A Secure and Efficient Lightweight Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT Devices

Abstract

Recent advancements in wireless technology have created an exponential rise in the number of connected devices leading to the internet of things (IoT) revolution. Large amounts of data are captured, processed and transmitted through the network by these embedded devices. Security of the transmitted data is a major area of concern in IoT networks. Numerous encryption algorithms have been proposed in these years to ensure security of transmitted data through the IoT network. Tiny encryption algorithm (TEA) is the most attractive among all, with its lower memory utilization and ease of implementation on both hardware and software scales. But one of the major issues of TEA and its numerous developed versions is the usage of the same key through all rounds of encryption, which yields a reduced security evident from the avalanche effect of the algorithm. Also, the encryption and decryption time for text is high, leading to lower efficiency in IoT networks with embedded devices. This paper proposes a novel tiny symmetric encryption algorithm (NTSA) which provides enhanced security for the transfer of text files through the IoT network by introducing additional key confusions dynamically for each round of encryption. Experiments are carried out to analyze the avalanche effect, encryption and decryption time of NTSA in an IoT network including embedded devices. The results show that the proposed NTSA algorithm is much more secure and efficient compared to state-of-the-art existing encryption algorithms.

1. Introduction

Internets of things (IoT) includes millions of connected devices that can sense, compute and communicate data [1,2,3,4,5,6]. Every second, large amounts of data are transferred among these devices. Considering the sensitivity of applications in the IoT network, such as connected vehicles or wearable health devices, security of transmitted information has remained a major area of concern [7,8,9]. The increasing number of intruders and hackers has made this task very challenging. Over the years, numerous cryptographic algorithms have been used to ensure the security of transmitted data. The strength of the cryptographic algorithms depended on the techniques used for managing, establishing and distributing the secret keys. Secret keys that are poorly maintained make the cryptographic algorithm useless, even if the algorithm is theoretically and also, practically ideal [10,11]. Cryptographic algorithms proposed for IoT networks can be classified into the symmetric and asymmetric algorithms. Symmetric algorithms use the same key for both encryption and decryption. The strength of the symmetric algorithms truly depends on how the key is securely exchanged between the sender and receiver. Asymmetric algorithms indeed avail two different keys including the public and private keys. The private key is never transmitted through the network and hence it is secure. The public key is sent through the network to the receiver. During encryption, the sender encrypts the plaintext using the public key of the receiver and sends the resultant cipher text to the receiver using the network. Even if the public key is known to the hacker, he cannot read the scrambled (or hashed) message because secret key is not known for him. During decryption, the receiver will use his private key to decrypt the cipher text. Asymmetric algorithms are more complex to implement and utilize more resources than symmetric algorithms [12,13]. Thus, most of the modern applications in IoT networks use symmetric algorithms to provide security to the transmitted information. Further, they are easy to implement, utilize fewer resources with low overhead and are secure as long as the key is kept secret.

Symmetric algorithms are classified into block and stream ciphers. Encryption of plaintext is done bit-by-bit in case of stream cipher [14] and a group of bits (i.e., 64 bits) is taken for encryption in block cipher as a unit. The block cipher algorithm is preferred to the stream cipher for faster computations. Most of the symmetric algorithms use Feistel ciphers [15,16]. In the Feistel cipher, the encrypted plaintext is decomposed into two parts. A transformation function known as the round function is applied to one half using a sub-key and the output of the round function is XOR'ed with the other half. These two parts are then swapped with each other. This step is performed iteratively on the number of times specified in the algorithm. The Feistel cipher is an efficient method for implementing block symmetric algorithms. So, we focus on improving the security of symmetric algorithms that use the Feistel ciphers for encryption of text files.

With numerous IoT devices having different computational capabilities, one of the major requirements for an efficient security protocol in IoT networks is that it should be light weight. The processing time taken by the protocol should be minimal for less delay and better performance. Also, the security algorithm needs to be less complex with minimal overhead. Because of these reasons many protocols used with normal computer networks do not give good performance in IoT networks and are not preferred. Considering these features, tiny encryption algorithm (TEA) [17,18,19] is the most widely used symmetric algorithm with a Feistel cipher for secure transmission of data through the IoT network. The popularity of TEA is mainly due to the ease of implementation and less memory utilization compared to all other encryption algorithms. But one of the major issues with TEA is the usage of the same keys through all the rounds of encryption which leads to reduced security. This is undoubtedly observed from the avalanche effect of TEA. Moreover, the time taken for encryption and decryption is high, leading to reduced efficiency of TEA. Although many versions of TEA have been proposed over these years [20,21,22,23], none of them have given concrete solutions to the above problems.

This paper proposes an algorithm named NTSA (novel tiny symmetric encryption algorithm) that improves the security features of TEA by introducing more key confusions. Most of the works with TEA and its variations has focused only on decreasing the delay in delivery. Very few researches have been done on key alteration as a method to enhance the security of the transmission algorithm. In the proposed method we introduce multiple key alterations dynamically and secure the key from intruders. Since the key is computed dynamically, the key values are changed during the execution time and cannot be pre-computed. Furthermore, our proposed algorithm (NTSA) takes less time for encryption and decryption compared to TEA and thus provides both better security and efficiency for all the modern applications in IoT networks. The rest of the research is organized into four sections as follows. Section 2 discusses different existing encryption mechanisms for the secure transmission of data through IoT networks. This section further explains the implementation of the TEA algorithm in detail. Few variations of the TEA algorithm are also discussed in this section. Our proposed NTSA is explained in the Section 3. Section 4 presents the experimental results of the NTSA algorithm and we conclude in Section 5 and express some potential future works.

