Performance Evaluation of Lightweight Cryptographic Algorithms for End-to-End Secure IoT Data Transmission over 5G Standalone

Abstract

The rapid growth of Internet of Things (IoT) applications over 5G networks demands secure, low-latency data transmission while operating under strict resource constraints. However, existing studies have relied on simulations or partial implementations that fail to capture real 5G features, thus producing overly optimistic elucidations of cryptographic performance. In addition, the absence of end-to-end validation across system layers introduces an opaque flow effect, where transparency lacks across the full transmission path. To address this gap, this paper presents a fully integrated end-to-end 5G IoT security framework that introduces a modified RC4-NL (nonlinear) algorithm to enhance the security of lightweight stream ciphers while preserving computational efficiency. Environmental sensor data is encrypted on a Raspberry Pi 4B and transmitted over a commercial 5G standalone network using a Quectel FG50V module to a Multi-access Edge-Computing (MEC) server. A web-based dashboard built with FastAPI, accessed securely through an Ngrok tunnel, performs real-time decryption and visualization on 5G-connected mobile devices. This architecture eliminates the opaque flow effect and enables realistic performance evaluation, thereby avoiding the optimistic elucidations observed in simulation-based studies. This work experimentally evaluates cryptographic algorithms named Ascon, ChaCha20, AES, standard RC4, and the proposed RC4-NL under the same conditions. Experimental findings indicate that modified RC4-NL achieved an encryption time of 977 µs, a decryption time of 456 µs, and provides a lower power consumption of 0.40 watts, thus giving a proper trade-off between efficiency and enhanced security compared to standard RC4.

1. Introduction

The Internet of Things (IoT) is expanding at an extraordinary speed, linking billions of sensory gadgets and offering the ability to monitor everything in real time in smart cities, farming, automation of industrial fields, and smart health organizations. The deployments of the IoT have a much lower latency, a high throughput, and enhanced reliability compared to previously used cellular technologies like 5G communication [1]. These features render 5G an interesting target of adoption on mission-critical IoT applications where data has to be delivered reliably and on time. Despite these advantages, embedded IoT nodes are mostly limited regarding computing power and memory, thereby limiting the availability of conventional heavyweight cryptographic primitives. Lightweight cryptography has thus found significance in trying to balance the devices with high security assurances. In 5G-based IoT environments, encryption methods are computationally efficient while minimizing transmission overhead to prevent additional latency across user-plane tunnels (e.g., GTP). In addition, with the rising number of applications, IoT data is increasingly processed in edge-computing environments to ensure secure and low-latency communication that is essential. Multi-access Edge Computing (MEC) is a solution to this need because it facilitates performing data processing closer to the 5G core, which is helpful in real-time analytics and decision-making [2,3,4]. In this context, integrating lightweight cryptography within a 5G-MEC pipeline is essential for achieving secure and efficient IoT communication.

The adoption of 5G networks essentially changes the machine-to-machine (M2M) IoT communication by providing connection of not only a vast count of devices but also very low latency and huge data rates. These features carry out cryptographic mechanisms to new demands, especially in the areas of scalability, computational efficiency and real-time performance. The cryptographic functions considered in this paper have unique benefits for implementation into 5G-powered IoT infrastructures. 5G Massive Machine-Type Communications (mmTCs) enables multiple IoT devices to send small data packets frequently, while operating under strict battery constraints. The National Institute of Standards and Technology’s (NIST) Ascon-based lightweight cryptography standards are provided for constrained environments because they provide authenticated encryption while resulting in minimal computational and memory use. NIST has made Ascon the official lightweight cryptography algorithm on constrained devices, after a multi-year public review process [5,6]. Moreover, ChaCha20 offers high-throughput encryption and predictable and constant-time performance in edge devices and IoT gateways where encryption is computationally limited and software-based. This design, built on ARX, does not include any lookup tables or hardware dependencies and therefore, is resistant to timing attacks and very efficient on general-purpose processors. These attributes render ChaCha20 an appealing option for secure data combination and sending on the edge within 5G-bodied IoT designs [7,8,9].

5G provides a high data rate and low latency, making it possible to communicate large-scale, high-throughput M2M. In this type of situation, AES is highly effective and is used when hardware acceleration is present. Being a highly standardized and highly analyzed cipher, AES is also suitable for industrial IoT systems, smart grids, and cloud-connected sensors transmitting vast amounts of data via 5G networks [10,11], needing high security guarantees. The security of 5G IoT systems depends on authentication of the secure device, key exchange mechanism, and identity management. ECC supports such capabilities using key sizes much smaller than conventional schemes based on a public key, with less computational and communication overhead. As a result, ECC is a protocol appropriate to onboard millions of IoT devices and to have them authenticated in a 5G deployment at scale [12]. Standard RC4 is cryptographically broken and should not be used in 5G and modern IoT applications because of established keystream biases, is vulnerable to statistical attacks and related-key attacks, and lacks built-in integrity protection. Yet, RC4 remains interesting for constrained environments due to its very small computational footprint. This motivates the design of a modified RC4 variant with enhanced mixing and diffusion properties, making it more suitable for contemporary IoT over 5G applications [13,14,15].

Even though 5G offers powerful mechanisms to ensure the safety of the communication environment through the provision of secure device access, trusted network components, and regulated flow of traffic, it does not unavoidably guarantee end-to-end data confidentiality. Cryptography is used to supplement 5G security by securing the real information being transmitted, independent of the underlying network technology, whether data travels over 5G, Wi-Fi, or other communication links. In the absence of cryptography, a secure 5G network still exposes sensitive data to insider threats or compromised nodes and fails to capture critical 5G-specific characteristics like dynamic uplink scheduling, GTP-U tunneling overhead, and MEC integration. Furthermore, prior studies lack end-to-end validation across the complete transmission pipeline, creating what we term the opaque flow effect, where encrypted data appears secure at individual checkpoints but lacks transparency across the full path. This creates a gap in understanding how these algorithms perform under real 5G deployment conditions.

Main Contribution of This Work

Thus, this work introduced a fully integrated 5G IoT testbed that enables continuous tracking and verification of encrypted packets from device to edge. Lightweight cryptographic algorithms on a Raspberry Pi 4B sensor node are experimentally evaluated, with encrypted sensor data transmitted exclusively through a Quectel FG50V-based 5G evaluation board to a MEC environment. A FastAPI-based dashboard provides real-time decryption and visualization. It is an entire testbed of deployed lightweight cryptography that is seen as one of the first practical 5G IoT pipeline applications. MEC supports low-latency data processing, which moves to compute resources near the 5G core, making it suitable for real-time IoT analytics. The main contributions of this work are as follows:

• To construct and deploy an end-to-end 5G IoT testbed, where a Raspberry Pi 4B sensor node encrypts environmental data and forwards it to a commercial 5G standalone network based on an MEC edge server.
• To address the statistical weaknesses of standard RC4, a novel modified RC4-NL algorithm is proposed, which incorporates enhanced key preprocessing, nonlinear key scheduling, and improved pseudo-random generation.
• To evaluate cryptographic performance, an experimental evaluation of algorithms (Ascon, ChaCha20, AES, RC4, and a variant thereof with modified RC4-NL) is performed on the encryption/decryption latency, payload overhead, and global 5G end-to-end delay.
• To ensure secure data transmission, GTP-U tunnel behavior is analyzed using Wireshark (Version 4.6.5) traces and real-time visualization of decrypted sensor data on a 5G-connected mobile device is demonstrated through a FastAPI dashboard, thus guaranteeing transparent end-to-end data flow and eliminating the opaque flow effect.

The remainder of this work is sorted as follows: Section 2 reviews the related work and identifies research gaps. Section 3 presents the proposed system architecture and describes the modified RC4 algorithm with theoretical analysis. Section 4 presents the experimental results and discussion. The validation is provided in Section 5, followed by conclusions and future work in Section 6.

2. Related Works

The quick development of IoT schemes linked with 5G networks has aggravated the need for lightweight, effective and secure cryptographic solutions. Many research studies were performed on authentication systems, encryption algorithms and hybrid designs to verify the limited environmental resources. This section reviews recent contributions, their strengths and limitations, as well as research gaps that motivate the proposed model.

