Implementation of Blowfish Algorithm for the Secure Data Transmission in Internet of Things Academic research paper on "Computer and information sciences"

CC BY-NC-ND
0
0
Share paper
Academic journal
Procedia Technology
OECD Field of science
Keywords
{"Internet of Things (IoT)" / cryptography / "blowfish algorithm"}

Abstract of research paper on Computer and information sciences, author of scientific article — Manju Suresh, M. Neema

Abstract As Internet of Things (IoT) can be broadly used in many fields, the security of IoT is gaining importance. In IoT, all the devices are connected. If a hacker manages to enter the network, he may access confidential datas. So for IoT, an information transmission security mechanism is essential in addition to the authentication mechanism. Beginning with the concept of IoT, its architecture and security issues, this paper analyzes various security mechanisms for IoT and the significance of cryptography in IoT. An efficient cryptographic algorithm “Blowfish” is selected based on several comparisons. A modification in Blowfish algorithm is presented by changing its Function module ‘F’. Comparison of original and modified blowfish algorithm is done by implementing both in Xilinx Virtex-5 XC5VLX50T FPGA using Verilog HDL and found that modified algorithm is efficient than the original in terms of encryption time by 16.9% and throughput by 18.7%.

Academic research paper on topic "Hardware Implementation of Blowfish Algorithm for the Secure Data Transmission in Internet of Things"

Available online at www.sciencedirect.com

ScienceDirect

Procedia Technology 25 (2016) 248 - 255

Global Colloquium in Recent Advancement and Effectual Researches in Engineering, Science and

Technology (RAEREST 2016)

Hardware implementation of blowfish algorithm for the secure data

transmission in Internet of Things

Manju Suresh a, Neema M.b *

a MTech student, Adi Shankara Institute Of Engineering & Technology, Kalady, 683574, India b Assistant Professor, Adi Shankara Institute Of Engineering & Technology, Kalady, 683574, India

Abstract

As Internet of Things (IoT) can be broadly used in many fields, the security of IoT is gaining importance. In IoT, all the devices are connected. If a hacker manages to enter the network, he may access confidential datas. So for IoT, an information transmission security mechanism is essential in addition to the authentication mechanism. Beginning with the concept of IoT, its architecture and security issues, this paper analyzes various security mechanisms for IoT and the significance of cryptography in IoT. An efficient cryptographic algorithm "Blowfish" is selected based on several comparisons. A modification in Blowfish algorithm is presented by changing its Function module 'F'. Comparison of original and modified blowfish algorithm is done by implementing both in Xilinx Virtex-5 XC5VLX50T FPGA using Verilog HDL and found that modified algorithm is efficient than the original in terms of encryption time by 16.9% and throughput by 18.7%.

©2016 The Authors.Publishedby ElsevierLtd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.Org/licenses/by-nc-nd/4.0/).

Peer-reviewunder responsibilityofthe organizingcommitteeof RAEREST2016 Keywords: Internet of Things (IoT); cryptography; blowfish algorithm

1. Introduction

The future internet enables us to have an immediate access to information about the physical world and its objects. As such, Internet of Things (IoT) has been introduced to integrate the virtual world of information and the real world of devices. IoT covers the infrastructure, which can be hardware, software and services, to support the networking of physical objects. IoT aims to provide a simple interaction between the physical world and the virtual world, by integrating a large numbers of real-world physical things into the Internet. IoT enables the communication and collaboration between people and things, and between things themselves without human intervention. It is

2212-0173 © 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Peer-review under responsibility of the organizing committee of RAEREST 2016 doi:10.1016/j.protcy.2016.08.104

Fig 1: Graphical representation of security challenges in Internet-of-Things [4]

emerging as an attractive future networking paradigm, in which each physical object is mapped as one or more cyber entities that can interact with other cyber entities, enabling pervasive connectivity.

Now a days, due to the technological advances in low-cost sensors, RFIDs, scalable cloud computing, and ubiquitous wireless connectivity, more and more physical objects and things are able to connect to the Internet and interact with the physical world around, which makes the Internet evolve to a new era, known as the IoT. Under the IoT, a vast amount of data, i.e., big data will be available and shared over the Internet among interested parties. We can extract more valuable and insightful knowledge about the state of objects or surrounding environment, and then have a better understanding and control over them, which will significantly improve the quality of our life. [1]. Unlike other network such as P2P, Grid, WSN, IoT is comprehensive and new network characterized by heterogeneous interconnection, intelligent perception, and multiple field application, and is of considerable interest in academia and industry. However, as a coin has two sides, the security risk is increasing rapidly due to its openness. [2].