2. Related Work

In here, we discuss the major encryption algorithms proposed for transmission of data in IoT networks. Specifically, we discuss the design and implementation of these algorithms and highlight their issues and drawbacks. We also discuss the design, implementation and issues with the TEA and its latest versions in detail.

One of the earliest works in this area was the RC5 symmetric key block cipher [24]. RC5 uses variable sized blocks, 32, 64, 128 bits etc. The rounds used are 0–255 with key size of 0 to 2040 bits. The case RC5 is determined suitable for wireless sensor network (WSN) applications, but the key schedule must be calculated a priori based on 104 additional bytes of RAM for each key. Also, the variable-bit rotation instruction used by RC5 is rarely supported by the embedded systems [24]. Skipjack algorithm is another block cipher algorithm developed by the US National Security Agency. Skipjack and its variants, TinySec and MiniSec, are used for transmission of data in WSNs. But the algorithm is not efficient in embedded IoT devices with multiple issues in implementation [25,26,27]. Standaert et al. gave the scalable encryption algorithm (SEA) [28] generated for processing units that have limited the instruction set. It provides cost-effective encryption and authentication, but does not address secure search of the substring. Hong et al. proposed the HIGHT algorithm [29] that is very useful for pervasive computing devices like devices of a wireless sensory system or network. It uses Feistel network and basic operations like addition mod 2⁸ or XOR. There are 32 rounds with 128-bit key and 64-bit block size. But the noted algorithm is vulnerable to saturation attack. Usman et al. proposed SIT—a lightweight encryption algorithm [30] that provides enhanced security for data transmission between IoT devices. SIT uses a combinational form of Feistel structure and network with a uniform substitution-permutation. But the detailed study on performance evaluation and cryptanalysis for possible attacks have not been performed. Liang C et al. [31] proposed the hybrid encryption algorithm for lightweight data in cloud storage. This was an improved method on the RSA algorithm and it combined with advanced encryption standard (AES) to introduce a hybrid encryption algorithm. The proposed algorithm improves the efficiency of generating large primes. But the algorithm was mainly focused on enhancing the data confidentiality in the cloud. M-SSE proposed by Chongzhi Gao et al. [32] is different from existing searchable symmetric encryption algorithms as it provides privacy in both forward and backward directions using a technique of multi-cloud computing. But the algorithms and its variations are prone to information leakage. International data encryption algorithm (IDEA) [33] is a block symmetric algorithm that uses 64-bit plain text and a key size of 128 permuted into 52 sub-keys of 128 bits. It includes a Feistel structure and has eight rounds. The degree of diffusion and non-linearity properties of the round function decides the strength of the Feistel structure. IDEA does not use substitution and permutation boxes and is based on operations like XOR, addition and multiplication, thus reducing the memory overhead. The use of the multiplication operation provides diffusion. IDEA does not support any change in the Feistel structure and hence is not flexible. MARS [34] is another symmetric block algorithm that uses 128-bit plaintext with key size varying between 128–448 bits. It follows Feistel structure and has only one substitution box. This algorithm is faster than DES and it is susceptible to many attacks. The involvement of various components makes MARS very complex to analyze and implement in hardware. Abdelhalim et al. proposed the modified TEA algorithm (MTEA) [35], which improves the security of TEA and power consumption. The linear feedback shift register (LFSR) is used as a pseudo-random number generator to improve the security of the TEA and power utilization. The pseudo-random number generator frequently changes the MTEA key in each round. Zhdanov and Sokolov proposed an algorithm [36] based on the principles of many-valued logic and variable block length. The encryption process is performed iteratively with five rounds. The number of rounds can be varied, with round 1 consisting of gamma and permutations procedures, remaining rounds include substitution and gamma procedures. The proposed method can process binary information after representing as a ternary vector. But there is no method developed that does this conversion directly. LEA (lightweight encryption algorithm) is a block encryption algorithm [37] that is designed to provide confidentiality in lightweight environment like mobile devices. This algorithm uses plain text of 128 bits and varying modes can be selected depending on the size of the key (128, 192, or 256 bits). Based on the modes, the number of rounds can be changed between 24, 28, and 32 bits. This algorithm does not use S-box, instead addition, rotation and XOR arithmetic operation is processed in 32-bit unit [38]. Abdullah et al. proposed a super-encryption cryptography [39] with IDEA (international data encryption algorithm) and WAKE (word auto key encryption) algorithm. The technique of super encryption combines two or more symmetric cryptographic algorithms so as to provide more security to data. Anderson et al. proposed the serpent algorithm [40] that was an AES candidate. The main aim of this algorithm is to maximize the avalanche effect within the cipher text. Serpent has substitution permutation structure that uses 128-bit plain text and accepts keys of 128, 192, or 256 bits. The 32 rounds of serpent make it a bit slower and complex to implement on small blocks. Data encryption standard (DES) is one of the widely used symmetric key block cipher that uses the Feistel structure. The plaintext of 64-bit and a key size of 56 bits are used for the encryption process that includes 16 rounds. The DES algorithm does not allow flexibility in Feistel structure and hence does not support any changes in it [41].