Cagua et al. [16] presented the implementation and evaluation of the ASCON algorithm on both a simulation platform of CupCarbon and real hardware of Raspberry Pi to assess its suitability for secure IoT communication. The key significance lies in demonstrating that ASCON provides efficient, lightweight encryption and authentication while adapting well to resource-constrained IoT devices, with results showing predictable, proportional processing times relative to plaintext and associated data sizes, and achieving near-real-time performance. Additionally, integrating ASCON into the simulator enhanced the research capabilities for modeling secure IoT systems. However, the study is limited by discrepancies between simulation and real-world conditions, particularly the artificial delay factor in the simulator and the lack of full-scale real IoT deployment testing.

Raphael et al. [17] presented the in-house-developed ChaosFortress lightweight cryptographic algorithm, designed specifically for resource-constrained IoT environments. The algorithm was experimentally evaluated against widely used lightweight cryptographic schemes, including ACORN, Ascon, ChaChaPoly, Speck, tinyAES, and tinyECC, using an Arduino and LoRa-based communication setup along with NIST Statistical Test Suite (STS) analysis. The ChaosFortress achieved superior transmission efficiency and competitive execution speed while maintaining strong cryptographic randomness. Its ability to provide cipher randomization further enhances resistance against pattern-based and plaintext attacks. However, the algorithm has certain limitations, including the use of a relatively smaller key and nonce size, which reduce its theoretical security level compared to standard 128/256-bit schemes, and its evaluation is limited to a controlled experimental setup rather than large-scale real-world deployments.

Sorescu et al. [18] provided a comparative performance analysis of selected modern cryptographic algorithms on a resource-constrained IoT platform, the Nordic Thingy:53. Also, a set of ciphers were evaluated, including the NIST lightweight standard ASCON, eSTREAM finalists Salsa20, Rabbit, Sosemanuk, HC-256, and the extended-nonce variant XChaCha20. Using a dual test-bench methodology, this work measured energy consumption and performance under two distinct scenarios: a low-data-rate Bluetooth mesh network and a high-throughput bulk data transfer. In high-throughput tests, ciphers like XChaCha20, Salsa20, and ASCON32 demonstrated superior speed, while HC-256 proved impractically slow for large payloads. The results are derived specifically for Bluetooth mesh and high-throughput bulk transfer, which do not translate to other IoT communication protocols.

A lightweight hybrid cryptography scheme was created by Zwiad et al. [19] specifically for IoT devices with limited resources. To securely establish keys with the symmetric speed and minimal overhead of a data encryption scheme, the ChaCha20-Poly1305 authenticated encryption with associated data (AEAD) scheme was collaboratively built on certificate-based authentication based on elliptic curve cryptography (ECC). A realistic IoT hardware (ARM Cortex-M4) model was used to replicate the entire architectural design with a greater degree of security. Nevertheless, the method adds extra complexity because of certificate validation and ECC processes, which might affect performance in deployments with extremely low power or high latency sensitivity.

To ensure that all communications between Network Functions (NFs) in the 5G core network were secured by QKD keys and thus were quantum-safe, Atutxa et al. [20] presented a novel solution that implements TLS for authentication and encryption using entanglement-based Quantum Key Distribution (QKD). The Network Repository Function (NRF), which stores and distributes TLS session keys to authorized consumer NFs to access producer NFs in a quick yet quantum-safe manner, was also presented as a QKD key repository. This was validated by a real implementation of a hardware-based testbed that is used to test the functionality of the proposal as well as to test its performance. The approach uses physical QKD devices as keys, and these are costly, infeasible and not as scalable as software-defined networking alternatives.

KP et al. [21] have examined lightweight security solutions and authentication schemes in 5G-enabled IoT networks. SHA-3, ECC and AES lightweight security solutions were tested on resource-constrained IoT devices. Post-quantum cryptography, including code-based and lattice-based encryption, was also developed to withstand possible quantum attacks. The findings indicate that, although conventional authentication techniques guarantee strong security, post-quantum cryptography techniques and lightweight security solutions are necessary for realistic implementation in IoT devices with constrained processing power. Security accelerations cause latency, and this is not acceptable with real-time 5G applications like autonomous vehicles or industrial automation.

Seok et al. [22] aimed at achieving device-to-device communication in 5G IoT networks with lightweight cryptography that has lower latency and calculation expenses. To support lightweight authenticated encryption with associated data (AEAD) ciphers and elliptic curve cryptography (ECC), this secure D2D communication was created to address the IoT devices with resource constraints. The method pays particular attention to such security threats as eavesdropping and unauthorized access as an option, which is robust and efficient in contrast to past security protocols. However, the study is restricted to D2D scenarios and does not address end-to-end IoT data transmission, real-time performance evaluation, or web-based visualization.

In a 5G network, Gupta et al. [23] proposed a security system in D2D wireless communication based on the use of lightweight modified elliptic curve cryptography (LMECC). This scheme was based on a proactive routing scheme to find out the services, to link setup management and to transfer data with the goal of minimizing the overhead of communication during user authentication. The suggested scheme was contrasted to Diffie Hellman (DH) and ElGamal (ELG) to evaluate the protocol overhead and security enhancement at the network edge. However, this scheme is primarily limited to D2D communication scenarios and does not evaluate performance in an end-to-end IoT data transmission pipeline over a real 5G infrastructure.

An efficiency analysis of lightweight cryptographic algorithms is introduced by Radhakrishnan et al. [24] in the case of IoT applications. This utilized Message Queuing Telemetric Transport (MQTT) to evaluate metrics like computation cost, memory utilization and energy expenditure on a limited device. The study demonstrates the suitability of lightweight primitives for sensor-based systems but does not consider their performance over cellular networks or 5G core infrastructure. However, the present work also compares lightweight cryptography in a real 5G-enabled IoT system with MEC-based data processing. In addition to lightweight ciphers, there are authenticated encryption schemes, which are also known as AHEAD, that perform device authentication as well as data encryption simultaneously.

Kumar et al. [25] designed a novel hybrid cryptographic framework integrating the AES, the Data Encryption Standard (DES), in addition to the Rivest–Shamir–Adleman (RSA) algorithm. AES and DES are symmetric algorithms that deliver high-speed encryption to effectively secure data, and RSA facilitates key exchange and authentication. Dynamic round keys were added, which increased the complexity of encryption and made it harder to resist cryptanalytic attacks. Moreover, practical implementation on ESP32 hardware confirmed the model’s feasibility for real-time encryption in resource-constrained environments typical of 5G applications. However, the focus is on algorithm benchmarking rather than testing how the hybrid encryption behaves within actual 5G protocols like GTP-U tunnels.

Existing works reveal several serious limitations despite advancements. The majority of the literature, including [16], is limited by the variances between the simulation and the real-world setting, especially caused by the presence of artificial delay and absence of full-scale deployment testing. In [17], the use of smaller key and nonce sizes and limited experimental scope reduce its practical security assurance [18], and focuses on Bluetooth mesh and bulk transfer, limiting generalizability across diverse IoT protocols; ref. [19] introduces additional computational overhead due to ECC and certificate handling. Solutions in [20] provide high security, but are very costly, complex and scalable; ref. [21] introduces latency, which is not ideal in real-time 5G applications. Works focused on D2D communication, including [22,23], are limited in scope and do not address complete end-to-end IoT data transmission. Similarly, ref. [24] evaluates performance only in MQTT-based environments without considering 5G network conditions. Finally, ref. [25] is effective at the algorithmic level but lacks integration within real 5G communication protocols. As a result, there is a clear need for a lightweight, secure, and practically deployable cryptographic solution that operates efficiently within a real end-to-end 5G IoT environment. In particular, while RC4 offers extremely low computational overhead, its well-known security weaknesses limit its applicability.

Motivation

Many studies assess 5G security using Wi-Fi, ZigBee or simulations as an alternative for real 5G networks because they are very costly and complex. These environments lack 5G-specific key characteristics like dynamic uplink scheduling, GTP-U tunneling overhead, and MEC latency, which ignore realistic conditions. For example, in real 5G systems, data transmission is governed by dynamic uplink scheduling at the base station, introducing realistic factors such as queuing delays, scheduling grants, and retransmissions that directly impact cryptographic latency. In non-5G environments, these effects do not occur and underestimate the effects of encryption and authentication delays. Furthermore, real 5G networks use GTP-U tunneling for user data transport. This introduces additional header encapsulation, where each data packet is wrapped with GTP-U, UDP, and IP headers. The additional overhead associated with larger packet sizes, more bandwidth usage, and increased processing delays due to these effects is not included in simulations and, therefore, leads to inaccurate measurements of transmission delays and the efficiency of cryptographic payloads. As a result, the realism of the performance evaluation is compromised; this gap leads to overly optimistic elucidations, where lightweight cryptographic algorithms appear more efficient than they would be in actual 5G deployments, thereby hindering the development of practical, scalable, and deployment-ready security solutions for 5G-enabled IoT systems.

