Professional Documents
Culture Documents
Secure Iot Framework For Authentication and Confidentiality Using Hybrid Cryptographic Schemes
Secure Iot Framework For Authentication and Confidentiality Using Hybrid Cryptographic Schemes
https://doi.org/10.1007/s41870-024-01753-w
ORIGINAL RESEARCH
Abstract IoTs are increasingly gaining popularity and Keywords Elliptic curve cryptography (ECC) · Genetic
prevalence due to their extensive applications across vari- Algorithm (GA) · Advanced encryption standard (AES) ·
ous domains. They gather data from the real environment SHA-512 · Authentication · Data security
and transmit it through the networks. Security is essential to
prevent data alteration, misuse of data, unauthorized access,
etc. Cryptography techniques are an efficient way to pro- 1 Introduction
vide a security mechanism for stored data and data during
transmission. The proposed secure model commences by The Internet of Things (IoT) is a fast-growing technology
authenticating the user and IoT and activating associated IoT poised to revolutionize various applications across indus-
devices that are subsequently, sent data to the cloud server. tries. Its swift adoption across sectors has ushered in a new
To ensure the secure transmission of IoT data, the technique era of improved service quality and productivity. Multiple
utilizes Elliptic Curve Cryptography (ECC) in combination industries have unlocked significant benefits by integrat-
with Genetic Algorithm (GA) to generate keys. The data ing IoT devices, including heightened security and efficient
is encrypted using the generated key and the Advanced management [1]. Moreover, IoT has paved the way for deliv-
Encryption Standard (AES). Assessment and comparison are ering services to individuals in remote locations through
performed based on parameters such as key size, execution cloud-based services, further bridging geographical gaps
time, throughput, and avalanche effect. Experimental results and enhancing accessibility for all. Consequently, there
show that the proposed model ensures the authentication and is a pressing need for improved data security and privacy
confidentiality of the data against unauthorized access and for individuals and organizations. IoT devices have always
data expose. Moreover, the proposed approach is robust and had significant concerns about transmitting information
performs better on selected parameters than state-of-the-art and data over the Internet, and this concern has intensified
cryptographic algorithms such as Data Encryption Standard with the increasing use of the Internet, smart devices, and
(DES) and Rivest–Shamir–Adleman (RSA). other means of data transmission. Data thefts and breaches
are rising, emphasizing the need for robust security meas-
ures. Researchers and cryptographers continuously strive to
develop innovative cryptographic models and improve exist-
ing algorithms to address this issue. These efforts enhance
user privacy, data security, authentication, and other related
* Salman Ali features in real-world applications [2].
salmanali.amu@gmail.com Numerous approaches have been introduced to tackle
Faisal Anwer data security concerns. Basic encryption techniques have
faisalanwer.cs@amu.ac.in shown limited effectiveness. Nevertheless, researchers have
1
put forth the following methods to address these challenges:
Department of Computer Science, Aligarh Muslim
University, Aligarh, India
13
Vol.:(0123456789)
Int. j. inf. tecnol.
• Homomorphic encryption: It processes encrypted data The suggested model encompasses a security frame-
through calculations without decryption. Gentry (2009) work specifically designed for a wide range of applications
later enhanced this approach. Nonetheless, these com- within the realm of IoT. It utilizes the SHA-512 algorithm
putational operations lead to a considerable rise in to authenticate the user. ECC is employed to generate keys
expenses. with a smaller size to enhance data security. This key is
• Hybrid technique: It employs a secure key-sharing sys- then subjected to GA to introduce randomness to its value.
tem and improved authentication methods through appro- AES is utilized for data encryption, employing the secret
priate arrangement. key that ECC and GA have generated. The suggested hybrid
• Distributive storage: This approach involves breaking the algorithm can improve system security more efficiently by
data into smaller sections. Each section is then encrypted addressing key size issues, ultimately reducing computa-
and stored in individual databases on the cloud. Never- tional power.
theless, this process consumes a substantial amount of This paper is organized into various sections. Section 2
resources. reviews the prior studies in the field. Section 3 provides
• Data concealment: It combines genuine data with fabri- background and introduces the platform used in the study.
cated visual information to augment the total dataset, and Section 4 presents the hybrid design and its operational
authorized users subsequently distinguish this expanded approach, while Sect. 5 discusses the implementation results.
dataset. Security analysis is given in Sect. 6. Finally, the conclusion
of the paper is given in Sect. 7.