Tiny encryption algorithm (TEA) developed by David Wheeler and Roger Needham [42] is the most efficient for use with embedded devices in IoT networks compared to all the discussed encryption algorithms. Some of the interesting features of TEA are ease of implementation, the absence of specialized tables, good performance and short enough to integrate into any embedded device. The main focus of TEA is reduced memory usage and maximized speed. Encryption routine of TEA is shown in Figure 1 and the decryption routine is shown in Figure 2.

Figure 1. Encryption routine of the tiny encryption algorithm (TEA).

Figure 2. Decryption routine of TEA.

TEA uses Feistel structure with 64 rounds or 32 cycles where one cycle is composed of two rounds [43]. The plaintext block size is 64 bits (operate on two 32-bit unsigned integers and stored in v[0] and v[1]). The recommended key size is 128 bits. The key is split into four 32-bit blocks, k[0] to k[3]. The XOR and AND operations are used alternatively. Also repeated mixing of all the bits of plaintext and key is achieved by the dual shift operation. A simple key schedule is used for both encryption and decryption and the four 32-bit blocks of the key are mixed exactly the same way for each cycle. Magic constant is used to compute the key. For preventing the attacks caused by the symmetry of rounds, each cycle (one cycle constitutes of two rounds) uses different multiples of magic constants. Magic constant is 2,654,435,769 or 9E3779B9₁₆ and would be selected as 2³¹/ Ø (Ø is named the golden ratio). During the encryption process, the plaintext is partitioned into two parts Left[0] and Right[0]. Each of the parts utilizes another half part for doing the encryption process. There will be 64 rounds along with two other rounds that constitute one cycle, so there are 32 cycles. After the 64th round, both parts will be composed to create the cipher text. In each of the rounds, all the inputs include “Left[i − 1]” and “Right[i − 1]” which is derived from the previous round and sub-key Ki extracted from the 128-bit key K. The constant delta =0 × 9E3779B9 is chosen to be 2³¹/Ø. This is to confirm that the sub-keys are distinct and that the accurate value of it does not have a cryptographic significance. In each round, the integer "addition" modulo of 2³² is applied instead of XOR. The round function F uses addition, bitwise XOR, left and right shift operation.

For the i-th cycle,

Left [i] = Left [i − 1] + F (Right [I − 1], key [0, 1], delta [i]),

Right [i] = Right [i − 1] + F (Left [i − 1], key [2, 3], delta [i]),

Delta [i] = Floor ((i + 1)/2)*delta

Round function F is

F(M,K[a,b],delta[i]) = ((M<<4)AND k[a]) XOR (M AND delta[i]) XOR ((M>>5)AND k[b] ).

The 128-bit key is divided into four 32-bit blocks K=(k[0], k[1], k[2], k[3]) where odd rounds use keys k[0] and k[1] and even rounds use k[2] and k[3]. One cycle constitutes two rounds and the i-th round is shown in Figure 3.

Figure 3. The i-th cycle of TEA.

Many variations of the TEA algorithm have been proposed recently. Dian Rachmawati et al. proposed an algorithm [44] that uses a combined asymmetric and symmetric encryption for secure file transfer. The security of the file is taken care by the symmetric algorithm TEA and security of the key by the asymmetric algorithm LUC based on Lucas function. But the method used the same key for all rounds of encryption leading to reduced security. Novelan et al. developed an SMS security system for mobile devices using the Tiny Encryption algorithm [45]. This system ensures that the confidential messages are encrypted in the presence of a key to obtain the encrypted SMS message that is sent to the destination mobile number. Cipher text at the receiver side can be decrypted using the same key to get the SMS. The drawback with this method is that the size of the SMS decides the encryption and decryption time taken for the process. XTEA is a block symmetric encryption algorithm that uses the Feistel structure [46]. This algorithm uses 64-bit block plaintext, 128-bit key and 64 rounds of encryption. This algorithm uses a more complex key-schedule than TEA with rearrangements of the shifts, XOR’s and additions [47]. XXTEA, also called block TEA uses the same round function as XTEA but applies it cyclically across an entire message for several iterations [48]. Table 1 presents a summary of all the existing security algorithms.

Table 1. Summary of the symmetric encryption techniques.

