General Letters in

In the past decade, the Internet of Things (IoT) has emerged and has been of great importance in the digital world arousing the interest of the scientiﬁc community. The requirements of new small intelligent devices brought numerous security and privacy concerns. In order to secure the exchanged data through the IoT, integrity and authentication protocols are required and are usually constructed under hash functions. We notice that the most conventional cryptographic standards are not suitable for multiple platforms hardware/software. The expressed need is to construct lightweight functions and algorithms suitable for constrained environments including small devices. In this context, we propose a review of the research progress on IoT architecture. Further, we present and compare some selected lightweight cryptographic algorithms regarding security, performance, and resource requirements. The main goal of the present paper is to highlight the need to provide security systems for IoT applications through lightweight cryptographic mechanisms.


Introduction
The Internet of Things (IoT) is the latest internet evolution that enables many low resources and constrained devices to communicate with each other. It means that everything real becomes a virtual representation on IoT. IoT is a developing term that combines three concepts; Things are locatable, scalable, and heterogeneous [1]. In 2013, Gartner points out that IoT will generate more than $300 billion in revenue until 2020. Furthermore, the number of smartphones and tablets will reach up to 7.3 billion units by 2020 [2]. As IoT is growing rapidly, this exponential evolution will explode a massive amount of data communicated throughout the network. Besides, if these data are compromised, the whole system might suffer seriously. Therefore, security plays an important role in the network to protect data against unauthorized access, misuses, monitoring, and any modifications, etc. In recent years, the majority of cryptographic algorithms standards designed to fit into the desktop/server environment but not intended to be implemented on constrained devices due to the limitation of their resources. For passive RFID tags, they do not have battery-powered onboard, but instead, they absorb their power from the environment (RFID-Reader). Therefore, these constrained devices require efficient cryptographic functions that meet a very small amount of gate equivalents (GEs), stringent timing and energy consumption. For these reasons, the limitations of conventional cryptographic algorithms in resource-constrained devices impose many challenges to developing a new subfield of cryptography, which fulfills an optimist security mechanism needed. This new research area is referred to as lightweight cryptography (LWC). According to NIST lightweight cryptography is a new branch of cryptography that is developed to delivers adequate secure algorithms for constrained devices and aims to reduce the key size, cycle rate, throughput rate, power consumption, and area. Lightweight cryptography is a very large field which should be divided into two different areas: Ultra-lightweight and IoT cryptography [3]. An ultra-lightweight cryptographic algorithm is tailored to working on very cheap devices that have a limited shelf-life and that not connected to the internet. Such as RFID tags, smart cards, remote car keys, memory encryption and so on. Note that an ideal ultra-lightweight algorithm should have at least 80 bits in key size, 64 bits (or more) in block size, and a block /stream cipher as a type [3]. Whereas an IoT cryptographic algorithm is designed to running on low-resource devices interconnected to a public channel such as the internet. For that reason, the security mechanism must be more stringent than in the ultra-lightweight case. Moreover, its implementation should have 96 bits in block size, at least 128 bits in key size, and block cipher or sponge as a type [4]. The aforementioned comparison is therefore to understand the need for lightweight algorithms in order to provide new conservatives solutions that can be implemented over resource-limited devices. This paper provides an overview of IoT architecture in section 2. Next, we highlight and compare of different primitives of lightweight cryptographic algorithms based on their behavior on a performed platform in section 3. Lastly, we close the paper with a conclusion and references.

Overview of IoT architecture
IoT connects billions of things called objects (sensors, actuators, embedded devices, traditional computers, smartphones). These objects will establish a huge complex network for sharing information. Thus, IoT should take multiple decisions in real-time to manage the interconnection between these various objects. This is accomplished over the architecture of IoT. In July 2014 in Germany, the first meeting of the IEEE P2413 working group has shown that the standard architecture for IoT is still in progress [5]. Moreover, the conventional internet protocol cannot support M2M communication. In this section, we discuss several architectures of IoT that have been proposed in the literature. According to [1,6,7,8,9,10] the commonly IoT architectures are divided into three layers architecture; Perception or physical layer, network or commutation layer and application layer. The first layer (also known as the perceptual layer) is responsible for information acquisition for each object which helps in collecting the information in the IoT environment such as sensors, meters, RFID systems, and GPS systems, etc. The second layer is the network layer it is also known as the core of IoT consists to transmit information collected by the physical layer through the public network. This layer includes all transmission media such as WSNs, 5G, 4G, 3G, 2G, Internet, fiberoptic. Finally, the application layer defines as a method to identify the mold of application that will be used in IoT. The three-layer architecture presents general information but does not give numerous details about IoT structure and management of data congregate [6]. Authors in [7] added a new layer between the network and the application layer known as data management. This layer is responsible to manage data transmission and storage by centers for cloud computing and directory management servers. The four-layer architecture of IoT considers that it is the most suitable model. Authors in [6,10,11] proposed five layers by adding two layers which are the middleware or processing layer and the business layer. The first one positioned between the network and application layer in order to manage and analyze data congregated by the physical layer. The second one lays above the application layer and is responsible to present the design of the IoT applications and their management. Figure 1 summarizes of several architectures in IoT. Along with this, the most important criteria that should have in IoT architecture is the security guarantee. Therefore, the architecture should be able to protect data coming and going over the public network, to provide the quality of service, to endure passive and active attacks, and to guarantee the confidentiality and integrity protection of information sharing.