Security represents a critical component for enabling the widespread adoption of IoT technologies and applications.Without guarantees in terms of system-level confidentiality, authenticity and privacy, the relevant stakeholders are unlikely to adopt IoT solutions on a large scale. In the perspective of an open IoT eco-system, whereby different actors may be involved in a given application scenario, a number of security challenges do arise. [3] (Fig 1)

2. IoT and its security

2.1 IoT Architecture

IoT architecture consists of three layers which are called perception, network, and application. The purpose of perception layer is to identify each thing in the IoT system. This is done by gathering information about each object. This layer contains RFID tags, sensors, cameras, etc. The second layer is the network layer. Network layer is the core of IoT. It transmits the information gathered by the perception layer. It contains the software and hardware instrumentations of internet network in addition to the management and information centers. The third layer is the application layer. The application layer's target is to converge between the IoT social needs and industrial technology (i.e. it can be considered as the middle tier between the industry technologies and how it can be controlled to cover the human needs). [5]

2.2 Security for IoT based on its three layer architecture

• Security analysis of the perception layer: The security problems faced in this layer includes nodes physical capture, capture gateway node, sensing information leakage, denial of service attacks, node replication attacks.

• Security issues of network layer: IoT faces the risks in existing communication network, including illegal access, data eavesdropping, confidentiality, integrity, man-in-the middle attacks, etc

• Security issues in application layer: The applications face many extra security issues and become particularly prominent, including data mining, data storage and backup, management and authentication mechanisms, information disclosure, privacy protection security issues etc. [6]

Fig 2: Security construction of IoT in its 3 layer architecture [6]

After analyzing the IoT construction layers of the existence of security problems, a safe tiered IoT construction is given, as shown in Fig 2.

• Physical security: is to ensure that the information collection node in the IoT is not destroyed deception and control.

• Information acquisition security: is to prevent the collection of information from eavesdropping, tampering, forgery and replay attacks, which is mainly related to sensing technology

• Information transmission security: is to ensure the process of information transmission data confidentiality, integrity, authenticity and availability of communication network security.

• Information processing security: is data storage, processing and access to the safety and security of cloud computing and middleware

• Information application security: is to ensure information privacy, the safety of usage, privacy protection, information leak prevention, and application security. [6]

So information transmission security should ensure data confidentiality, integrity, and authenticity for secure data transmission in IoT. Therefore a security mechanism which satisfies these 3 is needed.

3. Various security services

Table 1: Comparison of various security mechanisms and their services [7]

Security mechanisms

Service Cryptography Digital signature Access control Data integrity Authentication Traffic exchange padding Routing control

Peer entity authentication Y Y Y

Data origin authentication Y Y

Access control Y

Confidentiality Y Y

Traffic flow confidentiality Y Y Y

Data integrity Y Y Y

Non-repudiation Y Y Y

Availability Y Y

Fig 3: Classification of cryptographic algorithms [10]

From table 1, cryptography can be used to handle multiple sets of problems that may occur in an IoT environment.

4. Cryptography for strengthening insecured channel in IoT

Cryptography ensures the privacy and non alteration of data etc. It is required, to keep the secrecy of communications over open channels and to prove the authenticity of an incoming message [8]. Cryptography is defined as the art of transforming a readable text (plain text) into an unreadable one (cipher text) which ensures data privacy. [9]. Classification of cryptographic algorithms is shown in figure 3.