Algorithm	Developer	Block/Stream Cipher	Key Size	Attack	Algorithm Structure
DES [41]	IBM	Block cipher (64 bits)	56 bits	Brute Force Attack	16 rounds Feistel Structure
3DES [49]	IBM	Block cipher (64 bits)	112 or 168 bits	chosen-plaintext attack	48 rounds Feistel Structure
IDEA [33]	Lai and James	Block cipher (64 bits)	128 bits	weak keys	8 rounds Feistel Structure
RC5 [24]	Ron Rivest	Block cipher (32,64,128 bits)	0–2040 bits	differential attack	(12 round suggested) Feistel Structure
TEA [45]	Wheeler and Needham	Block cipher (64 bits)	128 bits	equivalent key attack	Variable round Feistel Structure
XTEA [46]	Wheeler and Needham	Block cipher (64 bits)	128 bits	related key differential attack	Variable round nested Feistel Structure
XXTEA [47]	Wheeler and Needham	Block cipher (64 bits)	128 bits	chosen-plaintext attack	unbalanced Feistel Network
SKIPJACK [50]	National Security Agency (NSA)	Block cipher (64 bits)	80 bits	slide attack	32 rounds, unbalanced Feistel Structure
AES [40]	Daemen and Rijmen	Block cipher (128 bits)	128, 192, 256 bits	known plaintext	20 rounds Feistel Structure
MARS [34]	IBM	Block cipher (128 bits)	128, 192, 256 bits	meet-in-the-middle	32 rounds Feistel Structure
HIGHT [29]	Hong et al.	Block cipher (64 bits)	128 bits	Impossible Differential attack	light weight block algorithm, effective in hardware

Of all the discussed algorithms, TEA remains the most efficient for use in IoT networks for secure and quick transfer of text files between simple embedded devices. But one of the major issues with TEA and its latest variations is the usage of same keys through all rounds of encryption, resulting in reduced security, which is evident from the avalanche effect of the algorithm. Also, the encryption and decryption time for text is high, leading to lower efficiency in IoT networks with embedded devices. This paper proposes a NTSA which provides enhanced security for the transfer of text files through the IoT network by introducing additional key confusions dynamically for each round of encryption.

3. Novel Tiny Symmetric Encryption Algorithm (NTSA)

The TEA algorithm and its variations use the same key in all rounds of encryption and are thus more prone to relative key attack where the attacker tries to realize some relationship between different keys used by the user. The proposed NTSA algorithm is intended to provide more confusion to the keys in each round dynamically. It uses 64-bit plaintext and key of 128 bits. There are 32 cycles and each cycle is composed of two rounds, resulting in 64 rounds. The plaintext is divided into two halves, v0 and v1, with 32 bits each. The round function op is applied to each half of plaintext. The 128-bit key is divided into four 32-bit partial keys k1, k2, k3, and k4. Partial keys k1 and k3 are applied to the odd numbered round and partial keys k2 and k4 are applied to even numbered round. Compute key schedule constant ksc = floor (2³¹/Ø) where Ø is the golden ratio. The golden ratio Ø is 1.618033988749895 and computed as (1 + √ 5)/2.

NTSA round function is as follows:

Round i (i is odd):

v0 += ((v1 LSHIFT 4) AND k0) XOR (v1 AND kc) XOR ((v1 RSHIFT 5) AND k1)

Round i (i is even):

v1 += ((v0 LSHIFT 4) AND k2) XOR (v0 AND kc) XOR ((v0 RSHIFT 5) AND k3)

For 1st cycle: the partial keys are k0, k1, k2 and k3.

From 2nd cycle onwards:

For odd round k0 is kept constant but k1 changes for all odd rounds as follows,

k1 = k1 + (k0 XOR(xtract(v0)))

For even round k2 is kept constant but k3 changes for all even rounds as follows,

k3 = k3 + (k2XOR(xtract(v1)))

The function xtract() will compute an integer in the range 0 to 32 from v0 or v1 depending upon the parameter being passed. This integer value is an index to an array that is generated dynamically based on the key value selection. The xtract() function will return the value from the array that is pointed by the index value computed. Thus, the key confusion is created dynamically and cannot be predicted prior to execution and the value changes on each execution of the algorithm. The NTSA encryption and decryption model is shown in Figure 4.

Figure 4. System model: novel tiny symmetric encryption algorithm (NTSA) encryption and decryption.

The source file can be a file of any type such as a document, spreadsheet, pdf, presentation, image, text file etc. The text file can be sent directly to the NTSA encryption algorithm to obtain the cipher text. All the other types of files are converted into binary, the streams of ones and zeros. This binary stream is sent to the NTSA encryption algorithm to get the cipher text using the secret key which has already been agreed upon by the sender and the receiver. On reception of cipher text at the receiver end, the NTSA decryption algorithm converts the cipher text to plaintext. If the converted file is binary (that is streams of zeros and ones) the file is converted to the respective source file, otherwise the plaintext is already received. The NTSA Encryption technique is presented as Algorithm 1 and Decryption technique is presented as Algorithm 2.

Algorithm 1 Novel tiny symmetric encryption algorithm (NTSA) symmetric encryption algorithm

Encrypt (plaintext v, key k):

1: Start 2: Assign key constant kc = 0 3: Assign cycle = 0 4: kc = kc + ksc 5: 32-bit block v0 is recomputed as   v0 += ((v1 LSHIFT 4) AND k0) XOR (v1 AND kc) XOR ((v1 RSHIFT 5) AND k1) 6: Partial key k1 is recomputed as   k1 += (k0 XOR(xtract(v0))) where function xtract() returns value of array indexed v0. 7: 32-bit block v1 is recomputed as   v1 += ((v0 LSHIFT 4) AND k2) XOR (v0 AND kc) XOR ((v0 RSHIFT 5) AND k3) 8: Partial key k3 is recomputed as   k3 += (k2 XOR(xtract(v1))) where function xtract() returns value of array indexed v1. 9: Increment cycle by 1 10: Repeat step 4 through step 9 until cycle = 32 11: Assign value of k1 to newk1 and k3 to newk3 12: Return newk1 and newk3

