Page 1 of 13
Transactions on Machine Learning and Artificial Intelligence - Vol. 10, No. 2
Publication Date: April, 25, 2022
DOI:10.14738/tmlai.102.11939. Galliera, R., & Bagui, S. (2022). An Introduction to Data Encryption and Future Trends in Lightweight Cryptography and Securing IoT
Environments. Transactions on Machine Learning and Artificial Intelligence, 10(2). 14-26.
Services for Science and Education – United Kingdom
An Introduction to Data Encryption and Future Trends in
Lightweight Cryptography and Securing IoT Environments
Raffaele Galliera
Department of Computer Science, University of West Florida, USA
Sikha Bagui
Department of Computer Science, University of West Florida, USA
ABSTRACT
This paper presents an overview of the basic concepts of cryptography and
encryption. The work aims at presenting the main concepts and concerns of
encryption on a high-level of abstraction, allowing non-domain expert readers to
navigate through these topics. Less traditional arguments are also shown, from the
relevance of Key Management Services with its usage in Envelope Encryption, to
Zero Knowledge proofs and their innovative applications. The crucial importance
of securing communications between IoT devices and widely used algorithms to do
so, are also discussed.
Keywords: Data Encryption, Cryptography, Zero Knowledge, Network Security, Key
Management Service, Interactive Proofs, Non-Interactive Proofs
INTRODUCTION
By the day the number of devices connected to a network is increasing, and with that the data
flowing to the internet is building exponentially. It has been estimated that by 2025, more than
75 billion devices will be connected to the Internet [1]. This implies a greater responsibility for
both the academic and industrial research world. Numerous attacks during the last decade have
targeted Internet of Things (IoT) networks, demonstrating an extremely effective exploitation
of these devices for performing massively scaled DDoS attacks. One of the most notorious
examples is the Mirai Botnet [2], which in October 2016, brought down huge portions of
internet services, from streaming to banking, exploiting IoT device vulnerabilities present in
digital cameras and DVR players. Computers in a network would get infected by a malware, i.e.
Mirai, and computers would continually search the internet for vulnerable IoT devices and then
use known default usernames and passwords to log in, infecting them. Very recently, a new
Botnet inspired by Mirai has been reported compromising over 300,000 IoT devices [3]. Like
the Mirai story, we find many other even scarier episodes of dangerous IoT device
vulnerabilities. For example, in 2017, CNN reported that some cardiac devices could be hacked,
putting at risk the life of patients [4]. Hence, since IoT devices are so widely used in so many
fields in our everyday lives, their vulnerabilities lead to the necessity of developing stronger
authentication methodologies and solid encryption systems in order to keep access to the data
and the integrity of the information as safe as possible.
Page 2 of 13
15
Galliera, R., & Bagui, S. (2022). An Introduction to Data Encryption and Future Trends in Lightweight Cryptography and Securing IoT Environments.
Transactions on Machine Learning and Artificial Intelligence, 10(2). 14-26.
URL: http://dx.doi.org/10.14738/tmlai.102.11939
The rest of this paper is organized as follows. Section 2 discusses basics of Cryptography,
including the importance of data encryption and what it means to keep information safe and
secure. Symmetric and asymmetric data encryption, the two main types of encryption
illustrating the basics of well-known algorithms, Advanced Encryption System (AES) [5] and
Rivest-Shamir-Adleman (RSA) [6] are also discussed. In this section, a summarization of the
latest National Institute of Standards and Technology (NIST) report [7] of the in-progress
standardization process of Lightweight Cryptography for resource-constrained devices, is also
presented. This section also introduces some of the concepts of Key Management Services to
protect secrets and encryption keys. Section 3 brings in the topic of Zero-Knowledge, a non- traditional way of performing proof of knowledge, which can be applied, for example, to
authentication. This sections also reviews the crucial role of present day IoT devices and the
importance of establishing secure communications. Finally, section 4 presents the conclusions.
THE BASICS OF CRYPTOGRAPHY
Cryptography, from the Ancient Greek Kryptos meaning "hidden, secret" and Graphein meaning
"writing", in the modern context of applications in information technology, is still the ancient
art of securing communications. Though once physically and analogically performed,
cryptography is now digitally performed by signals in networks.