Research on IoT security over 5G focuses on the algorithm-level, protocol-level or device-level. However, this fails to address complete end-to-end data flow validation due to the high implementation overhead, which requires integration of heterogeneous hardware, configuration of 5G modules, tunneling mechanisms, and development of backend setups like servers, APIs, and dashboards. This creates transient exposure points and inconsistencies in encrypted data flow because the absence of end-to-end validation prevents effective verification of encrypted data by continuous tracking and correlation of encrypted packets across all system layers. Without validation, it is hard to verify whether it has been consistently encrypted, formatted correctly, and has not been tampered with while passing through intermediate nodes. Thus, security assurances derived at lower layers become unreliable, which leads to fragmented trust across the system where each layer operates under isolated assumptions. This subtle disconnection results in the opaque flow effect, where encrypted data appears secure at individual checkpoints but lacks transparency across the full transmission path, making it difficult to detect partial exposure or misinterpretation in practice due to a lack of visibility. So, application-layer systems operating without real-time decryption feedback and visualization struggle to detect hidden attack surfaces across edge and core nodes.

3. Proposed Methodology

Therefore, to tackle these vulnerabilities in the existing 5G IoT security studies, specifically the lack of end-to-end validation, absence of real 5G characteristics, and the resulting opaque flow effect, this work proposes a fully integrated end-to-end 5G IoT security framework. In contrast to the prior works that evaluate isolated components, which assess individual elements, this model provides end-to-end monitoring, validation, and correlation of encrypted packets throughout the entire transmission pipeline, thereby eliminating fragmented trust among different layers of the system.

3.1. Proposed Architecture

The system architecture, shown in Figure 1, ensures secure data transmission from sensing devices to end users through a real 5G network. This architecture is specifically designed to eliminate optimistic elucidations observed in non-5G evaluations and to mitigate the opaque flow effect by enabling continuous validation of encrypted packets across sensing, network, edge, and application layers.

At the sensing layer, environmental sensors measure parameters including temperature, humidity, and soil moisture, which are connected with a Raspberry Pi 4B. The Raspberry Pi is used as the data collection and processing unit, gathering sensor data at certain intervals, and summarizing it into structured packets of the JSON format. In order to guarantee the privacy of the data from the point of origin, each packet is encrypted at the device level before transmission. To mitigate the cryptographic weaknesses, particularly its early keystream bias and weak key scheduling during encryption, a modified RC4 nonlinear algorithm is proposed. Several cryptographic algorithms, such as Ascon, ChaCha20, AES, standard RC4, and the proposed modified RC4-NL, are used to compare the algorithms’ performance under the same system conditions. This guarantees privacy of data before accessing the network.

Encrypted packets are transmitted through a Quectel FG50V 5G User Equipment (UE) module, which provides over-the-air connectivity to the 5G network. Unlike Wi-Fi or simulated environments, this scenario models the true characteristics of a real-world 5G system, such as dynamic uplink scheduling of transmission resources allocated by a base station based on current network conditions. This adds on realistic considerations such as scheduling delays, queuing effects and retransmissions that directly affect cryptographic latency. A 5G Radio Access Network (RAN) is connected with UE. The UE comprises a Radio Unit (RU), Distributed Unit (DU), and Centralized Unit (CU). The RAN encapsulates the encrypted payloads in GTP-U tunnels and forwards them to the 5G core network. Within the core, the User-Plane Function (UPF) routes the packets to the edge layer, while the control-plane entities (AMF/SMF) handle session establishment without modifications.

At the edge, a Multi-access Edge-Computing (MEC) virtual machine (VM) terminates the GTP-U tunnel and exposes the encrypted packets to an application-layer stack implemented in Python 3.11.2. In the MEC environment, an encrypted packet is transmitted to a FastAPI-based service, which decrypts the packet using the correct cryptographic algorithm and verifies the security, integrity, and validity of the data contained within that packet. The sensor values in decrypted format are then stored in JSON format for future processing. This edge-based decryption technique permits real-time verification of encrypted data to make sure that it is stable, properly structured and undistorted during transmission. By performing verification at the edge, the system minimizes latency and eliminates the possibility of errors or detected security breaches, thereby addressing the shortcoming of end-to-end verification that has been noted in prior research. The MEC VM is deployed within a controlled network environment, connected to the University of Hyderabad IT network and protected by a firewall to ensure isolation and security of the experimental setup.

To eliminate the opaque flow effect and provide full transparency, the application layer presents the processed data through a FastAPI web dashboard. This dashboard is accessible to end users who have a secure tunnel of Ngrok, using either 5G or Wi-Fi-enabled devices. The dashboard allows real-time visualization of live sensor readings and the analysis of past information that has been recorded on the 5G network. This continuous visualization allows checking the encryption and decryption process on the entire pipeline and allows users to notice the inconsistencies, packet loss, or anomalies in real time. Consequently, the system makes the encrypted data traceable and verifiable at each step, thus overcoming the limitations of fragmented and opaque data flows.

3.2. Analysis of Various Cryptographic Algorithms

In the proposed framework, each cryptographic algorithm is employed to encrypt raw sensor data packets at the device layer before transmission over the 5G network. This ensures data confidentiality is preserved from the point of origin, which allows a fair assessment of different cryptographic schemes under the same system conditions. Furthermore, the framework is designed to experimentally evaluate lightweight cryptographic algorithms, including Ascon, ChaCha20, AES, RC4, and a modified RC4 nonlinear algorithm, in terms of encryption/decryption latency, payload overhead, and 5G end-to-end delay, enabling a comprehensive performance comparison under real deployment conditions.

ChaCha20 is a stream cipher that is standardized for Internet protocols and is still widely used with Poly1305 as an authenticated encryption. The operation of ChaCha20 is designed around add–rotate–XOR (ARX) operations, which provide excellent speed both on embedded systems and on general-purpose hardware. Its design consists of 20 rounds, producing a very uniform keystream, and ChaCha20 has demonstrated strong resistance to timing and cache attacks due to its high throughput and strong security characteristics. For real-time IoT applications that need to encrypt data quickly and reliably, ChaCha20 is a good option because it combines security and performance, and is widely used in new communication protocols.

AES-CCM is an authenticated encryption mode that provides confidentiality in AES Counter (CTR) mode and integrity using CBC-MAC mode. AES-CCM is used to perform authentication and encryption using a single operation, making it ideal for constrained and wireless environments. Despite adding some computational complexity relative to lightweight ciphers, it is still one of the preferred standards for providing secure IoT communication over 5G networks.

Ascon is a lightweight authenticated encryption algorithm specifically designed for constrained and low-power devices. It employs a sponge-based construction that efficiently integrates encryption and authentication while requiring minimal memory resources. Ascon has strong security and is lightweight, making it the first NIST-recommended standard for lightweight cryptography for IoT sensing applications that require secure data transmission and efficiency.

PRESENT and SPECK are lightweight cryptographic algorithms optimized for low-power and resource-constrained devices, providing reduced implementation complexity while maintaining acceptable security levels.

The inclusion of RC4 in this study is due to the fact that it has some of the lowest computational requirements of any cryptographic method. It has a very small state space of 256 bytes, performs only simple operations at the per-byte level, and thus runs extremely fast, requiring a minimal amount of memory and power. Compared to RC4-based designs, modern algorithms such as Ascon provide authenticated encryption with formal security analysis and stronger resistance to a wide range of attacks, introducing relatively higher implementation complexity. Therefore, this framework evaluates both conventional and standardized algorithms to analyze the trade-offs between computational efficiency and security robustness in real 5G IoT environments.

Modified RC4-NL The proposed modified RC4-NL algorithm is designed to address the cryptographic flaws of the original RC4 cipher that does not sacrifice lightweight and computational performance, which are essential for IoT applications over 5G networks. The security of the keystream is increased through enhanced preprocessing (key), additional nonlinearity, greater dispersion of information, and reduction in the well-known statistical weaknesses of the standard RC4. The new algorithm introduces improvements in the three areas, including pseudo-random number generation methods, key preprocessing, and nonlinear key scheduling.