Security Challenges, such as modifying sensitive data,
data privacy breaches, and unauthorized data utilization,
pose significant obstacles in IoT systems that rely on cloud
technology. 2 Related work
Consequently, cloud-based IoT systems must adhere to
various security requirements. Below are the fundamental Due to simultaneous resource sharing among all users, data
standards for ensuring the security and privacy of cloud- security is becoming increasingly important. Because cloud
based IoT systems [3–5]. storage is always accessible, data owners choose it over other
services. Authentication and data confidentiality should be
• Authentication: This principle is established to grant examined to improve data security.
access exclusively to authorized users while preventing Shukla et al. [6], proposed a method using ECC and AES
unauthorized attempts to access the system. Verifying to increase the system’s security without a trusted center.
user and IoT device identities should be ensured through The system is distributed and managed using Shamir secret
a robust cryptographic process. sharing. Even though the combined strategy that has been
• Authorization: This represents the second prerequisite, described improves system security, it still requires consider-
following authentication, which guarantees user permis- able amounts of time and computational power.
sions, resource allocation, and access priorities within In another work, the authors combine DES, AES, and
the system. Access levels vary depending on the privi- Blowfish algorithms, to provide the security services of the
leges granted to users. cloud [7]. To prevent conflict between large groups of users
• Non-repudiation: This approach guarantees that the per- and safeguard each user’s data separately, these algorithms
son sending information receives confirmation of suc- offer integrity, efficiency to data storage, accessibility, and
cessful delivery while the person receiving it obtains the avalanche effect of data block size and plain text.
evidence of the sender’s identity. As a result, neither In a paper by Madhavi et al. [8], ECC and RSA’s security
party can later deny their involvement in handling the level is coupled with data over 264 bits. Because it offers
information. greater secure services with smaller data sizes and requires
• Integrity: This characteristic guarantees the integrity of minimum storage for data accessibility, in this comparison
the data received and ensures that the data transmitted of algorithms, the ECC algorithm demonstrates superior per-
from the sender to the receiver remains unaltered and formance compared to the RSA method. On several JAVA
untouched by any malicious entity while it travels to the platforms, experimentation is performed.
cloud. In one of the works, data is encrypted and decrypted
• Confidentiality: Confidentiality guarantees that only the using ECC to offer secure and effective services to vari-
intended recipient can access and read the message that ous consumers [9, 10]. Data encryption and decryption
has been sent. This can be accomplished through the uti- are carried out using a two-part, layered approach. The
lization of encryption algorithms. first portion is divided into smaller parts to add the bits
needed for data encryption and minimize the key size for
13
Int. j. inf. tecnol.
easy accessibility. While, the second part comprises a divi- as a space-efficient strategy. Compared to other approaches,
sion of elliptical curves that are used to encrypt data such the Karatsuba augmentation method involves fewer cuts,
as {P0, P1, P2, . … , Pn} Encryption and decryption are car- making it advantageous for reducing complexity in higher-
ried out using these methods, and together these two layers order bits, given that lower-order bits already have a fewer
offer data security. number of cuts.
A novel approach called Polynomial-based Hashing Ellip- The paper [17] presented a dual-level cryptographic
tical Curve Cryptography (PHECC) is introduced in the approach and a framework designed to enhance informa-
work of Selvam et al. [11]. This method employs a hybrid tion security in cloud processing. This framework employs
algorithm within cloud computing services to implement symmetric and asymmetric encryption algorithms (AES and
polynomial-based hashing elliptical curve cryptography. ECC) to enhance data security, preventing unauthorized
The primary objective is to ensure client/user support and access to the information. As a result, it promotes privacy,
utilization of the service. By incorporating a hybrid cloud and data integrity, and expedites cryptographic tasks, ulti-
algorithm, this technique enhances cloud data security, mak- mately boosting user trust in cloud computing. Addition-
ing it well-suited for the current environment and offering a ally, the model accelerates using smaller ECC keys in the
high level of security. cryptographic process.