The NTSA symmetric encryption algorithm uses the plaintext to encrypt with the key that was already agreed upon by the two parties in communication. The key constant is initialized to zero. The key schedule constant ksc is computed as floor (2³¹/Ø) where Ø is the golden ratio. The golden ratio Ø is 1.618033988749895. The 32-bit block plaintext v0 and v1 are recomputed each time for 32 cycles and partial keys k1 and k3 are recomputed for even and odd rounds respectively to induce key confusion. The computation of v0, k1, v1, k3 are shown in the following equations.

v0 += ((v1 LSHIFT 4) AND k0) XOR (v1 AND kc) XOR ((v1 RSHIFT 5) AND k1)

k1 += (k0 XOR(xtract(v0))) where function xtract() returns value of array indexed v0.

v1 += ((v0 LSHIFT 4) AND k2) XOR (v0 AND kc) XOR ((v0 RSHIFT 5) AND k3)

k3 += (k2 XOR(xtract(v1))) where function xtract() returns value of array indexed v1.

kc is recomputed each time as kc = kc + ksc

This process is repeated for 32 cycles and after the last cycle the values of partial keys k1 and k3 are the new values computed and these new partial keys and the cipher text are sent to the decryption process. The NTSA symmetric decryption algorithm uses the cipher text, the key that was already agreed upon by the two parties in communication and the newly computed partial keys k1 and k3 for the decryption purpose. The key constant is initialized to 0XC6EF3720. The key schedule constant ksc is computed as floor (2³¹/Ø). The golden ratio Ø is 1.618033988749895. The 32-bit blocks v1 and v0 are recomputed each time for 32 cycles and partial keys k3 and k1 are recomputed for odd and even rounds respectively to induce key confusion. The computation of k3, v1, k1 and v0 are shown in the following equations.

k3 - = (k2 XOR(xtract(v1))) where function xtract() returns value of array indexed v1

v1 - = ((v0 LSHIFT 4) AND k2) XOR (v0 AND kc) XOR ((v0 RSHIFT 5) AND k3)

k1 - = (k0 XOR(xtract(v0))) where function xtract() returns value of array indexed v0

v0 - = ((v1 LSHIFT 4) AND k0) XOR (v1 AND kc) XOR ((v1 RSHIFT 5) AND k1)

kc is recomputed each time as kc = kc − ksc

This process is repeated for 32 cycles and after the last cycle the 32-bit block v0 and v1 contains the decrypted contents.

Algorithm 2. NTSA symmetric decryption algorithm

Encrypt (plaintext v, key k):

1: Start 2: Assign key constant kc = 0XC6EF3720 3: Assign k1 = newk1 and k3 = newk3 4: Assign cycle=0 5: Partial key k3 is recomputed as k3 - = (k2 XOR(xtract(v1))) where function xtract() returns value of array indexed v1. 6: 32-bit block v1 is recomputed as    v1 - = ((v0 LSHIFT 4) AND k2) XOR (v0 AND kc) XOR ((v0 RSHIFT 5) AND k3) 7: Partial key k1 is recomputed as    k1 - = (k0 XOR(xtract(v0))) where function xtract() returns value of array indexed v0. 8: 32-bit block v0 is recomputed as    v0 - = ((v1 LSHIFT 4) AND k0) XOR (v1 AND kc) XOR ((v1 RSHIFT 5) AND k1) 9: kc = kc − ksc 10: Increment cycle by 1 11: Repeat step 5 through step 10 until cycle=32 12: Return

Figure 5 and Figure 6 show the structure of NTSA encryption and decryption algorithm.

Figure 5. Structure of NTSA encryption algorithm.

Figure 6. Structure of NTSA decryption algorithm.

The notation:

in v^O0,1; O indicates an odd round, and 0,1 indicate the 0th cycle, round 1;

in v^E1,1; E indicates an even round, and 1,1 indicate the 1st cycle, round 1.

For computing v^O0,1, the second half of the plaintext v1 is used and shift, AND, and XOR operations are performed on v1. Similarly, for computing v^E1,1, the first half (32 bits) of plain text v0 is used and shift, AND and XOR operations are performed on v0.

4. Experimental Results and Discussion

In this section we discuss the results obtained with our experiments. The performance of NTSA is analyzed and compared with TEA and its latest variations XTEA and XXTEA. A network with LPWAN and IoT infrastructures was set up in our lab. NTSA, TEA, XTEA and XXTEA algorithms were implemented in embedded devices. System architecture similar to [51] was used for the experimental set up. IoT configured mobile devices connected with LPWAN and interfaced with IoT cloud via the IoT gateway was set up. The text files were then transmitted from these devices to the IoT cloud configured in a mobile device through the IoT gateway platform. The text files were then stored in the database in the cloud server. The text files were then encrypted using the four algorithms separately in four different scenarios and were send to the IoT configured mobile devices. The encryption and decryption times for each algorithm was measured for varying file sizes and key sizes.