Algorithm 1 explains the clear steps of modified RC4-NL. The first step in the implementation is key preprocessing, which changes the input secret key string into a 32-byte array with a fixed length. Figure 2 illustrates the statistical analysis of the generated keystream. In contrast to the standard RC4 method, which simply uses the key as it exists, this phase utilizes iterative XOR operations, modular arithmetic, and bitwise left rotations to alter the structure of every key character within the key. The modified version of the key ensures a high level of diffusion by spreading each key character’s influence throughout the entire length of the key array, thereby removing any direct relationship between each key and its corresponding initialization of the internal state. The implementation of this technique improves the diffusion properties of the cipher to ensure that even very small changes in either the key or the plaintext will have a larger spread throughout the internal state, thus resulting in a less predictable keystream. Consequently, the improved diffusion mechanism of the key scheduling process will result in improved resistance against statistical cryptanalytic attacks.

Algorithm 1: Research-Oriented RC4-NL with Quadratic Key Scheduling and Nonlinear PRGA
Requires: Secret key string $K_{str}$, plaintext array $P$ of length n,
Ensure: Ciphertext $C$ of length $n$
	Phase 1: Key Preprocessing (Diffusion)
1.	Initialize byte array $K[0\dots 31]$
2.		for $i=0to31$ do
3.			val ← 0
4.			for each character $K_{str}\left[j\right]$ do
5.				expr ← (ASCII ($K_{str}\left[j\right]$) + 17i + 31j) mod 256
6.				val ← val ⊕ expr
7.				val ← ROTL (val, 1)
8.			end for
9.				K[i] ← val
10.		end for
	Phase 2: Nonlinear Key Scheduling (KSA)
11.	Initialize permutation S[i] ← i for i = 0 … 255
12.	j ← 0
13.	for i = 0 to 255 do
14.		k ← K [i mod 32]
15.		f (k) ← (k2 + 3k + 7) mod 256
16.		j ← (j + S[i] + f (k)) mod 256
17.		swap(S[i], S[j])
18.	end for
	Phase 3: Nonlinear PRGA & Encryption
19.	i ← 0, j ← 0
20.	for x = 0 to n − 1 do
21.		i ← (i + 1) mod 256
22.		tmp ← (3i + 7) mod 256
23.		j ← (j + (S[i] ⊕ tmp)) mod 256
24.		swap(S[i], S[j])
25.		t ← ((S[i] ⊕ S[j]) + (i ⊕ j)) mod 256
26.		KS ← S[t] ⊕ ((S[i] ∧ S[j]) ∨ (i ∧ j))
27.		C[x] ← P [x] ⊕ KS
28.	end for
	Phase 4: 5G Transmission
29.	Transmit C via 5G GTP-U Tunnel to MEC/Cloud
30.	return C

The proposed RC4-NL algorithm is provided for resource-constrained IoT environments in which low computational overhead and minimal memory usage are critical. The traditional RC4 cipher is enhanced by introducing nonlinear key scheduling and improved pseudo-random generation to improve diffusion and statistical security, while preserving its lightweight nature. However, the RC4-NL algorithm is not designed to replace modern standardized cryptographic algorithms such as Ascon or ChaCha20-Poly1305. Alternatively, RC4-NL serves as a lightweight experimental cipher for real-time IoT applications and performance–security trade-off analysis in 5G edge environments.

Following the improved diffusion process, the initialization of the permutation array is performed using a nonlinear key scheduling algorithm. In contrast to the linear operations used in standard RC4, the modified KSA introduces a quadratic transformation of the key bytes, which is defined as in Equation (1)

$$f(k)=(k^2+3k+7)mod 256$$

(1)

This nonlinear function enhances the randomness of index updates during permutation, leading to a more thoroughly mixed internal state. As a result, the dependency between key bytes and the initial permutation is significantly reduced, mitigating vulnerabilities such as related-key attacks and weak state initialization.

The next stage involves the nonlinear Pseudo-Random Generation Algorithm (PRGA), which generates the keystream used for encryption. The proposed PRGA introduces more nonlinear operations, such as combining permutation values with loop indices using XOR, AND, and OR. These additional operations add to the complexity of generating a keystream, improve the diffusion and eliminate the early keystream bias found in standard RC4 generation. The improved uniformity of the generated keystream results gives improved resistance to statistical and correlation-based attacks when performing cryptanalysis. An XOR operation is performed in the process of encrypting data to combine the keystream with the plaintext data. The stream ciphers are allowed to maintain their efficient processing time while keeping overhead to a minimum. The added security features provide low computational overhead to allow for real-time execution on low-memory IOT devices.

In terms of a 5G perspective, the modified RC4 is still appropriate for real-time transmission of IoT data when using a low-encryption latency model and a low-memory footprint. Experimental results demonstrate that the enhanced RC4 variant incurs only a modest increase in computation time compared to standard RC4, while maintaining stable end-to-end transmission delay over the 5G uplink. This makes the modified RC4 a viable lightweight option for constrained IoT devices operating over high-speed 5G networks that require ultra-low latency and continuous data streaming.

Theorem 1.

Diffusion Property (Approximate Strict Avalanche Criterion).

Let two secret keys $K_{str}$ and $K^{\prime }$ differ by exactly one bit. Let $V$ and $V^{\prime }$ denote the corresponding 256-byte internal states generated after the preprocessing phase. Then, the expected Hamming distance between $V$ and $V^{\prime }$ satisfies the following Equation (2)

$$E\left[HD\left(V,V^{\prime }\right)\right]\approx {\displaystyle \frac{n}{2}}$$

(2)

Equivalently,

$$Pr(\Delta S\left[m\right]=1|hw\left(K\oplus K^{\prime }\right)=1)\approx {\displaystyle \frac{1}{2}}$$

(3)

Here, n is the total number of bits in the internal state, $HD(\cdot )$ is the Hamming distance, $hw(\cdot )$ is the Hamming weight and $\Delta S\left[m\right]$ is the difference at bit position $m$.

Proof. 

The repeated XOR operations are combined with bitwise rotations. XOR acts as a linear transformation over ${\left(Z_2\right)}^8$, while rotation is a bijective permutation of bit positions. Under standard random-key assumptions, these operations promote diffusion such that each output bit behaves approximately as an independent Bernoulli random variable with a probability of 1/2 of flipping. Hence, the expected Hamming distance approaches $n/2$. The preprocessing phase therefore satisfies an approximate Strict Avalanche Criterion (SAC), indicating strong diffusion. This result is probabilistic and assumes near-uniform mixing; exact diffusion cannot be guaranteed for all inputs but reflects average-case behavior. □

Theorem 2.

Resistance to Linear Cryptanalysis.

Let the key-dependent transformation in the modified KSA be defined as $f\left(k\right)=(k^2+3k+7)mod256$. For any non-zero input/output masks ${\Gamma }_x$, ${\Gamma }_y$ ∈ {0, 1}⁸, the correlation satisfies the following Equation (4)

$$Pr Pr\left({\Gamma }_x.k={\Gamma }_y.f\left(k\right)\right)={\displaystyle \frac{1}{2}}+ϵ$$

(4)

where the Walsh–Hadamard correlation bias $ϵ$ is bounded, that is defined in Equation (5)

$$\left|ϵ\right|={\displaystyle \frac{\left|W_f(a,b)\right|}{256}}\ll {\displaystyle \frac{1}{2}}$$

(5)

Proof. 

Since the algebraic degree of the function $f\left(k\right)$ is ≥2, it is non-affine and therefore has a flattened Walsh spectrum compared to linear mappings. The relationship between the input and output bits of nonlinear mappings is less correlated than with either linear or affine mapping since the nonlinear functions exhibit a more uniform Walsh–Hadamard spectrum compared to linear mappings. As a result, the maximum correlation bias $ϵ$ is significantly reduced, limiting the feasibility of constructing high-probability linear approximations. The nonlinear transformation reduces linear correlations, improving resistance to linear cryptanalysis compared to linear or affine mappings. Even though it does not eliminate all forms of attacking cryptanalysis, the nonlinear mapping increases the computational effort required for bias exploitation. □

The above results provide probabilistic insights into diffusion and correlation properties of the proposed RC4-NL algorithm.

Theorem 3.

Keystream Uniformity.

Assuming the permutation array $S$ approaches a random permutation and the index t is uniformly distributed over $\{0,\dots ,255\}$, the produced keystream byte is uniform, which is represented in Equation (6)

$$Pr Pr\left(KS=v\right)={\displaystyle \frac{1}{256}},\forall v\in \{0,\dots ,255\}$$

(6)

Proof. 