The reasons for cryptography can be summarized as the need for five important items [8]:
o Privacy/confidentiality: Maintaining privacy or confidentiality means that no one other
than who the message is intended for should have access to the message without the
proper permissions.
o Authentication: Authentication is having a process of checking or verifying the user’s
identity before getting access.
o Integrity: To maintain the integrity of a message, we have to be sure that the message
is not altered in any way while going from the sender to the receiver.
o Non-repudiation: This refers to having a way of making sure that the sender really sent
the message.
o Key exchange: This refers to developing a protocol by which crypto keys are shared
between the sender and receiver.
The following subsections will introduce the two main categories of encryption based on key
exchange, Symmetric and Asymmetric key encryption.
Symmetric and Asymmetric key encryption
The concept of symmetric encryption algorithms, for example AES [5], is probably the easier of
the two to understand. Basically, a shared cryptographic key is used to both encrypt and
decrypt the desired information. This means that, in order to not put information at risk, it is
crucial for users to keep the shared key safe and secure. One of the weak points of this approach
is with respect to transportation and distribution. If the transportation is not secure and the
key is intercepted, fraudulent actors might take over the key with potentially catastrophic
consequences, depending on the information. Asymmetric encryption algorithms, however, use
two different keys known as the Public key and the Private key. This methodology can be used
in a variety of different applications, from securing a communication to digital signature.
Depending on the scenario, one of the two keys involved is used to encrypt the data while the
other is used to decrypt it. While the two keys are mathematically linked to one another and
Page 3 of 13
16
Transactions on Machine Learning and Artificial Intelligence (TMLAI) Vol 10, Issue 2, April - 2022
Services for Science and Education – United Kingdom
the Public key is distributed to the public, the private key cannot be inferred from the public
key and is kept secret by the single entity involved in the communication channel. This kind of
encryption also involves the presence of a third-party entity, the Certification Authority. This
entity has the purpose of issuing certificates, linking a Public key to its owner and certifying the
validity of this association to whoever requests it.
Let’s suppose that Alice wants to send an encrypted message to Bob. Alice will encrypt the
message using Bob’s Public key, so that hopefully nobody but Bob will be able to decrypt the
message using the Private key, even if the communication channel is not guaranteed to be
secure [see Figure 2a].
Another application for asymmetric keys is a digital signature, where the owner "signs" a
document with the Private key, and everybody else can verify the signature by decrypting it
using the Public key. This process is also shown in Figure 2b. This methodology is widely used
where detecting forgery is especially important, for example in the financial sector or contract
management software.
Generally, symmetric key encryption also corresponds to many advantages with respect to the
asymmetric counterpart in terms of efficiency. And, in order to overcome carrier channel
security vulnerability by the design of encryption methodology, symmetric encryption is often
coupled with asymmetric encryption algorithms for the exchange of keys. This way, Alice and
Bob can securely exchange the symmetric key before starting their communication. Bob, who
starts the communication, would encrypt the symmetric key with Alice’s public key, so that
when the encrypted package arrives, she can decrypt it with her private key, and finally start
the symmetrically encrypted communication without the virtual risk of disclosing the key to
fraudulent third-party entities.
Block Cipher and Stream Cipher
There are two separate methods to perform symmetric encryption, block ciphers and stream
ciphers. As explained in [9], during the first, the plain messages are divided into fixed-size
blocks, usually 64 and 128 bits, and converted into ciphertext. During the second, the
information is encrypted bit-by-bit (or byte-by-byte), converting each individual quantity to a
ciphertext by performing XOR operations between pseudo-random generated bits from the key
and the information bits. In most parts of the modern symmetric algorithm, like AES [8], the
current standard for symmetric encryption, are block ciphers. Despite their speed of
transformation, stream ciphers are prone to insertions and modifications due to malicious
interceptors, who can break the algorithm and insert spurious text in the stream while still
appearing as an authentic transmission. As shown by [10], for cryptosystems which use the
same key repeatedly, block ciphers are usually considered stronger than stream ciphers.
AES - Advanced Encryption System
The AES algorithm was developed in 1998 by Joan Daemen and Vincent Rijment [5]. AES was
born as a result of a need for NIST [7], as an alternative for Data Encryption Systems (DES),
which became vulnerable to attacks causing increased computational performance. There are
three different versions of the algorithm for different key lengths, AES-128, AES-192 and AES- 256 [5]. The algorithm encrypts and decrypts data in blocks of 128 bits using a cryptographic
key with lengths 128, 192 or 256, depending on the algorithm version. The data is then divided