The paper [12] employs hybrid algorithms that combine Table 1 provides a thorough summary, offering a com-
RSA and ECC for data reduction. Following reduction, spe- parative examination of the relevant literature in the speci-
cific elements serving as signatures are allocated to ellipti- fied field.
cal curve authorities, facilitating the signing and digestion
of messages. Occasionally, ECC utilizes encrypted data for
this purpose. The encryption and decryption procedures 3 Background
are executed in a consistent manner. The analysis of hybrid
algorithms for RSA and ECC is conducted, evaluating their This research paper explores the accomplishment of vari-
performance based on excellence. ous tasks by leveraging the unique capabilities of diverse
Secure data transmission involving various encryption cryptographic algorithms. A comprehensive understanding
and decryption methods is proposed in the work [13]. The of each algorithm is crucial to obtaining a detailed overview
paper emphasizes the importance of maintaining the data’s of the proposed solution.
confidentiality, integrity, and authenticity. To ensure the
security and privacy of data in cloud computing services 3.1 Advanced Encryption Standard (AES)
over the internet, the Irondale encryption algorithm and
EAP-CHAP technology are utilized for authentication and Nowadays, AES is a leading option for assuring digital sys-
confidentiality. tem security. AES is the primary data security protocol used
Verifying data integrity holds significance in various con- in cloud and IoT services [18]. It is one of the best avail-
temporary devices like IoT devices. These storage spaces able options for encrypting big data blocks that are stored,
contain extensive data, including highly sensitive informa- processed, and transported utilizing the cloud because of
tion, underscoring the necessity for authentication in con- its simplicity and processing speed. The US National Insti-
junction with these devices. To execute cryptographic opera- tute of Standards and Technologies (NIST) chose the AES
tions on the device, a robust processor is required due to the algorithm as its default encryption method in 2001 (Fed-
complexity of the tasks. These devices utilize cloud services eral Information). Comparatively to DES, [16], the Feistel
to facilitate data authentication and protocol execution [14]. network is not used in AES. Sensitive information can be
Singla et al. [15], introduced the Wide Area Measurement encrypted and decrypted using the AES method’s single key.
System Key Management, a model designed for the smart Meaningful data is converted by encryption into cipher text,
grid. This system employs public key infrastructure for an unreadable format that requires the AES key to decipher,
secure data communication and authentication across vari- data is transformed back into plaintext, or original meaning,
ous devices to implement protocols. It’s worth noting that by decrypting the cipher text.
the conventional public key infrastructure can also address AES offers the advantages of different design options
this issue effectively. and architectures coupled with real security to meet cloud
Almorsy et al. [16], introduce the 8-bit ECC proces- requirements the architectural security offered by AES needs
sor that utilizes only 11 cuts. An assessment of duplica- to be carefully implemented[19].
tion methods was conducted, revealing the effectiveness of AES is a 32-bit block encryption that operates on plain
Karatsuba, Stall, and Montgomery’s specific enhancement text that is 16 bytes (128 bits) in size and does multiple
techniques. The examination focused on these three augmen- rounds to add encryption and decryption. With varying
tation methods, ultimately selecting Karatsuba duplication key lengths of 128, 192, and 256 bits, this cryptographic
13
Int. j. inf. tecnol.
Shukla et. al. [6] JAVA ECC + AES Shamir secret key combined with CSP does not store any information
AES-ECC related to the private key of indi-
vidual users
Yahia et. al. [7] MATLAB DES + AES + Blowfish Comparative analysis of various Substantial key size is required for
existing algorithms encryption
Madhavi et.al. [8], JAVA RSA + ECC Two-layered security approach Employing (ECC) alongside (GDLP)
where the group operations extend
beyond mere multiplication
Chen et. al. [9] Euler’s Phi function ECC Two-layered security approach Less data security
Sridharan et. al. [10] iFogSim ECC Point Multiplication in Hybrid Reduced security of data for Internet
Approach of Things (IoT) in cloud-based
environments
Astuti et. al. [13] Python ECC The Irondale security algorithm is EAP-CHAP requires a significant
employed alongside EAP-CHAP amount of computational resources
Awad et. al. [14] XSS ECC Model-based approach A compact protective barrier sur-
rounds the security enclosure
Singla et. al. [15] MATLAB RSA Smart grid model named WAM The smart grid requires various
(Wide Area Measurement) devices to secure the transmis-
sion of data within localized area
measurements
Nie et. al. [17] AESCrypt with AES + ECC AESCrypt Two-layered security There is a restricted space for carry-
OpenSSL in the approach ing out ECC operations
Linux
technique can offer security. These are the following steps 3.2 Basics of Elliptic Curve Cryptography
involved in AES:
ECC was introduced as a potential solution to address the
• Byte Substitution (SubBytes): In this stage, every byte limitations of slow speed, redundancy, and key size found
is exchanged from a different byte. This process utilizes in established encryption methods like the digital signature
a reference table known as the S-box. The substitution algorithm (DSA) and Rivest, Shamir, and Adleman (RSA)
is executed so that a byte is never replaced by an identi- algorithm, [20–23]. ECC operates on an algebraic-curve-
cal byte, nor is it replaced by a byte that complements based system utilizing elliptical curve points within a finite
the current one. As a result of this operation, a 16-byte field. Combining ECC with the AES algorithm can offer
matrix, enhanced security for modern technologies that are con-
• Shiftrows: This procedure operates precisely as it seems. stantly evolving [24, 25]. Depending on the specific use
Each row experiences a designated number of shifts. The case, elliptic curve cryptosystems can be designed for either
first row remains unaltered, while the second row shifts prime or binary fields.