If $S$ is a random permutation, then selecting an index t uniformly implies that $S\left[t\right]$ is also uniformly distributed over all possible byte values. The keystream output is computed as a combination of $S\left[t\right]$ and a nonlinear Boolean mask using XOR, AND, and OR operations. XOR with an independent value preserves uniformity, while the additional nonlinear masking reduces structured dependencies. Hence, the probability of any output value remains approximately equal across all 256 possibilities, which is expressed in Equation (7). □

$$\begin{gathered} Pr Pr\left(KS=v\right)={\sum }_{g=0}^{256} Pr Pr\left(G=g\right)Pr Pr\left(S\left[t\right]=v⨁g\right)={\sum }_{g=0}^{256} \\ Pr Pr\left(G=g\right){\displaystyle \frac{1}{256}}={\displaystyle \frac{1}{256}} \end{gathered}$$

(7)

Although perfect uniformity cannot be guaranteed without information-theoretic assumptions, the introduced nonlinear mask and index mixing reduce the structured bias observed in the second and early output bytes of standard RC4. Empirical randomness testing can further validate this theoretical expectation.

These theoretical results validate that the proposed RC4 variant achieves strong diffusion, reduced linear correlation, and near-uniform keystream distribution, consistent with the empirical observations presented.

4. Results and Discussion

The outcome of the experimental research conducted on the end-to-end 5G IoT testbed is compiled in this section. This helps to structure the evaluation metrics to ensure a clear correlation between the methodology and the results obtained through performance measurement.

4.1. Hardware Setup

Environmental data (e.g., temperature, humidity and soil moisture) is collected via sensors connected to Raspberry Pi devices. The experimental testbed was implemented end-to-end following the system architecture as shown in Figure 3a. The hardware layer contains a single Raspberry Pi 4B and a series of environmental sensors, such as a DHT-series sensor (temperature/humidity) unit and a capacitive soil moisture probe. The circuit-level implementation of the sensing node is shown in Figure 3b. The Raspberry Pi is connected with the sensors through the GPIO pins. The DHT sensor is directly connected for digital data acquisition. The soil moisture sensor is interfaced through an LM393 comparator module, achieving stable output signals. The Raspberry Pi stores raw measurements at a fixed sampling interval and packages them into lightweight JSON structures. Every single JSON packet is ciphered by any one of lightweight cryptographic algorithms tested during this work. The encryption process was done at the Raspberry Pi level, meaning that the ciphertext was only sent over the 5G radio interface.

For 5G connectivity, a Quectel FG50V evaluation board was interfaced with the Raspberry Pi using a USB/PCIe communication link. The FG50V established a 5G SA data session with the operator’s 5G network, allowing uplink sensor traffic to traverse the 5G RAN and reach the 5G core. The encrypted packets were encapsulated using GTP-U and routed by the UPF toward an MEC virtual machine. The MEC VM served as the termination point for the 5G user plane. It executed a FastAPI-based backend that received encrypted packets, decrypted them using the corresponding lightweight algorithm, and stored the plaintext sensor values. The MEC VM was hosted on the University of Hyderabad (UoH) campus network, behind the institution’s firewall. A secure Ngrok tunnel was configured to provide authenticated remote access for mobile device visualization. All the performance metrics, such as encryption time, decryption time, packet size and end-to-end transmission delay, were recorded and captured over multiple trials to confirm statistical reliability. Where applicable, Wireshark traces were collected on the MEC VM to analyze GTP-U tunnel behavior and validate timing measurements.

The FG50V connects via USB/PCIe to the Raspberry Pi and establishes a 5G standalone (SA) session. Encrypted data is encapsulated into the 5G user plane and routed through the GTP-U tunnel to a Multi-access Edge-Computing (MEC) VM acting as the receiver. In 5G systems, user-plane traffic is encapsulated using GTP-U tunnels as defined by 3GPP and ETSI specifications, enabling efficient routing of encrypted IoT data toward edge-computing platforms [26,27,28].

A systematic methodology was followed to evaluate cryptographic performance and 5G transmission characteristics. For each cryptographic algorithm, the Raspberry Pi was configured to encrypt a fixed-size sequence of sensor packets. The following performance metrics were collected:

Encryption and Decryption Time: Encryption time on the Raspberry Pi and decryption time on the MEC VM were recorded using high-resolution timestamps. The average, standard deviation, and worst-case latency were calculated by performing several iterations on each experiment.

Payload Overhead: The size of plaintext packets and the corresponding ciphertext outputs were measured to quantify algorithm-induced overhead. This measurement is critical for 5G networks because GTP-U encapsulation and scheduling efficiency degrade as packet sizes exceed the minimum transport block size.

5G End-to-End Delay: End-to-end transmission delay was measured as the time difference between the encryption timestamp on the Raspberry Pi and the packet arrival timestamp at the MEC server. To ensure accuracy, synchronized clocks were maintained, and additional cross-verification was performed using GTP-U timestamps captured in Wireshark.

Jitter and Consistency: Packet delay variation (jitter) was computed to assess the temporal stability of the encrypted traffic flow under different algorithms. Jitter is particularly relevant for real-time IoT dashboards relying on timely updates.

Processing Load and Memory Footprint: CPU utilization and memory footprint for each cryptographic algorithm were measured on the Raspberry Pi to assess their feasibility for constrained IoT deployments.

All measurements were executed under identical network conditions, ensuring that cryptographic differences, not 5G channel variability, determined performance outcomes.

4.2. Experimental Results

This section presents the observed system behavior and experimental outputs obtained from the real-time 5G IoT testbed. The results include encrypted packet transmission, MEC-based decryption, and application-layer visualization, enabling verification of end-to-end data flow. Also, the experimental results prove the accuracy, stability, and dependability of the suggested framework in real-life 5G network settings.

Figure 4 shows the real-time output captured at the MEC server for the modified RC4-NL algorithm. An encrypted JSON packet is sent to the MEC backend, which interprets the metadata, including the timestamp, ciphertext, and encryption time and then decrypts it and sends the resulting plaintext values to the visualization dashboard. The reception time and decryption latency are logged automatically for each packet, providing direct insight into the end-to-end processing delay contributed by the lightweight cryptographic operation.

To validate 5G user-plane behavior, packet traces were captured on the MEC virtual machine using Wireshark. Figure 5 shows the flow view of encrypted IoT packets encapsulated within GTP-U as they traverse the 5G core toward the MEC. The trace reveals uplink TCP segments carried over GTP-U tunnels, along with occasional retransmissions caused by 5G scheduling and buffer-timing effects. These observations support the measured end-to-end delay values and confirm that all lightweight encrypted packets are delivered through the 5G user plane without modification. Wireshark was used to capture and analyze GTP-U packet traces at the MEC server to validate user-plane behavior and timing characteristics [29].

Figure 6 shows the decryption output observed at the edge node of the MEC for the RC4-NL algorithm. Each packet includes metadata like timestamp, ciphertext, encoded size, and encryption time. Upon arrival, the FastAPI backend decrypts the payload and reconstructs the sensor values with a decryption latency of approximately 0.27 ms, confirming that the MEC server can process lightweight encrypted packets in real time.

Figure 7 shows the real-time dashboard visualization, which validates the end-to-end system by displaying decrypted sensor data received at the MEC server. Each entry consists of timestamped environmental readings, for instance, temperature, humidity, and soil moisture, which confirm accurate decryption and data integrity. The continuous updates on the dashboard highlight low-latency communication and seamless integration between the IoT device, 5G network, and edge server. Together, these results demonstrate that the proposed system achieves consistent transmission performance and real-time monitoring capability over a 5G-enabled IoT framework.

The transmission frequency across repeated 5G uplink experiments is shown in Figure 8. The transmission frequency plot illustrates the consistency of data delivery across repeated 5G uplink experiments using the modified RC4-NL algorithm. It demonstrates that the transmissions of packets are maintained for many days, and the changes in the number of packets are also indicators of actual network conditions, like the schedule and traffic load.

Table 1. Power consumption of symmetric cryptographic algorithms.