4.1. Comparison of cryptographic algorithms Table 2: Features that make SKC more suitable for IoT

_Symmetric key cryptography [SKC]_Asymmetric key cryptography [AKC]_

Uses a single key for both encryption and decryption Uses one key for encryption and another for decryption

Extremely secured Less secured compared to SKC

Fast Slow

Requires less processing power_Requires more processing power compared to SKC

Table 3: Features that make Block Cipher more suitable for IoT

_Block cipher_

A block cipher encrypts plaintext one block at a time Cryptanalysis of block ciphers is difficult compared to stream

Computationally less complex

East to carry heavy data loads_

_Stream cipher_

Stream cipher encrypts plaintext one byte at a time

Cryptanalysis of steam ciphers is easy compared to block

Computationally complex

Difficult to carry heavy data loads_

Table 4: Comparison of Algorithms [11][12][13]

Algorithms Key size Block size Round Level of security Encryption speed

DES 64 bits 64 bits 16 Not secure enough Very slow

3DES 112 or 118 bits 64 bits 48 Adequate security Very slow

AES 128, 192, 256 bits 128 bits 10,12,14 Excellent security Faster

RC4 Variable 40-2048 bits 256 Adequate security Faster

RC6 128-256 bits 128 bits 20 Good security Average

BLOWFISH 32 - 448 64 bits 16 Highly secured Very fast

Table 4 shows that of all algorithms, blowfish algorithm is more secured and have great encryption speed.

Table 5: Comparison of execution times, throughput, memory usage and battery consumption of encryption algorithms with different packet size

Average encryption time, , , Encryption time for each algorithm for corresponding input throughput & Input size in size(ms)_

Memory usage Kbytes AES 3DES DES RC2 RC6 BLOWFISH

- 49 56 54 29 57 41 36

- 59 38 48 33 60 24 36

- 100 90 81 49 91 60 37

- 247 112 111 47 121 77 45

- 321 164 167 82 168 109 45

- 694 210 226 144 262 123 46

- 899 258 299 240 268 162 64

- 963 208 283 250 295 125 66

- 5345.28 1237 1466 1296 1570 695 122

- 7310.336 1366 1786 1695 1915 756 107

Average encryption time(ms) - 374 452 389 480.7 217 60.3

Throughput (Megabytes/sec) - 4.174 3.45 4.01 3.247 7.19 25.892

Memory usage (Kbytes) - 32.5 - 43.2 - - 25.2

Battery consumed (%) 4.2 5.5 4.8 0.5

Table 5 [10] [14] [15] [16] [17] shows that, blowfish performs faster than DES, RC2, RC6 and AES. Blowfish performs approximately 4 times faster than AES and 2 times faster than DES. Also performance of Blowfish algorithm is inversely proportional to key size. If key size is increased, the performance will be decreased and viceversa. AES performs in slow compared with DES and Blowfish. Blowfish has the highest throughput. The table also shows that Blowfish use least memory compared to DES and AES.

All the above comparisons show the superiority of blowfish algorithm. Of all algorithms, blowfish algorithm is the best in terms of execution time, avalanche effect, power consumption, memory usage, throughput, security etc. So blowfish algorithm is well suited for the secure data transmission in IoT.

5. Implementation of Blowfish Algorithm

Blowfish, a 64bit block cipher, is an excellent choice for encryption, since it is lightweight, public domain, and highly secure even after extensive analysis. There are two ways to implement the blowfish algorithm which are via software or hardware implementation. Compared to software implementation, hardware implementation has many advantages.

Secrecy of encryption key is of high importance in symmetric ciphers (Blowfish is a symmetric cipher). Software implementation of encryption algorithms donot provide ultimate secrecy of the key since, the OS on which encryption software runs is always vulnerable to attacks. Other advantages of hardware implementation compared to software implementation involve faster operation because of parallelism, highly secured etc. One type of hardware implementation is using hard-wired components, for example FPGA

A graphical representation of the Blowfish algorithm appears in Figure 4(a). This structure is known as Fiestal network. Graphical representation of F appears in Figure 4(b). The function divides a 32-bit input into four bytes and uses those as indices into an S-array. The lookup results are then added and XORed together to produce the output. Because Blowfish is a symmetric algorithm, the same procedure is used for decryption as well as encryption. The only difference is that the input to the encryption is plaintext; for decryption, the input is ciphertext.

P is an array of eighteen 32-bit integers. S is a two-dimensional array of 32-bit integer of dimension 4x256. Both arrays are initialized with constants, which happen to be the hexadecimal digits of n (a pretty decent random number source). The P-array and S-array values used by Blowfish are precomputed based on the user's key. In

8 bits 8 bits 8 bits 8 bits

S - Box 1 S - Box 2 S - Box 3 S - Box 4

E2 —»-Sum 0—XOR

Fig 4: Graphical representation of (a) Blowfish algorithm (b) Function module (F)

effect, the user's key is transformed into the P-array and S-array. This process is known as sub-key generation. The key itself may be discarded after the transformation. The P-array and S-array need not be recomputed as long as the key doesn't change, but must remain secret. [18]

To generate sub keys:-

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of the hexadecimal digits of pi (less the initial 3).