leftward once, the third-row shifts leftward twice, and the ECC offers a comparable level of security to other crypto-
fourth row shifts leftward thrice. graphic algorithms but with the advantage of using smaller
• MixColumns: This stage involves performing a matrix key sizes. For example, an ECC-80-bit key provides the
multiplication, where every column undergoes multipli- same security as a 1024-bit RSA key.
cation with a specific matrix, changing the byte positions
within each column. It is important to consider that the
final step of the process does not include this step.
• Addroundkey: The outcome obtained from the preceding Table 2 Comparable Key Strength of Various Algorithms
step is subjected to XOR operation with the associated ECC RSA Diffie-Hellman AES
round key. In this context, the 16-byte arrangement is not
80 1024 1024 160
treated as a grid but rather as a 128-bit data set.
112 2048 2048 224
128 3072 3072 256
192 7680 7680 384
256 15,360 15,360 521
13
Int. j. inf. tecnol.
The representation of the elliptic curve on a prime field can Suppose A point P such that P = (XP , YP ) where XP≠0.
be expressed as: y2 (modp) = x3 + ax + b(modp)Where (4 a3 Consider a point Q such that Q = 2P , where Q = (XQ , YQ ).
+27 b2 ) (mod p)≠ 0. Each element is an integer within the The coordinate of Q is given according to Eq. 2.
range of 0 to (p-1). Moreover, all the mathematical opera-
⎧ XQ = (λ2 −� 2X P ) mod p
tions will occur within a uniform range, i.e. from 0 to (p-1). ⎪ Y = (−X + 𝜆 X − X � mod p)
To enhance security, a prime number p is chosen from a ⎨ Q P P Q (2)
(3X 2 −p )
range of 0 to n-1 bits where n is a random number over the ⎪ 𝜆 = (2YP ) t
⎩ p
prime field [28]. Based on Eq. (1) and the variability of p,
it is evident that calculating the y coordinate on the ellipti- The parameters selected for the elliptic curve are repre-
cal curve using the x coordinate requires substantial data sented by "λ," which denotes the tangent at point A and pt .
width addition, multiplication, and point-doubling opera- Figure 2 shows the point doubling operation over EC.
tions depending on the values of x, a, and b. The fundamental process in the ECC algorithm involves
performing point multiplication
• Point Addition:
Q = kP (3)
Let two points, P and Q as P = (XP , YP ) and Q = (XQ , YQ ). where Q is derived from multiplying the private key k with
Suppose a point R is the point Addition of P and Q, such the base point P on the elliptic curve to obtain the public key
that R = P + Q, whose coordinate is given as R = (XR , YR ), Q. Where k is a point between 0 to n-1 and.
according to Eq. 1.
13
Int. j. inf. tecnol.
Q=P+P+P+…+P
⏟⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏟⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏟
k times
13
Int. j. inf. tecnol.