Algorithm	Algorithm-Only Power (W)	RPI with Algorithm Average System Power (W)	Average Voltage	Average Current
Only RPI		3.87064	5.014	0.772
AES	0.25	4.1177	5.046	0.816
ASCON	0.66	4.53544	5.04	0.9
RC4 Linear	0.28	4.14686	5.032	0.824
RC4 Nonlinear	0.4	4.27446	4.188	0.848
Chacha20	0.35	4.22194	5.038	0.838

illustrates the analysis of power consumption for different cryptographic algorithms implemented on a Raspberry Pi 4B under identical operating conditions. The results highlight a trade-off between security strength and energy consumption, where lightweight algorithms such as RC4 consume less power but offer weaker security, whereas modern secure algorithms like ASCON and ChaCha20 incur slightly higher power consumption while providing stronger cryptographic guarantees. The proposed RC4-NL lies between these extremes, offering improved security over standard RC4 with moderate energy overhead.

4.3. Performance Evaluation

In this section, the performance of cryptographic algorithms used in this research is analyzed. The trade-offs in the performance evaluation consist of the computational efficiency, security strength, and appropriateness for real-time 5G-enabled IoT applications.

Figure 9 shows the encryption time performance across multiple algorithms over transmission trials. It is observed that, when the transmission trial is 500, AES-CCM has 1249 µs, ChaCha20 has 728 µs, and Ascon has 758 µs. Also, the RC4 Linear algorithm achieves the lowest encryption time of 253 µs; the modified RC4-NL has an encryption time of 977 µs. Compared with all algorithms, RC4 Linear has the lowest encryption time, highlighting its lightweight nature, but with known security limitations; thus, RC4-NL gives a balanced trade-off between efficiency and enhanced security, making it suitable for real-time IoT communication over 5G networks.

The decryption time performance of lightweight cryptographic algorithms with respect to the increasing number of transmission trails is depicted in Figure 10. Decryption time is used to measure the time taken to translate the received ciphertext into the original plaintext at the edge layer, to be verified and used. It is noted that at the transmission trial of 500, AES-CCM has 525 µs, modified RC4-NL has 456 µs, Ascon has 276 µs, ChaCha20 has 72 µs, and RC4 Linear has the lowest decryption time of 69 µs. Of them all, RC4 Linear and ChaCha20 have the best decryption speeds. Nevertheless, the efficiency of RC4 Linear has its security drawbacks, but modified RC4-NL has better security at a moderate cost of computation.

End-to-end delay analysis for RC4-NL is illustrated in Figure 11. End-to-end delay is defined as the total time from encryption of sensor data on the Raspberry Pi to successful decryption and reception at the MEC server, encompassing 5G uplink scheduling, GTP-U encapsulation, and edge processing. RC4-NL has an average end-to-end delay of 0.01 ms in the first trial and 1803 ms in the 500th trial. The measured end-to-end delay values align closely with the 5G transmission time of 1803.22 ms reported in previous evaluations, validating the stability and reliability of the proposed framework for real-time IoT data streaming over 5G standalone networks.

5G transmission time performance across multiple cryptographic algorithms over increasing transmission trials is shown in Figure 12. Transmission time is the total time taken by data packets that are encrypted by the IoT device to be sent across the 5G network to the edge layer. It is noted that ChaCha20 records 1803.46 ms, AES-CCM 1802.98 ms, Ascon has 1801.98 ms, RC4 Linear achieves 1803.06 ms, and modified RC4-NL has 1803.22 ms. Among these, Ascon exhibits the lowest transmission time, while ChaCha20 shows slightly higher values.

Figure 13 illustrates the relationship between total transmissions and receiver (Rx) time for multiple cryptographic algorithms within the proposed end-to-end 5G IoT framework. From the figure, it is noted that when the transmission trial is 500, AES-CCM has 0.051 ms, ChaCha20 has 0.052 ms, and Ascon has 0.054 ms. Also, RC4 Linear and modified RC4-NL both exhibit an Rx time of 0.055 ms. Compared with all algorithms, RC4-based methods show slightly higher delays. However, the overall variation among algorithms is minimal, highlighting that Rx time is largely influenced by 5G network characteristics rather than the encryption scheme.

Power consumption is shown in Figure 14, which refers to the electrical power drawn by the Raspberry Pi 4B during cryptographic encryption operations before 5G uplink transmission. The analysis shows that Ascon consistently exhibits the highest power consumption, increasing from 0.11 W at 50 transmissions to 0.66 W at 500 transmissions, followed by ChaCha20 ranging from 0.02 W to 0.35 W. The proposed RC4 nonlinear algorithm demonstrates competitive power efficiency, increasing from 0.04 W at 50 transmissions to 0.40 W at 500 transmissions, which is comparable to standard RC4 Linear (0.05 W to 0.28 W) while delivering significantly enhanced security.

Packet delay variation or jitter in Figure 15, observed for the proposed RC4-NL, demonstrates the high temporal stability of the 5G uplink. The analysis shows that in first trial, the jitter is 0.01 ms, gradually increasing to 1.2 ms at 100 transmission trials, 2.5 ms at 200 transmissions, 3.6 ms at 300 transmissions, 4.7 ms at 400 transmissions, and 4.8 ms at 500 transmissions. The jitter stabilizes below 5 ms for sustained transmission periods, confirming the temporal consistency and reliability of the proposed RC4 nonlinear algorithm over the 5G standalone network. This low and bounded jitter value ensures that real-time sensor data visualization on the FastAPI dashboard remains smooth and uninterrupted. The stable jitter characteristics further validate that the modified RC4 nonlinear algorithm introduces no additional timing variability beyond normal 5G network behavior, making it highly suitable for latency-sensitive IoT applications.

4.4. Statistical Analysis of Proposed Modified RC4-NL

Statistical analysis is performed to assess the security of the algorithm using the National Institute of Standards and Technology Statistical Test Suite (NIST STS) to verify the randomness of its cryptographic security. The ability of the algorithm in lightweight cryptography to generate statistically random outputs determines the level of security it can provide.

Figure 16 shows the box plot of p-value distribution in the tested algorithms. The ACORN shows mostly low p-values with some outliers, indicating generally strong test rejection, while ChaChaPoly provides a wider spread with higher median p-values, suggesting weaker randomness consistency. The SPECK indicates moderate distribution with noticeable variability and some higher outliers. The proposed algorithm is tightly concentrated near very low p-values, showing stable and consistent statistical behavior.

Figure 17 shows the violin plot with the distribution of p-values for different encryption algorithms. The ACORN has most values concentrated near 0, indicating stronger statistical significance, while ChaChaPoly shows a wider spread with higher p-values, suggesting weaker randomness in some tests. The SPECK is provided with moderate distribution, with p-values spread between low and mid ranges. The proposed algorithm is tightly clustered near low p-values, showing consistent performance. These lowest p-values indicate stronger rejection of the null hypothesis in randomness tests.

Figure 18 illustrates the bar graph showing the pass percentage per algorithm in the context of NIST STS testing. The bar chart compares the percentage of statistical tests passed by each encryption algorithm at a significance threshold of 0.01. The ChaChaPoly closely shows a pass rate of 99.4%, indicating strong statistical robustness. The SPECK shows moderate performance with 78.4% of tests passing. The ACORN performs the lowest, with only 32.1% passing, indicating weaker randomness properties. The proposed algorithm achieves the highest performance with a 99.7% pass rate, reflecting better resistance to statistical attacks. Overall, the proposed method demonstrates the most consistent and reliable behavior among the compared algorithms.

4.5. Comparative Analysis of Proposed Modified RC4-NL with Existing Techniques from the Literature

This section provides a comparative analysis of the proposed modified RC4-NL with other existing techniques such as AES-DES [25], RSA [25], ChaChaPoly [17], ACORN [17], AES only [30], Hybrid Static [30], Adaptive [30], AES-128 [31], PRESENT [31] and SPECK [31].

The encryption time of the proposed model is compared with existing models, including AES-DES, RSA, and ChaChaPoly, as shown in Figure 19. The proposed modified RC4-NL model achieves the lowest encryption time of 977 µs, outperforming all baseline methods. In contrast, RSA and ChaChaPoly exhibit higher encryption times of 1274 µs, 3012.75 µs, and 4918 µs, respectively, while AES-DES does not report encryption time. This improvement is attributed to the lightweight design and nonlinear optimization of the proposed algorithm, which reduces computational overhead while maintaining efficient encryption performance.

Figure 20 shows that the decryption time of the proposed model is compared with the state-of-the-art. The RSA model has the highest decryption time of 2178 µs. The ChaChaPoly model shows the second-highest decryption time at 2130.55 µs. The AES-DES achieves the decryption time of 567 µs. The proposed modified RC4-NL model performs the best, with the lowest decryption time of 456 µs. This performance gain is due to the efficient pseudo-random generation mechanism and reduced computational complexity of the proposed model, enabling faster data recovery at the receiver.

