Next Article in Journal
Zebrafish Melanophores Suggest Novel Functions of Cell Chirality in Tissue Formation
Previous Article in Journal
Research Review on Parking Space Detection Method
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:

Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box

College of Engineering, University of Ha’il, Ha’il 81481, Saudi Arabia
ISLAI Béja, University of Jendouba, Béja 9000, Tunisia
Laboratory of Electronics and Information Technology, National Engineering School of Sfax, Sfax University, Sfax 3038, Tunisia
Author to whom correspondence should be addressed.
Symmetry 2021, 13(1), 129;
Original submission received: 7 December 2020 / Resubmission received: 20 December 2020 / Revised: 6 January 2021 / Accepted: 10 January 2021 / Published: 13 January 2021
(This article belongs to the Section Computer)


In the Internet of Things (IoT), a lot of constrained devices are interconnected. The data collected from those devices can be the target of cyberattacks. In this paper, a lightweight cryptosystem that can be efficiently implemented in highly constrained IOT devices is proposed. The algorithm is mainly based on Advanced Encryption Standard (AES) and a new chaotic S-box. Since its adoption by the IEEE 802.15.4 protocol, AES in embedded platforms have been increasingly used. The main cryptographic properties of the generated S-box have been validated. The randomness of the generated S-box has been confirmed by the NIST tests. Experimental results and security analysis demonstrated that the cryptosystem can, on the one hand, reach good encryption results and respects the limitation of the sensor’s resources, on the other hand. So the proposed solution could be reliably applied in image encryption and secure communication between networked smart objects.

1. Introduction

1.1. Research Background and Motivation

The data security is considered to be one of the most critical issues; it is an indispensable requirement especially for the operations and transactions that are based on data. As a matter of fact, data encryption is required before transmitting the data into the network. Developing new technologies for IoT without considering security will make the privacy of users’ data vulnerable. The integration of the IoT with the security protocols is therefore a challenge. Recently, security aspects in the Internet of Things are getting more and more attention. Sensor nodes are characterized with their limited capacities and therefore implementing solutions based on the actually security protocols makes the subject challenging. In order to guarantee security in IOT, communications should be encrypted. Unfortunately, security is in general considered to be complex. Its cost is even more noticeable because of the limited resources of the sensor nodes [1]. Therefore, lightweight cryptography proved to be suitable for limited resources in IoT. As an emerging paradigm, the smart city avails and takes advantage of the existence of a variety of promising solutions, such as artificial intelligence (AI), Internet of Things (IoT), big data analysis, and real-time control. Many research works studied smart cities from several perspectives [2]. The main problem that was mentioned in these recent research studies was “security”. In [3], authors presented the concept of citizen’s privacy where they detailed a model which distinguishes five dimensions: identity privacy, query privacy, location privacy, footprint privacy, and owner privacy. The security problem becomes much more serious due to the vulnerabilities of IoT devices. In [4], Abomhara et al. showed that IoT has resulted in the emergence of new types of security threats and it is evident that sensors and devices used in the IoT network could be targeted with malware and be vulnerable to several attacks.

1.2. Related Work

For the last two decades, lightweight cryptography has received significant attention and this has increased further in the last five years. Cryptographic algorithms must be used in the communication channels between the sensors so as to provide security. However, because of the very low energy available and the size of ROM and RAM, the cryptographic algorithms shall be as “small” as possible. Several lightweight algorithms were presented and they drew attention to their high security level [5]. These algorithms are still resistant against different attacks and are still effective. During the design of the cipher, PRESENT, Bogdanov et al. focused on security and hardware efficiency [6]. PRESENT, a leading algorithm for a lightweight block cipher, has a competitive requirement in compact hardware implementation compared with other algorithms. Several attempts have been suggested but none has succeeded in cryptanalysing the algorithm [7,8]. In [9], the blockcipher named CLEFIA was proposed. 128, 192 and 256 bits are the lengths key which are supported by CLEFIA. The authors explained in their paper that achieving a high level of efficiency in both hardware and software implementation as well as maintaining high levels of security was a challenge. In their paper (2008), Tsunoo et al. presented an impossible differential attack of CLEFIA [10]. Another lightweight algorithm, named LED, was described in 2011 [11]. The authors claimed that their solution can be adapted efficiently for lightweight hardware implementation. However an efficient attack has been found in [12]. Piccolo is the lightweight algorithm developed by Shibutani et al. [13]. It is a 64-bit blockcipher with keys of 80 and 128-bit. The authors showed that Piccolo ensures both a high level of security and an efficient implementation in hardware. They, also, made the point that the algorithm can resist against differential attacks and meet-in-the-middle attacks. An efficient attack has been found in [14]. In [15], a new cryptosystem named PRINCE was proposed taking into account the latency during the implementation in hardware. Compared with known solutions, PRINCE enables the encryption of data within one clock cycle with a very competitive chip area. Banik et al. presented an algorithm named Midori. The algorithm, which is characterized by its low energy consumption and compact hardware implementation, [16] is based on two block ciphers Midori128 and Midori64 with block sizes equal to 128 and 64 bits, respectively. Key weaknesses and efficient attacks have been found [17,18]. In order to ensure better results, several algorithms took advantage of the strength of AES algorithm. Sungha Kim and Ingrid Verbauwhede showed in their paper that implementing the Rijndael algorithm using 16 registers improves the efficiency over 40% in both speed and code size. They also showed that 128-bit size of input block is optimal for Rijndael implementation on 8-bit microcontroller [19]. In [20], authors tried to identify the candidates of blocks ciphers which are suitable for wireless sensor networks (WSNs), by constructing an evaluation framework. Because of the security properties, the storage and energy efficiency, authors selected the most appropriate ciphers for WSNs: Skipjack, MISTY1 and Rijndael. Andrea Vitaletti and Gianni Palombizio tried to answer the question: is speed the main issue? In their paper [21], they revealed that the developers of encryption algorithms for WSNs need to give priority to memory occupation and energy efficiency over speed. The designers showed that their AES-based scheme can be a solution for data encryption and for end-to-end encryption. They also developed a nesC module On the operating system TinyOS that enables users to encrypt messages at the application layer. An implementation of AES algorithm on MOTE-KIT 5040 was presented in [22]. The main contribution of the paper is the development of an encryption algorithm based on multi-space random key pre-distribution system for wireless sensor network. In [23], an implementation of an encryption algorithm like-AES was proposed. The authors aim to ensure sufficient levels of security so as to improve data privacy in WSN networks. As a basic nonlinear component of symmetric algorithms, substitution boxes (S-boxes) are the core component of the AES algorithm. In modern cryptography, image encryption algorithms essentially make use of S-boxes to be able to strengthen substitution phases [24,25,26,27,28]. Recently, many powerful S-boxes have been generated on the basis of chaos functions because of their nonlinear property. A one-dimensional discrete-space chaotic system was proposed in [29]. The authors detailed in their paper the design algorithm of a new S-box using the proposed chaotic map which is based on the multiplication of integer numbers and circular shift. In [30], authors used a hybrid chaotic map in order to design an image encryption scheme. The proposed chaotic map displayed good cryptographic properties. In [31], authors designed a chaotic encryption system to generate a new S-box. In [32], authors presented a novel algorithm for designing a strong S-box. Their approach was based on cellular automata, and a fractional linear transformation over the Galois field.