• Cloud service provider: This entity serves as the primary with the cloud service provider. Following the registra-
overseer or central governing body for any cloud envi- tion process, the user utilizes their username, password,
ronment that facilitates infrastructure and delivers cloud and attribute to login into the cloud service provider. The
services through the utilization of multiple high-powered information of the users who have registered is stored
servers equipped with ample memory capacity [30]. within the database hosted on a cloud server. When a
• IoT: IoT devices store sensitive or regular data within the user signs up for cloud services, a hash code is generated
cloud server’s database and rely on the Cloud Service using the SHA-512 algorithm as a standard procedure to
Provider (CSP) to handle the data. authenticate the user’s identity. In the verification pro-
• User: Users may be viewed as authorized individuals or cess, the server checks if the user employing the hash
entities seeking access to data or various services pro- function is indeed an authenticated user or not. Once the
vided by the cloud service provider. user’s identity is verified, the IoT devices that have been
registered, are triggered into operation. The data transmit-
To ensure secure communication between IoT devices ted by these devices is concurrently gathered by the cloud
and users, a comprehensive method is proposed to estab- server in an encrypted format, ensuring the safeguarding
lish robust security for the data transmitted by IoT-ena- of data against potential attackers. The cloud transmits
bled devices. This recommended approach encompasses the encrypted data to the respective user. Subsequently,
two distinct phases: (1) authentication, and (2) ensuring the user decrypts the encrypted data by using the secret
robust security of IoT data during communication. The key. In the second phase, key generation and expansion
first phase of the suggested system is the authentication. are done through ECC and GA, and data is encrypted
This phase involves three steps: registration, login, and and decrypted by the AES algorithm. Figure 4 shows the
verification. Initially, the user registers their information workflow of the proposed scheme.
13
Int. j. inf. tecnol.
13
Int. j. inf. tecnol.
Step 1: Every IoT device registers with a unique Idi to the Step 6: The IoT device generates fresh key pairs and
TC to ensure its information is stored and retained. requests to the TC for certificate signing.
Step 2: The TC authorizes the IoT device, stores its regis- Step 7: The TC validates the signature and signs the cer-
ter data in its database, and sends the root certificate to the tificate if it is valid, then sends the operational certificate to
IoT device. the IoT device.
Step 3: The device stores its account details within its Step 8: The registration of the CSP with the trust center
database and subsequently generates a key pair. is essential for facilitating the connectivity of IoT devices.
Step 4: The IoT device requests the TC for an enrollment CSP transmits ( SIdj ∙ dj ) to TC.
certificate. Step 9: The TC provides an identifier and password to
Step 5: The TC validates identity and sends the enrolment the cloud service provider, storing the CSP’s details in the.
certificate if the device is valid. Otherwise, the request is TC database. Subsequently, the TC forwards a registration
denied. confirmation to the CSP.
13
Int. j. inf. tecnol.
Table 4 Symbol used for IoT authentication and BN = |Curr − Negative |, where Positive and Negative have
Symbol Description approved boundaries for the time frame and Curr represent
the current time. If an action falls within the BP boundary, it
TC Trust Center is deemed positive; otherwise, it is ruled out. The same prin-
Idi Identification of the device i ciple applies to a negative action within the BN boundary.
CSP Cloud Service provider The level of trust in the CSP is determined using a fuzzy
SIdj Identification of server j system that considers the count of positive as well as nega-
SPj Service provider j tive actions. The fuzzy system utilizes input variables rep-
dj A random number selected by the server i resenting the quantity of positive as well as negative behav-
TS Time Stamp iors and employs triangle membership functions for both
X Trust center security number variables.
ΔRT Threshold of the distance of sending the Step 11: Upon verifying CSP authentication after step 8,
CSP`s request to the IoT
the T C proceeds to transmit the key Ki to the CSP.
ΔT Threshold of delay
Step 12: The capability to make requests and obtain ser-
vices will be accomplished through the sharing of a mutual
key between the device and the service provider. During this
Step 10: Every time data is requested from the IoT device, stage, the IoT device shares the mutual key with the CSP.
it is essential to authenticate the CSP. Consequently, the Step 13: By utilizing the issued key, the CSP can now
server transmits CSP details to TC for to assess the CSP entry establish secure communication with the IoT device, and
and establish a shared connection key. After assessing time- request data. We employ a hybrid model of ECC and AES
related factors, which include the minimum time interval to send messages securely.