Related work
This paper outlines recent technologies of lightweight cryptographic primitives used on performed platforms. These primitives offer several advantages over traditional cryptographic standards. There are two main reasons to adopt new particular technology for resource-constrained environments. Firstly, the efficiency of the lightweight symmetric key algorithm to realize end-to-end communications security with limited energy consumption. On the other hand, the footprints of lightweight algorithms are smaller than the classical cryptographic ones. The lightweight cryptography primitives are capable to create more network connections in the low resource devices [4,12]. The lightweight cryptographic algorithms are divided into two types, symmetric and asymmetric ciphers as described below.

Symmetric Lightweight algorithms for IoT
This kind of encryption pre-shared the same key for both encryption and decryption of data. The symmetric key encryption considered secure and fast but does not guarantee authentication because if the key?s compromised, then the encrypted data gets extremely attacked. Symmetric ciphers include block, stream, and hash-functions. We report many different technologies of lightweight cryptography primitives.

Lightweight Block ciphers
In the last decade, there are a large number of methods which have been proposed and are currently used in lightweight block ciphers in order to achieve the best performance advantages in low resource smart devices such as Advanced Encryption Standard (AES-128) [13], which is based on substitution permutation network (SPN), it supports 128 bits block length, works with different key sizes of 128 with 10 rounds, 192 bits/ 12 rounds and 256 bits /14 rounds. Next is, DESL [14]. Or DES Light Weighted.
Basically, this cipher is proposed by simplifying the classical DES in order to enhance their efficiency. The DESL round function works with the single S-box instead of eight, which decreases hardware gate complexity. In [22] the comparison results between DESL with DES, DESX, DESXL, and also AES show that DESL is much appropriate for RFID tags by giving the smallest (35%) gate equivalence. PRESENT [15] is also based on SPN structure, it has a key size of 80 or 128 bits with 31 rounds, and uses on block of 64 bit. The PRESENT algorithm considered one of the first ultra-lightweight block ciphers that were designed from scratch in order to guarantee efficient security for a constrained hardware environment, but for software implementation, the substitution layer that applies 4-bits of input and the S-box output consumes large cycles. For that reason, an improved version was proposed known as RECTANGLE cipher [6]. RECTANGLE [16] and PRESENT are quite similar. The first one consists of just 25 rounds and considered more performed and suitable for both platform?s hardware and software implementations with limited resources.  [18]. Also, it has significant hardware performance in comparison to other block ciphers. HIGHT [19] (High Security and Lightweight) is based on Feistel network structure, it uses basic operations like addition mod 28 or XOR. It has a block size of 64-bits and works with 128-bit key, with 32 rounds [1]. CAMELLIA [20] is worked with a block size of 128 bits and 128, 192 and 256-bits of keys respectively. It was designed for both software and hardware implementations. The next is TEA [21] (Wheeler and Needham (1994)) and XTEA Tiny encryption algorithm is a block cipher based on ARX (Addition/Rotation/XOR) design, which consists of simple round structures that make them appropriate for constrained software environments. Later SIMON [24] and SPECK [25] were introduced in June 2013. SIMON is a lightweight cipher which is optimized for performance in hardware implementations, whereas SPECK has been dedicated for software implementations, there are two new proposed primitives MARX and SPECKEY which contain certain limits against single-trail differential and linear cryptanalysis. According to [22], SIMON was compared to AES, PRESENT, SPECK, TWINE, and PRINCE, it was concluded that SIMON and SPECK are ideal for use through heterogeneous networks, they are efficient in implementation than AES and also very suitable to work with. The last algorithm is TWINE [26] is based on Feistel structure, and when it was compared to AES, PRESENT, HIGHT, and Piccolo. The comparison results show that it was designed to fit in both hardware and software implementations. TWINE has two types, TWINE and TWINE8 with their respective key sizes. Both algorithms have 64 bits block size and 36 rounds. The comparative analysis of the aforementioned lightweight block ciphers is explained in Table 1 [22].