4.1. Performance Comparison of NTSA with TEA, XTEA and XXTEA

Table 2 and 3 presents the encryption and decryption times of the various security algorithms for 48-bit key with varying file sizes from 0.37 kilobytes to 26.7 kilobytes. It is evident from Table 2 that the encryption time for text files using the proposed method NTSA was lower than the other existing security algorithms. NTSA achieved an encryption time of 0.041 ms for a 0.37 kB text file which is much lower compared to 0.059 ms obtained by the TEA algorithm. The two other variations of TEA, XTEA and XXTEA had much higher encryption times because of their complexity in design and implementation. It is observed from the results that, even when the text file size increased, NTSA maintained a lower encryption time compared to the other existing security encryption schemes. NTSA achieved a much lower encryption time of 0.857 ms, 1.211 ms and 1.603 ms for text file size 12.2 kB, 16.2 kB, and 26.7 kB, respectively. This asserts the excellent performance of NTSA even with higher text file sizes.

Table 2. Encryption time for key size of 48 bits.

FILE SIZE	ENCRYPTION TIME (in milliseconds)
(IN KILO BYTES)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
0.37	0.059	0.174	0.083	0.041
0.95	0.125	0.244	0.155	0.112
1.6	0.214	0.451	0.271	0.201
2.6	0.351	0.683	0.429	0.289
6.8	0.771	1.384	1.768	0.551
8.6	0.817	2.120	1.192	0.801
12.2	0.916	2.306	1.379	0.857
16.2	1.544	3.744	1.981	1.211
26.7	1.802	4.176	2.712	1.603

From the results presented in Table 3, it is evident that NTSA achieved a lower decryption time for various text file sizes compared to the other three existing security algorithms in IoT networks. NTSA achieved a decryption time of 0.055 ms for a 0.37 kB text file, which is much lower than the decryption time achieved by other algorithms. For higher file sizes of 12.2 kB, 16.2 kB and 26.7 kB, NTSA achieved 0.890 ms, 1.234 ms, and 1.645 ms decryption times, respectively. So even with higher text file sizes, NTSA achieved lower decryption times similar to the results obtained during encryption. Lower encryption and decryption times are a very important parameter determining the efficiency of a security algorithm in an IoT network. With most of the devices having limited computational capabilities, it is very much required to have a security algorithm that can provide maximum security with less complexity and minimum encryption and decryption times. Thus, the results obtained from our experiments with 48-bit key encryption confirms that the proposed method achieves much lower encryption and decryption times compared to the existing security algorithms in IoT networks. This result is achieved, especially due to the simplicity in design of the proposed algorithm, without compromising the strength in security. The improved strength in security of the algorithm was later verified using the avalanche effect parameter. With lower encryption and decryption time, this algorithm would be highly beneficial for the users to transmit text files through the IoT networks more efficiently.

Table 3. Time for key size of 48 bits.

FILE SIZE	DECRYPTION TIME (in milliseconds)
(IN KILO BYTES)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
0.37	0.058	0.136	0.068	0.055
0.95	0.123	0.289	0.156	0.112
1.6	0.209	0.474	0.254	0.201
2.6	0.332	0.691	0.371	0.323
6.8	0.753	1.369	1.73	0.655
8.6	0.806	2.095	1.16	0.789
12.2	0.903	2.228	1.365	0.890
16.2	1.537	3.698	1.959	1.234
26.7	1.78	4.241	2.799	1.645

Table 4 and Table 5 present the comparison of encryption and decryption time of NTSA with TEA, XTEA and XXTEA for a 128-bit key with varying file sizes from 0.37 kilobytes to 26.7 kilobytes. It is interesting to observe from the results presented in Table 4 that with a larger key size, NTSA achieved lower encryption time compared to all the existing security algorithms in IoT networks. The encryption time for a text file of size 0.37 kB with 128-bit key is 0.51 ms for NTSA which was much lower compared to the encryption time achieved by TEA, XTEA and XXTEA algorithms. The simplicity in design of NTSA helped the algorithm to achieve lower encryption time with varying key and file sizes.

Table 4. Time for key size of 128 bits.

FILE SIZE	ENCRYPTION TIME (in milliseconds)
(IN KILO BYTES)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
0.37	0.059	0.125	0.068	0.51
0.95	0.126	0.264	0.158	0.109
1.6	0.198	0.423	0.232	0.189
2.6	0.332	0.686	0.384	0.221
6.8	0.696	1.584	0.743	0.548
8.6	0.948	1.669	1.171	0.899
12.2	1.277	2.807	1.535	1.02
16.2	1.12	3.263	1.864	1.10
26.7	2.209	5.207	2.224	1.983

Table 5. Time for key size of 128 bits.