between consecutive requests made by the CSP, ensuring it
meets or exceeds the required time gap for sending a request 4.2 Data security and privacy
to an IoT device (TSni − TSn−1i
≥ ΔRT) , additionally, the
delay should not exceed the predetermined threshold After the IoT devices are activated, the data generated by
cur
(TSP − TSi ) < ΔT . The TC then proceeds to create the key. these devices is transmitted to the cloud server. Robust
j
Assessing the reliability of CSP and subsequently determin- security measures are essential to safeguard the informa-
ing the IoT device’s accessibility is a crucial responsibility tion as it travels from the IoT devices to the cloud. This
of the trust center. The time frame is characterized by its protection ensures that sensitive data remains confidential
defined positive and negative bounds as BP = |Curr − Positive | and prevents unauthorized access, thereby maintaining
the integrity and trustworthiness of the IoT ecosystem. A
13
Int. j. inf. tecnol.
∑n
robust encryption process is proposed to ensure the utmost D= b
i=1 i
(4)
privacy and security when transferring data from IoT devices
to the cloud server. The values of data generated by the IoT In the described process, every block undergoes a trans-
devices undergo encryption using the AES algorithm. This formation into a 4 × 4 matrix, and subsequently, encryption
encryption process involves the utilization of a secret key, and decryption are applied using the AES algorithm. This
which is generated through a combination of ECC and GA. technique is visually represented in Fig. 8, illustrating the
By employing this state-of-the-art encryption methodol- crucial steps in securing the data. This process is a crucial
ogy, we can confidently safeguard the confidentiality and step in securing data, and ensuring its confidentiality and
integrity of the transmitted data, providing a robust shield integrity.
against unauthorized access and potential threats to privacy.
Figure 7 illustrates the complete design of the security and
privacy approach.
5 Results and discussion
Combining ECC with GA decreases the key length, which
makes the system effective. ECC is used as a lightweight
A Python-based platform, along with the SageMath tool,
cryptography scheme for data security. To attain the desired
was utilized to create a simulation of the suggested authen-
outcomes, it may be beneficial to maintain data with smaller
tication and encryption system for IoT data. We used the
keys. This will help to optimize the performance. The small
pycryptodome library of Python and brainpoolP256r1 spe-
key length of ECC is its main advantage [31].
cific elliptic curve for the suggested method.
Whereas, AES is considered highly secure and efficient,
To compare our suggested method with other existing
making it a popular choice for securing data in various appli-
strategies, we use four different datasets, of size 128 kB,
cations, including data transmission and storage [32, 33].
188 kB, 214 kB, and 254 kB respectively. Consequently, we
The data security and privacy stage consists of four phases
needed to assess how long it would take to generate the keys,
(i) Key generation (ii) Key expansion (iii) Encryption, and
encryption, and decryption of data. It can be easily seen
(iv) Decryption.
that the key generation, encryption, and decryption time of
the proposed approach is lesser in comparison to the other
• Key Generation
cryptographic algorithms. With the reduction in time, the
computational cost of the system also reduces, hence the
Step 1: Choose a randomly generated 256-bit number
system becomes more effective. Figure 9 illustrates the com-
from the Elliptic Curve.
parison of key generation time, Fig. 10 presents the encryp-
Step 2: Split this bit sequence into two equal segments
tion time comparison, and Fig. 11 displays the decryption
containing 128 bits each.
time comparison. Figure 12 illustrates that the suggested
Step 3: Utilize GA techniques, specifically employing a
model outperforms DES by 51.21% and surpasses RSA by
two-point crossover and mutation operation, on this pair of
81.25% in terms of speed.
strings.
Experimental analysis indicates that the suggested model
Step 4: Ultimately, both bit strings undergo an XOR
guarantees privacy by producing unpredictable variations
operation, resulting in a 128-bit string that is regarded as
when minor alterations are made to the key. Furthermore, we
the secret key K0.
employ Eq. 5 to assess the extent of dissimilarity between
two ciphertexts derived from the same plaintext, which
• Key Expansion
reveals a significant avalanche effect in the proposed model
compared to alternative models, as illustrated in Fig. 13.