The power consumption comparison of the proposed model is illustrated in Figure 21. The ChaChaPoly model consumes the highest power at 0.89 W. The RSA model consumes 0.45 W, followed by AES-DES at 0.42 W. The proposed modified RC4-NL model performs the best among all models, with the lowest power consumption of 0.40 W. The reduced energy consumption is achieved through simplified operations and efficient key scheduling, making the proposed model highly suitable for energy-constrained IoT devices operating in real-time 5G environments.

The 5G transmission time comparison of the proposed RC4-NL algorithm with state-of-the-art techniques is presented in Figure 22. The analysis results demonstrate that the proposed RC4-NL achieves the lowest 5G transmission time of 1803.22 ms, while conventional techniques like ChaChaPoly and ACORN have transmission times of 1982.01 ms and 1868.36 ms, respectively. The proposed RC4-NL achieves a transmission time improvement of approximately 9.0% compared to ChaChaPoly and 3.5% compared to ACORN. This superior performance is attributed to the lightweight computational structure of the modified RC4 algorithm, which generates minimal payload overhead during encryption, resulting in reduced GTP-U encapsulation size and more efficient 5G uplink scheduling.

The end-to-end delay comparison of the proposed RC4-NL with existing lightweight cryptographic techniques, including ChaChaPoly and ACORN, is illustrated in Figure 23. The analysis results specify that the proposed RC4-NL achieves the lowest average end-to-end delay of 1803 ms, while the other techniques, like ChaChaPoly and ACORN, achieve end-to-end delays of 2058.64 ms, 2016.11 ms, and 1988.3 ms, respectively. The RC4-NL reveals a reduction in delay of 12.4% compared to ChaChaPoly, and 10.6% compared to ACORN. This is possible with the low computational cost of the algorithm and its low overhead of keystream generation that minimizes processing latency on both the device side (Raspberry Pi) and the edge side (MEC server). The end-to-end delay encompasses encryption time, 5G uplink transmission, GTP-U encapsulation, core network routing, and decryption at the MEC, and the consistent superiority of RC4-NL across all components validates its suitability for real-time IoT applications requiring ultra-low latency over 5G standalone networks.

The memory usage comparison of the proposed RC4-NL algorithm with other lightweight cryptographic techniques is illustrated in Figure 24. From the figure, it is observed that the RC4-NL has a memory footprint of 4850 bytes, whereas state-of-the-art techniques, namely ChaChaPoly and ACORN, have a memory usage of 5052 bytes, 4560 bytes, and 4748 bytes. Although ACORN demonstrates the lowest memory consumption of 4560 bytes, the proposed RC4-NL achieves a competitive memory footprint of 4850 bytes, which is significantly lower than ChaChaPoly (5052 bytes) and marginally higher than ACORN. The enhanced key preprocessing, nonlinear key scheduling, and improved pseudo-random generation mechanism in the proposed RC4-NL introduce additional diffusion and security features while maintaining a compact memory footprint.

The throughput comparison of the proposed RC4-NL algorithm with existing cryptographic techniques is shown in Figure 25. From the results, it is observed that the Hybrid Static method has the lowest throughput of 176 tx/s among all the evaluated approaches. The AES-only method shows better performance of 215 tx/s than Hybrid Static but remains lower than the Adaptive and proposed methods. The Adaptive method shows improved throughput of 248 tx/s compared to both AES-only and Hybrid Static approaches. The proposed method achieves the highest throughput of 285 tx/s by the optimized key preprocessing and nonlinear key scheduling, while reducing computational overhead for real-time 5G IoT applications.

The energy consumption comparison of the proposed RC4-NL algorithm with existing cryptographic techniques is illustrated in Figure 26. The Hybrid Static method exhibits the highest energy consumption of 4.5 J among all the evaluated approaches. The AES-only method shows lower energy consumption of 3.9 J, while the Adaptive approach shows an energy consumption of 3.2 J. But the proposed method achieves the lowest energy consumption of 2.6 J due to the lightweight cryptographic structure of RC4-NL, which minimizes computational overhead through optimized key preprocessing and nonlinear operations, while reducing processor execution cycles and power usage.

The scalability index comparison of the proposed RC4-NL algorithm with existing methods is illustrated in Figure 27. The AES-only algorithm exhibits the lowest scalability of 0.62 among all evaluated approaches, while the Hybrid Static method shows a scalability of 0.68 and the Adaptive method demonstrates a better scalability of 0.81. The proposed method achieves the highest scalability index of 0.92, indicating superior adaptability to varying workloads and network conditions. This improvement is achieved by the efficient design of RC4-NL, including optimized key preprocessing and nonlinear key scheduling, demonstrating consistent performance under scaling conditions for large-scale and dynamic 5G IoT environments.

The avalanche effect comparison of the proposed RC4-NL algorithm with the existing algorithm is illustrated in Figure 28. It is observed that AES-128 exhibits the lowest avalanche effect of 88.4%, while PRESENT and SPECK show improved diffusion characteristics of 90.8% and 92.4%. Meanwhile, the RC4-NL achieves the highest avalanche effect of 95.6% through enhanced key preprocessing and nonlinear transformations, while improving security robustness. This improvement highlights a trade-off between efficiency and security, making the proposed approach suitable for resource-constrained IoT environments.

The entropy comparison of the proposed RC4-NL algorithm with the existing algorithm is illustrated in Figure 29. It is observed that AES-128 has the lowest entropy among the compared algorithms. PRESENT and SPECK show moderate improvements in randomness characteristics. Meanwhile, the RC4-NL achieves the highest entropy of 7.92, indicating near-ideal entropy and improved randomness due to its nonlinear transformations and enhanced diffusion mechanisms to demonstrate that the proposed method maintains an effective balance between security robustness and performance.

The correlation comparison of the proposed RC4-NL algorithm with existing techniques is illustrated in Figure 30. It is observed that AES-128 shows the highest correlation of 0.046, while PRESENT and SPECK show reduced correlations compared to AES-128. The RC4-NL achieves the lowest correlation coefficient of 0.012 due to its nonlinear key scheduling and enhanced pseudo-random generation mechanism, which effectively minimizes linear relationships in the keystream. Further, this lowest correlation demonstrates improved statistical security without significant impact on computational efficiency, and maintains a strong balance between security robustness and performance efficiency for real-time IoT applications.

The Raspberry Pi 4B performed all lightweight encryption operations before forwarding packets to the 5G UE.

Table 2. Performance comparison of cryptographic algorithms over 5G uplink.

Algorithm	Enc. Time (µs)	Dec. Time (µs)	5G Tx Time (ms)	Rx Time (ms)	Power (W)
ChaCha20	728	72	1803.46	0.052	0.35
AES-CCM	1249	525	1802.98	0.051	0.25
Ascon	758	276	1801.98	0.054	0.66
RC4 Linear	253	69	1803.06	0.055	0.28
Modified RC4-NL	977	456	1803.22	0.055	0.40

summarizes the measured encryption and decryption latency, 5G transmission time, and power consumption for all evaluated algorithms.

The measurements indicate that all algorithms introduce very low computational overhead at the device layer. Ascon recorded an average encryption time of approximately 758 µs. Despite these differences, the average 5G transmission time remained consistent across algorithms at approximately 1800 ms, indicating that radio scheduling dominates uplink latency rather than cryptographic computation.

From a computational perspective, RC4 Linear has the lowest encryption time of 253 µs and decryption time of 69 µs, confirming its suitability for highly resource-constrained environments. However, its well-known cryptographic weaknesses limit its applicability to secure IoT deployments. The proposed modified RC4-NL introduces additional preprocessing and nonlinear transformations, resulting in increased encryption of 977 µs and decryption time of 456 µs. This overhead represents a moderate trade-off for enhanced diffusion and improved resistance to statistical attacks, making it a more secure alternative to standard RC4 while still maintaining relatively low computational cost. Based on these findings, the modified RC4-NL algorithm offers the optimal trade-off between computational efficiency and the improved security of real-time IoT data transmission through the 5G networks. Even though it is not the fastest algorithm, it is significantly better than the security constraints of the standard RC4 with low latency that is compatible with constrained devices. Compared to ChaCha20 and Ascon, modified RC4-NL offers a simpler implementation with lower computational overhead, making it particularly advantageous for lightweight IoT nodes that require continuous data streaming with improved security guarantees.