FILE SIZE	DECRYPTION TIME (in milliseconds)
(IN KILO BYTES)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
0.37	0.058	0.143	0.068	0.49
0.95	0.125	0.276	0.179	0.101
1.6	0.195	0.43	0.233	0.174
2.6	0.324	0.673	0.388	0.311
6.8	0.678	1.57	0.75	0.556
8.6	0.936	1.641	1.21	0.889
12.2	1.241	2.764	1.538	1.03
16.2	1.111	3.184	1.956	1.10
26.7	2.179	5.178	2.193	1.989

This scenario was also observed with the decryption times presented in Table 5. With decryption also, NTSA achieved lower times compared to its compatriots with a 128-bit key and varying file sizes. NTSA achieved a decryption time of 0.49 ms for a 0.37 kB text file compared to 0.058 ms, 0.143 ms and 0.068 ms achieved by TEA, XTEA and XXTEA respectively for similar text file size. For higher file sizes of 12.2 kB, 16.2 kB, and 26.7 kB, NTSA achieved 1,03 ms, 1.10 ms, and 1.989 ms decryption times, respectively. So even with higher text file sizes, NTSA achieved lower decryption times similar to the results obtained during encryption. With lower encryption and decryption times at 128-bit key, NTSA can become the preferred security algorithm for hand held devices and other embedded IoT devices with different computational capabilities for efficiently transferring text files.

Table 6 and Table 7 show the encryption and decryption times of the security algorithms for the transfer of a text file with size 0.95 kB. The better performance of NTSA compared to all the existing security algorithms is evident from the obtained results. This is because the NTSA algorithm has a very simple implementation strategy. The TEA and its different variations use complex computations with the key and hence the encryption and decryption time is greater. In Table 6, the encryption time obtained by NTSA for a file size of 0.95 kB with varying key size is compared with the existing algorithms. The key size is varied from 32 bits to 240 bits and the corresponding encryption time is observed. TEA achieved an encryption time of 0.125 ms for a key size of 32 bits while XTEA and XXTEA achieved 0.287ms and 0.145 ms, respectively. For the same key size, NTSA had an encryption time of 0.07 ms which was much lower compared to all the other security algorithms. For the 96-bit key, XTEA had an encryption time of 0.126 ms, while XTEA and XXTEA had encryption times of 0.265 ms and 0.158 ms, respectively. The encryption time obtained by NTSA for similar key size was 0.093 ms which was much lower than the time achieved by the existing algorithms. This demonstrates the better performance of the proposed approach NTSA, compared to all the existing security algorithms in IoT networks with varying key sizes.

Table 6. Encryption time for file size 0.95 kB.

KEY SIZE	ENCRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	0.125	0.287	0.145	0.07
48	0.125	0.264	0.162	0.083
64	0.125	0.246	0.17	0.088
96	0.126	0.265	0.158	0.093
128	0.126	0.264	0.158	0.097
160	0.114	0.271	0.154	0.100
192	0.125	0.279	0.144	0.100
240	0.125	0.279	0.145	0.113

Table 7. Time for file size 0.95 kB.

KEY SIZE	DECRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	0.124	0.281	0.146	0.068
48	0.136	0.257	0.15	0.087
64	0.123	0.214	0.152	0.088
96	0.123	0.259	0.158	0.091
128	0.125	0.276	0.179	0.090
160	0.113	0.267	0.155	0.101
192	0.126	0.26	0.159	0.119
240	0.123	0.259	0.157	0.119

Table 8 and Table 9 show the encryption and decryption times of the security algorithms for the transfer of a text file with size 12.2 kB with varying key sizes. The encryption time achieved by TEA, XTEA and XXTEA for a key size of 32 bits was 1.173 ms, 2.287 ms, and 1.649 ms, respectively, which was much higher compared to 1.009 ms obtained by NTSA for a similar key size. Even for a key size of 96 bits, NTSA achieved an encryption time of 1.10 ms which is lower than the values obtained by all the other existing security algorithms for similar file size. For a key size of 240 bits, NTSA had an encryption time of 1.2 ms which was much lower compared to all the existing algorithms. Thus, for smaller and larger key sizes, NTSA achieved lower encryption time compared to all the existing security algorithms in IoT networks. This scenario is also observed with the decryption times presented in Table 9. NTSA achieved a decryption time of 1.025 ms, 1.155 ms, and 1.388 ms for a key size 160 bits, 192 bits, and 240 bits, respectively. This time achieved by NTSA was lower than the times obtained by TEA, XTEA and XXTEA for similar key sizes in the IoT network. This assures the better performance of NTSA compared to all the existing algorithms with varying key sizes in IoT networks.

Table 8. Time for file size 12.2 kB.

KEY SIZE	ENCRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	1.173	2.287	1.649	1.009
48	1.178	2.572	1.393	1.010
64	1.248	2.089	1.178	1.006
96	1.208	2.32	1.502	1.10
128	1.067	2.301	1.534	1.04
160	1.137	2.608	1.076	1.03
192	1.39	2.327	1.148	1.11
240	1.439	2.866	1.413	1.2

Table 9. Decryption time for file size 12.2 kB.