2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has been XORed with key bits.

3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in steps (1) and (2).

4. Replace P1and P2 with the output of step (3).

5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.

6. Replace P3 and P4 with the output of step (5).

7. Continue the process, replacing all entries of the P-array, and then all four S-boxes in order, with the output of the continuously-changing Blowfish algorithm.

Encryption:-

Blowfish is a Feistel network consisting of 16 rounds. The input is a 64-bit data element, x.

• Divide X into two 32-bit halves: xL, xR

• For i = 1 to 16:

xL = xL XOR Pi xR = F(xL) XOR xR Swap xL and xR

• Swap xL and xR (Undo the last swap.)

• xR = xR XOR P18

• xL = xL XOR P17

• Recombine xL and xR [18]

5.1 Modified Blowfish Algorithm

Fig 5: Modified Function (F) module [19]

In modified blowfish algorithm, the original function module is modified. In the original function, output of S-box 1 and 2 are added, and then it is XORed with the output of S-box 3. This XORed output is added with the output of S-box 4 to obtain F(xL). Addition here is modulo addition. In the modified function, two modulo addition operations in the original function are done in parallel. The outputs of S-box 1 and 2 and outputs of S-box 3 and 4 are added in parallel. Then their outputs are XORed to obtain F(xL). Modified function is shown in figure 5.

6. Results of Implementation

Simulations are carried out in Modelsim SE 6.5 and for synthesis Xilinx ISE 14.2 was used. The algorithm was implemented in Xilinx Virtex-5 XC5VLX50T FPGA.

Both original and modified blowfish algorithms were simulated using Modelsim SE 6.5 and the results are shown in figure 6 and 7. Same inputs (key and plaintext) are given to both algorithms for encryption. The difference in the ciphertext can be clearly seen. Similarly same inputs, which are key and ciphertext, are given to both algorithms for decryption.

Messages

^)f_encryption/dk

.ftjfjencryption^st

A>f_encryption^eyJn

A>f_encrypöon/x

rt>f_encryption/y

Messages

/bfjlecryption/dk

/bf_decryption/rst

/bf_decryptionAeyJn

/bf_decrypöon/x

/bf_decryption/y

1 | |

a7Jb3456eeffll43a a73b345Äes ffll41iabbc7642effaba№ Ibccddeeffl!

7abfb3äS3f3Cä879 e2991bc7cd4fte0ef 7abft3eB8f Ices 79

i2591bc7cd ideOef

Fig 6: Blowfish algorithm using Verilog HDL (a) Encryption (b) Decryption

Messages

/bf_decryption/dk ybf_decryptiori/rEt

Messages

ybf_encryption/dk /hf_encryption/rst

bf_encryption/fceyjn a77b3~56eeff 1 H3Ja77b3^56eeffLH3aabtx7H2frffiabd4Zibccddeeffl2ailhf decryptionfev n a77b3456eeff 1 Hia77b3456eeffll43aabbc7942effabcd42:

ybf_eno7ption/x /bfjenayption/y

e2591bc7cd4je0ef eZ55lbc7:d-We]ef dfe 1424316018770 l^l^'-ll-" ,^'r

/bf_de<xyptjon/x /bf_deayption/y

-1_ -1

a77b3456eeffL143aabbc7Ë dfel424316018770 e259 lbt:7cd-4de0ef 42effabcd42 bccddeeffli

Fig 7: Modified Blowfish algorithm using Verilog HDL (a) Encryption (b) Decryption

In figure 6(a) and 7(a), x is the plaintext and y is the ciphertext, both of 64bits. Key_in is the input key of 448 bits. In figure 6(b) and 7(b), x is the ciphertext and y is the plaintext.