In addition to security improvements, the proposed method demonstrates competitive system-level performance, as shown in

Table 3. System-level performance evaluation of cryptographic approaches.

Method	Throughput (tx/s)	Energy Consumption (J)	Scalability Index
AES Only	215	3.9	0.62
Hybrid Static	176	4.5	0.68
Adaptive	248	3.2	0.81
Modified RC4-NL	285	2.6	0.92

.

A throughput of 285 transactions per second, an energy consumption of 2.6 J, and a scalability index of 0.92 are achieved, indicating efficient operation under increasing workload conditions. Compared to state-of-the-art lightweight algorithms such as ChaCha20 and Ascon, the proposed RC4-NL offers a simpler implementation with moderate computational overhead while delivering enhanced statistical security properties.

To provide a more comprehensive evaluation beyond latency, the security robustness of the proposed method is analyzed using statistical metrics, which are described in

Table 4. Statistical security metric comparison of cryptographic algorithm.

Algorithm	Avalanche Effect (%)	Entropy (bits/bytes)	Correlation Coefficient
AES-128	88.4	7.21	0.046
PRESENT	90.8	7.36	0.031
SPECK	92.4	7.48	0.026
Modified RC4-NL	95.6	7.92	0.012

.

The proposed RC4-NL achieves an avalanche effect of 95.6%, entropy of 7.92 bits/byte, and a correlation coefficient of 0.012, outperforming AES-128, PRESENT, and SPECK in terms of diffusion, randomness, and statistical independence. The higher avalanche effect indicates stronger sensitivity to input variations, higher entropy reflects near-ideal randomness, and lower correlation confirms reduced linear dependency in the keystream. The resistance to differential, statistical, and linear cryptanalysis is significantly improved.

Overall, the results demonstrate that the proposed RC4-NL achieves a balanced trade-off between computational efficiency and security robustness. While the RC4-NL is not the fastest algorithm, it significantly improves upon the security limitations of standard RC4 and provides stronger statistical characteristics than several existing lightweight ciphers for secure and efficient IoT data transmission over 5G networks.

Security Considerations: The proposed system ensures the confidentiality of IoT sensor data by enforcing encryption at the device layer before 5G transmission. Since only the ciphertext is transmitted at the over-the-air interface, the system is resistant to passive eavesdropping attacks targeting the 5G uplink. In addition, the mathematical nature of the Ascon and ChaCha20 algorithms protects against most cryptanalysis types (including differential analysis, key recovery from stream ciphertexts, and replay attacks). However, integrity protection, mutual authentication, or resistance to active adversaries who can inject or modify encrypted packets are not considered in this work. Future extensions integrate lightweight authenticated encryption schemes or key exchange protocols built on ECC to secure both confidentiality and integrity guarantees. Protocol tunneling techniques reported in the MITRE ATT&CK framework emphasize the significance of encrypting data at the application layer in spite of them being transmitted through secure network tunnels [32].

5. Validation

The accuracy, dependability, and repeatability of the 5G IoT security of the proposed architecture are validated in this section. Validation is conducted on several levels, such as cryptographic correctness, system-level consistency, network behavior verification, and stability of repetitive experiment results.

5.1. Cryptographic and End-to-End System Validation

Cryptographic correctness was verified by decrypting each encrypted sensor packet at the Multi-access Edge-Computing (MEC) server and comparing the reconstructed plaintext with the original sensor readings generated at the Raspberry Pi 4B. Across all evaluated algorithms, Ascon, ChaCha20, AES-CCM, standard RC4, and the proposed modified RC4, the decrypted outputs matched the original data exactly, confirming lossless encryption and decryption over the 5G transmission path.

End-to-end system validation was further performed by correlating timestamps recorded at the device (encryption), network (packet arrival), and application (decryption) layers. The observed packet flow confirmed that encrypted data traversed the 5G uplink and GTP-U tunnel without packet loss or reordering. Packet-level inspection using Wireshark verified that ciphertext payloads remained unaltered during transmission, ensuring that intermediate network elements did not affect data integrity.

5.2. Performance Measurement Consistency

To ensure measurement reliability, all experiments were repeated over multiple iterations under identical network conditions. The observed encryption and decryption latencies showed low variance across runs, indicating stable algorithm behavior on the Raspberry Pi 4B and the MEC server. End-to-end 5G transmission delay remained consistent across cryptographic schemes, with minor variations attributable to radio scheduling and uplink buffering rather than cryptographic computation. These observations confirm that the reported performance trends are statistically reliable and are not artifacts of transient network behavior.

Table 5. Performance metrics for the proposed modified RC4-NL across 500 transmission trials.

Metric	Value
Total transmissions	500
Successful receptions	500
Average encryption time (Pi)	980 µs
Average end-to-end delay	1803 ms
Average jitter	<5 ms

summarizes the performance metrics observed for the proposed modified RC4-NL model across 500 transmission trials.

In addition to the controlled evaluation of 500 packets summarized in Table 2, the system was continuously operated over extended periods, resulting in a total of 21,706 encrypted uplink transmissions, which further validated long-term stability and reliability. The absence of packet loss (0%), low jitter of less than 5 ms, and consistent latency across 21,706 transmissions reveal the high dependability of the proposed system under real 5G conditions.

5.3. Reproducibility and Configuration Control

Experiments were done in controlled conditions using a constant packet size, sampling rate and standard cryptographic parameters. To be sure that the performance disparities are caused only by the nature of the tested cryptographic algorithms, hardware and software settings were maintained constant across all trials. This controlled experimental setup, combined with repeated trials and long-duration operation, ensures that the reported results are reproducible on similar 5G-enabled IoT platforms. The validation findings prove that the proposed framework ensures the stability of the 5G-based monitoring of the IoT sensors, maintains the integrity of the data along with the communication channel, and generates consistent and repeatable indicators of performance.

6. Conclusions

This paper presented an end-to-end 5G IoT security testbed in which a Raspberry Pi 4B encrypts environmental sensor data and transmits it over a commercial 5G SA network via a Quectel FG50V module to a MEC-based edge server. The lightweight cryptographic algorithms, including Ascon, ChaCha20, AES, standard RC4, and a modified RC4 variant, were implemented and evaluated for device-layer encryption/decryption latency, payload overhead and end-to-end 5G transmission delay, complemented by GTP-U tunnel analysis using Wireshark. The experimental results show that Ascon and ChaCha20 offer the best trade-off between computational cost and communication overhead, achieving sub-millisecond encryption with stable 5G latency. The RC4-based variants are fast but offer weaker security guarantees. To address these limitations, the proposed modified RC4-NL enhances RC4 using nonlinear key preprocessing, quadratic key scheduling, and improved pseudo-random generation, achieving better security while maintaining lightweight performance. Therefore, the modified RC4-NL offers an effective practical balance between enhanced security characteristics, computational efficiency, implementation simplicity, and real-time performance for resource-constrained IoT devices operating over high-speed 5G networks. While not the highest speed algorithm, it significantly outperforms the standard RC4 by the statistical weaknesses demonstrated by avalanche effect, entropy, and correlation analysis. Although the experimental testbed demonstrates secure end-to-end IoT data delivery over 5G, the evaluation was conducted using a single UE and a controlled set of environmental sensors; large-scale deployments with multiple devices may introduce contention and scheduling delays that are not captured in this study.

Future scope: Future work will extend the current testbed in multiple directions. One avenue is to integrate additional sensing modalities and to evaluate lightweight cryptography performance at higher data rates and under event-driven traffic. Another promising direction is to explore partially homomorphic encryption techniques at the MEC layer, enabling analytics on encrypted data without requiring full decryption. Also, investigations of energy-aware cryptography selection strategies should be planned, in which the IoT device dynamically chooses the most suitable algorithm based on battery status, network conditions, or application requirements. To address scalability limitations, future work will expand the current single-device setup to multi-device IoT deployments with concurrent traffic generation. This will enable evaluation of system performance under high-density scenarios, including the impact on 5G uplink scheduling, GTP-U tunneling efficiency, MEC processing latency, and network congestion. Performance metrics such as throughput, packet loss, latency variation, and resource utilization will be analyzed under increased traffic loads to assess the robustness of the proposed framework in large-scale real-world environments. Further, authenticated encryption schemes (AEAD) and structured key management mechanisms will be fully explored to provide stronger end-to-end security guarantees across 5G IoT environments. Lastly, deploying this system within a commercial 5G standalone (SA) edge infrastructure would allow for additional measurement of scale, dependability and real-world restrictions that impact the operational environment.