KEY SIZE	DECRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	1.127	2.249	1.641	1.08
48	1.195	2.572	1.396	1.083
64	1.241	2.084	1.179	1.112
96	1.226	2.299	1.477	1.117
128	1.029	2.265	1.583	1.020
160	1.093	2.645	1.074	1.025
192	1.363	2.278	1.163	1.155
240	1.402	2.827	1.414	1.388

Table 10 and Table 11 presents the results obtained in encryption and decryption time with NTSA, TEA, XTEA and XXTEA for a text file size of 26.7 kB with varying key sizes from 32 bits to 240 bits. The encryption time achieved by TEA, XTEA and XXTEA for a key size of 32 bits is 2.253 ms, 4.459 ms, and 2.339 ms, respectively, which is much higher compared to 1.772 ms obtained by NTSA for a similar key size. Even for a key size of 96 bits, NTSA achieved an encryption time of 1.856 ms which was lower than the values obtained by all the other existing security algorithms for similar file size. NTSA also achieved an encryption time of 1.887 ms, 1.662 ms, and 1.912 ms for 160 bits, 192 bits and 240 bits’ key sizes. Thus, from the results it is evident that NTSA achieved much lower encryption times compared to all the existing algorithms in IoT networks. This scenario is also verified in Table 11 which presents the decryption time obtained by these algorithms for varying key sizes. The simplicity in design enables NTSA to achieve much lower encryption and decryption times in IoT networks. This would definitely enable IoT devices with varying computational and storage capabilities to efficiently and securely transmit text files through the network.

Table 10. Time for file size 26.7 kB.

KEY SIZE	ENCRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	2.253	4.459	2.339	1.772
48	1.883	3.734	2.111	1.789
64	1.933	3.349	2.485	1.812
96	2.812	4.856	2.246	1.856
128	2.209	5.207	2.224	1.825
160	2.925	3.687	2.731	1.887
192	1.869	4.562	1.958	1.662
240	1.989	4.213	2.43	1.912

Table 11. Time for file size 26.7 kB.

KEY SIZE	DECRYPTION TIME (in milliseconds)
(IN BITS)	TEA	XTEA	BLOCK TEA (XXTEA)	NTSA
32	2.212	4.422	2.387	1.701
48	1.854	3.713	2.136	1.746
64	1.888	3.307	2.516	1.777
96	2.726	4.892	2.289	1.834
128	2.179	5.178	2.193	1.820
160	2.883	3.668	2.711	1.811
192	1.853	4.498	1.935	1.812
240	1.934	4.073	2.456	1.936

From the results presented in Table 2, Table 3, Table 4, Table 5, Table 6, Table 7, Table 8, Table 9, Table 10 and Table 11, it is very evident that the NTSA algorithm give better performance compared to all the existing algorithms with variable file sizes and key sizes. NTSA gave much lower encryption and decryption times for variable size text files using multiple key sizes in IoT networks. This is due to the simple and efficient design of NTSA. One of the most important features of NTSA is that it provides enhanced security to all the applications in IoT devices with lower encryption and decryption times. Thus, the proposed approach NTSA can be used for efficient and secure transfer of text files between devices in IoT networks.

Avalanche Effect

The avalanche effect is the property wherein a very small change in input results in significant changes on the output. An encryption algorithm is considered good if a one-bit change in key results in significant changes in the cipher text. With reference to the avalanche effect, we compared the strength of NTSA and TEA algorithms.

Experiment 1: an encryption was performed for NTSA and TEA algorithms using keys with varying key sizes of 48, 64 and 128 bits and same plaintext. Then one bit was changed on the key and the experiment was repeated. It is observed that for every 64-bit block, a one-bit change in key resulted in significant changes on the cipher text. Drastic changes were observed for the NTSA algorithm when compared to TEA. Figure 7 shows, for every 64-bit block, a change in one bit of the key with various key sizes and the corresponding change in cipher text for NTSA and TEA.

Figure 7. Change in key and the corresponding change in cipher text for a 64-bit block.

From Figure 7, it is very evident that when a bit in the key was changed, the cipher text generated using NTSA algorithm had more drastic change than the cipher text created using TEA. This shows the increased security offered by the NTSA algorithm compared to TEA.

Experiment 2: an encryption was performed for NTSA and TEA algorithms using keys with varying key sizes 48, 64 and 128 bits. Then one bit was changed on the plaintext and the experiment is repeated. It was observed that for every 64-bit block, one-bit change in plaintext resulted in significant changes on the cipher text. Drastic changes were observed for the NTSA algorithm when compared to the tiny encryption algorithm. Figure 8 shows that for every 64-bit block a change in one bit of key with various key sizes and the corresponding change in cipher text for NTSA and TEA.

Figure 8. One-bit change in plaintext corresponding change in cipher text for 64-bit block.

From Figure 8 it is very evident that when a bit in the plaintext was changed, the cipher text generated using NTSA algorithm had more drastic change than the cipher text created using TEA. This verifies the increased security offered by the NTSA algorithm compared to TEA. Thus, the proposed method NTSA is more efficient and secure than all previously proposed encryption schemes for transfer of text files between embedded devices in IoT network.

5. Conclusions

TEA showed better performance in terms of both encryption and decryption execution times than XTEA and XXTEA. The XTEA was proposed to set the key schedule and XXTEA was proposed in order to present the key material slowly. The proposed algorithm NTSA does the same, and experiments performed proved that the performance of NTSA is better than TEA. In addition to this, NTSA created more confusion on the key than the tiny encryption algorithm. The avalanche effect showed a positive result to NTSA when compared to TEA. Thus, NTSA can be used by all the latest applications in IoT devices with different computational and storage facilities to transfer text files efficiently and securely through the network. The NTSA algorithm security can be further increased by encrypting the compressed file. In future we also aim to integrate and implement this algorithm for data transfer in ad hoc, sensor and fog networks [8,52,53,54,55,56,57].