In the AES, the number of keys used in the encryption
and decryption process is indeed equal to the number of ∑n ∑n
(Ciphertext2) − i=1 (ciphertext1)
rounds plus one. The remaining keys are produced in the A = i=1 ∑n × 100 (5)
(ciphertext1)
same manner as the key generation process described above. i=1
and Ki = (Ki ⊕ Ki−1 ), where i = 1,2,3,…… Throughput values are determined by applying Eq. 6. A
greater throughput signifies superior efficiency and effec-
• Encryption and Decryption tiveness of the algorithm. Analyzing these throughput
values reveals that the proposed model outperforms other
Divide the data D from the IoT device into 16-octet models in terms of efficiency. The examination reveals that
blocks, each 128-bit according to Eq. 4, labeled as b 1, b2, the suggested approach outperforms the alternatives regard-
b3, …, bn. Pad the last block with zeros if needed. However, ing throughput efficiency. Specifically, the chart illustrates
if the message M is an empty string, no additional blocks throughputs of 1543.611 KB/s for RSA, 2136.298 KB/s for
will be added during this process.
13
Int. j. inf. tecnol.
∑
DES, and 2325.926 KB/s for the proposed hybrid model. Datasize
Figure 14 illustrates the throughput efficiency of the pro- Throughput(KB∕ms) = ∑ (6)
Time
posed model.
13
Int. j. inf. tecnol.
6 Security analysis
6.1 DoS attack
6.2 Replay attack
Fig. 12 Average percent time faster speed Suppose an adversary attempts to replay an old message
to the server. In our proposed approach, the cloud ser-
vice provider can detect that this message is not current.
Initially, the cloud server verifies the timestamp validity
using the condition T2 − T1 ≤ ΔT; if it’s considered valid,
the session terminates. The same validation process occurs
when the server receives an IoT device message, check-
ing if T4 − T3 ≤ ΔT. Meanwhile, the sensor node and the
user employ T3 − T2 ≤ ΔT and T5 − T4 ≤ ΔT, respectively,
to assess the freshness of the cloud server’s message. As a
result, our proposed protocol is resilient to replay attacks.
Fig. 13 Avalanche effect analysis
6.3 Insider attack
13
Int. j. inf. tecnol.
13
Int. j. inf. tecnol.
22. Ubaidur Rahman NH, Balamurugan C, Mariappan R (2015) A 30. Namasudra S et al. Securing multimedia by using DNA-based
novel DNA computing based encryption and decryption algo- encryption in the cloud computing environment. ACM Transac-
rithm. Proc Comput Sci 46:463–475 tions on Multimedia Computing, Communications, and Applica-
23. Cheng C, Lu R, Petzoldt A, Takagi T (2017) Securing the internet tions (TOMM) 16.3s (2020): 1–19.
of things in a quantum world. IEEE Commun Mag 55(2):116–120 31. AlMajed H, AlMogren A (2020) A secure and efficient ECC-
24. Imam R, Anwer F, Nadeem M (2022) An effective and enhanced based scheme for edge computing and internet of things. Sensors
RSA based public key encryption scheme (XRSA). Int J Inf Tech- 20(21):6158
nol 14(5):2645–2656 32. Imam R, Anwer F (2022) An empirical study of secure and com-
25. Lawal OM et al (2021) An improved hybrid scheme for e-pay- plex variants of RSA scheme. In Cyber Security, Privacy and
ment security using elliptic curve cryptography. Int J Inf Technol Networking (pp. 185–196). Springer, Singapore.
13:139–153 33. Pawar RS, Kalbande DR (2023) Optimization of quality of service
26. Sethi PC, NeelimaSahu, Kumar Behera P Group security using using ECEBA protocol in wireless body area network. Int J Inf
ECC. International Journal of Information Technology (2022): Technol 15:595–610. https://d oi.o rg/1 0.1 007/s 41870-0 22-0 1152-z
1–9.
27. Jain S, Doriya R (2022) Security framework to healthcare robots Springer Nature or its licensor (e.g. a society or other partner) holds
for secure sharing of healthcare data from cloud. Int J Inf Technol exclusive rights to this article under a publishing agreement with the
14(5):2429–2439 author(s) or other rightsholder(s); author self-archiving of the accepted
28. Odelu V, Das AK, Choo KKR, Kumar N, Park Y (2017) Effi- manuscript version of this article is solely governed by the terms of
cient and secure time-key based single sign-on authentication for such publishing agreement and applicable law.
mobile devices. IEEE Access 5:27707–27721
29. Certicom Corp., Standards for Efficient Cryptography, SEC 2:
Recommended Elliptic Curve Domain Parameters, Version 1.0,
Certicom, Sept. 2000.
13