Table 6: Comparison of original and modified blowfish algorithm

Parameters Original Blowfish Modified Blowfish

Encryption time (ns) 6.928 5.755

Throughput(Megabytes/sec) 16.03 19.30

Total on-chip power (mW) 583.3 582.1

Logic utilization- Number of fully used LUT-FF pairs 767 758

Logic utilization- Number of slice LUTs 9979 9971

From table 6, it can be seen that modified blowfish algorithm gives better results than original blowfish algorithm in terms of encryption time, throughput, total on-chip power and device utilization

7. Conclusion

In this paper, we have explored security challenges and security mechanisms for IoT. By analyzing different security problems associated with IoT, major share of the same are occurring in the insecured channel which connects different IoT nodes or IoT nodes and WSN nodes. For providing information transmission security in the network layer, cryptographic techniques can be used. Of all the cryptographic algorithms, Blowfish algorithm is the best in terms of execution time, memory usage, throughput, power consumption, and security and thus well suited for IoT. Hardware implementation of original and modified Blowfish was done in Xilinx Virtex-5 XC5VLX50T FPGA using Verilog HDL. On comparing both, the modified one showed improvement in terms of encryption time by 16.9% and throughput by 18.7%. Implementation of modified Blowfish algorithm in an IoT environment will be persuaded as our future work.

References

[1]Luigi Hao Yue, Linke Guo, Ruidong Li, Hitoshi Asaeda, Yuguang Fang, From DataClouds: Enabling Community-Based Data-Centric Services Over the Internet of Things, IEEE Internet of Things Journal, Vol. 1, No. 5, October 2014

[2] Gu Lizet, Wang Jingp, Sun Bin, Trust Management Mechanism for Internet of Things, China Communications Magazine, February 2014

[3] O.Vermesan, Internet of Things - From Research and Innovation to Market Deployment, River Publishers Series in Communication, 2010

[4] D.Miorandi, S.Sicari, Internet of things: Vision, applications and research challenges, Ad Hoc Networks Journal, Elsevier, Apr.2012

[5] Omar Said, Towards Internet of Things: Survey and Future Vision, International Journal of Computer Networks (IJCN), Vol 5,Issue 1 : 2013

[6] Quandeng Gou, Yihe Liu, Construction and Strategies in IoT Security System, IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, 2013

[7] William Stallings, Cryptography and Network Security Principles And Practice Fifth Edition, Pearson Publications, 2011

[8] Gary C. Kessler, An Overview of Cryptography, Published by Auerbach , 8 July 2015

[9] Sourabh Chandra, Siddhartha Bhattacharyya, Smita Paira, A Study and Analysis on Symmetric Cryptography, IEEE proceedings on International Conference on Science, Engineering and Management Research, March 2014

[10] Pratap Chnadra Mandal, Superiority of Blowfish Algorithm, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 2, Issue 9, September 2012

[11] Nadeem.A, A Performance Comparison of Data Encryption Algorithms, IEEE information and communication technologies, pp.92-94, 2005

[12] P. Princy, A Comparison Of Symmetric Key Algorithms DES, AES, Blowfish, RC4, RC6: A Survey", International Journal of Computer Science & Engineering Technology (IJCSET), Vol. 6 No. 05, May 2015

[13] Ashwak. A.Labaichi, Faudziah Ahmad, Security Analysis of Blowfish algorithm, IEEE Journal,vol. 10, No. 10, June 2013

[14] Milind mathur, Comparison between DES , 3DES , RC2 , RC6 ,Blowfish and AES, IEEE Proceedings of National Conference on New Horizons in IT, May 2013

[15] A.Ramesh, Dr.A.Suruliandi, Performance Analysis of Encryption Algorithms for Information Security, International Conference on Circuits, Power and Computing Technologies, 2013

[16] Rajdeep Bhanot, Rahul Hans , A Review and Comparative Analysis of Various Encryption Algorithms, International Journal of Security and Its Applications, Vol. 9, No. 4, April 2015

[17] G. Muthukumar, Dr. E. George Dharma Prakash Raj, A Comparative Analysis on Symmetric Key Encryption Algorithms, International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 3, Issue 2, February 2014

[18] Schneier.B, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Publication 2nd ed., John Wiley & Sons, 2008

[19] Saikumar Manku and K. Vasanth, "Blowfish encryption algorithm for information security", ARPN Journal of Engineering and Applied Sciences, Vol 10, No 10, June 2015