Lightweight hash functions
The research on lightweight dedicated hash functions held from 2006, when Feldhofer and Rechberger evoked the lack of applying lightweight hash functions in the RFID tags [2]. The Lightweight hash function creates output messages with a fixed length from arbitrary input length messages. The output is known as message digest and is used to secure many applications like Message Authentication Code (MAC), pseudo number generator for passwords, digital signatures and the integrity of the transmitted data. The hash function involves two main parts are construction and compression function. The design of the construction function is based on two main steps. The first step is considered to construct a compression function with a fixed domain.
The second step is to iterating this compression function many times to determine a hash function. This method is known as domain extension or design of iteration [23].
An ideal hash function with an n-bit output required three major security properties are given below.
• Collision resistance : The pair of different messages (M 1 , M 2 ) should be difficult to find such that H(M 1 ) = H(M 2 ).
• Preimage resistance : Given a random output r, it is difficult to find a message M 1 such that H(M 1 ) = r. Most conventional hash function algorithms required a huge internal state size, high energy consumption, and produce a large memory footprint, which is not suitable and efficient for resource-limited devices [3]. Furthermore, the implementation of lightweight hash functions is considered more complicated than lightweight block ciphers. Nevertheless, in 2007 Hirotaka Yoshida presents a new compression function known as MAME [22,27] which is a lightweight cryptographic hash function. It takes a 256-bit message block and a 256-bit chaining variable as inputs and produces a 256-bit output. After that, the authors in [28] proposed a novel operation of a PRESENT block cipher in hashing modes. Thus, the National Institute of Standards and Technology (NIST) approved many lightweight hash algorithms which take 256 characters in input and produces a smaller memory footprint such as SPONGENT [29], PHOTON [30], QUARK [31], LESAMNTA-LW [32], and KECCAK [18]. In [22] the comparison results between PHOTON, KECCAK-200, KECCAK-400, and SPONGENT when implemented on Xilinx Spartan 6 FPGA, where SPONGENT can achieve a highest throughput/area ratio, and PHOTON showed more suitable scalability in the area but lowest throughput in the field.

Lightweight stream ciphers
Lightweight stream ciphers are also considered as efficient and promising for resource constrained IoT environment [4]. Compared with lightweight block algorithms, the stream cipher described as faster, easier, and flexible in hardware applications efficiency. It based on two constructions such as Linear Feedback Shift Registers (LFSRs) and Non-Linear Feedback Shift Registers (NLFSRs). Table 2 summarizes some lightweight stream ciphers in terms of their constructions, key size, gate area, and throughput.

Asymmetric lightweight algorithms for IoT
In the case of asymmetric encryption, private and public keys are used for the establishment of communication between two entities. Usually, asymmetric encryption is applied to digital signatures (RSA, ECC) and key agreements (Diffie-Hellman (DH)) in order to provide the three noteworthy parts of lightweight cryptography such as authentication, confidentiality, and integrity. Apart from this, asymmetric encryption should be able enough to support all features possible and guarantee a strong mechanism to convey keys between the sender and the receiver. However, these security mechanisms have a large key size which increases the computational complexities such as RSA by Rivest, Shamir, and Adleman, Diffie-Hellman key exchange (DH), and Elliptic Curve Cryptography (ECC). Consequently, the alternatives lightweight asymmetric algorithms used are identification scheme crypto GPS, Authentication, and Key exchange mechanism ALIKE [39] (which is a lightweight key exchange algorithm based on RSA with the apply of AES encryption), ID-based signature scheme IBS [4], and ELLI (Elliptic Light) [6].

Conclusion
Lightweight cryptography has received attention from several researchers in the past two decades. This paper reviews the most promising lightweight cryptography solutions over resource-limited devices in regard to memory, energy consumption, and computation complexities. In spite of rapid evolution, many lightweight mechanisms are still in their start. Furthermore, we summarized and compared different kinds of lightweight algorithms implemented on multiple platforms hardware and software.