1.3. Contributions of the Work

Most of the previous papers used simulations to assess the efficiency and strength of their algorithms. We think that a real implementation of encryption algorithms on real sensors provides more realistic results. Thus, our goal is to develop a lightweight scheme which is based on a modified AES algorithm and then implement it on a real wireless sensor. This modified algorithm is based on a new chaotic S-box that showed good cryptographic properties and a high level of randomness. In this paper, two main contributions are detailed. The first one is the drawing of a new strong S-box that passed all NIST tests. This S-box is essentially based on the generation of chaotic Boolean Functions aiming at reinforcing the nonlinear aspect. The Hilbert curve, which is a type of space-filling curves, was used to redistribute values in the S-box to ensure a high level of randomness. Our second contribution is the implementation of the encryption algorithm into a real sensor node characterized by limited capacities. In order to validate the strength of our encryption algorithm, a practical experiment was setup by encrypting a grayscale image on physical Wireless Sensor. This algorithm was implemented on Crossbow TelosB mote [33]. The use of the AES algorithm is justified by its inclusion in the IEEE 802.15.4 [34] standard. It is also the standard encryption protocol for ZigBee making it ideal for securing data exchange in wireless sensor networks.

2. Preliminaries

2.1. Internet of Things

IoT can be defined as a paradigm that takes into account the considerable presence of various things that can communicate with each other through wireless and wired connections [35]. The rapid development of the classical Internet into the IoT is empowering the exploration of countless domains of utilities that were previously unimaginable [36]. IOT networks, especially WSNs, are generally composed of constrained objects that are handled by a non-constrained object. A mutual authentication is necessary between a given device and the device manager if the former is aimed to join a WSN. Then, a symmetric secured pipe is created between the communicating entities in order to secure the exchanged data. IoT has been criticized for developing rapidly without taking into account the profound security challenges it entails and the necessary regulatory changes it require [37].
To deal with the issue of security of IoT, it is essential to first, understand all the building blocks of IoT. Then, one should identify each block’s area of vulnerability and finally explore the necessary technologies to counter each weaknesses. Things, gateways, network infrastructure and cloud infrastructure are the main components of an IoT architecture [38].
The IOT architecture is illustrated in Figure 1.

2.2. Boolean Functions

One of the most interesting methods of drawing symmetric key algorithms is Boolean functions. Their properties play a key role in cryptography where an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. A Boolean function on n variables takes the form F 2 n into F 2 . S-boxes can therefore be defined as (n, m) Boolean functions [39]. The generated S-box should have good cryptographic properties such as nonlinearity, bijection, the strict avalanche criterion, the output bits independence criterion (BIC) and the equiprobable input/output XOR distribution. A detailed description can be found in [40].

2.3. NIST Statistical Test Suite

To evaluate the different aspects of the randomness of binary sequences, cryptographers refer to the 15 NIST tests [41]. These tests evaluate different types of non-randoms that could exist in a sequence.
In this paper, NIST Statistical Test Suite will be called to study the randomness of the generated S-boxes, the chaotic PRNG and the ciphered images.

2.4. The Lorenz System

The high sensitivity to initial values is an important feature of chaotic systems. The Lyapunov exponent provides a quantitative description of the initial state sensitivity of a chaotic system [42]. The chaotic behavior of the Lorenz map is described by the following equation [43,44,45]:
x ˙ = a ( y x ) y ˙ = c x y x z z ˙ = x y b z
where: the system state (x,y,z), the system parameters (a,b,c). The Lorenz attractor and the Lyapunov exponents are illustrated in Figure 2 and Figure 3 respectively.
The main usefulness of the Lorenz system is to generate chaotic binary sequences in order to create the Boolean Functions.

2.5. SHA-2

The SHA-2 function was used in order to generate 256-bit external secret key K [46,47]. This secret key K will strengthen the proposed cryptosystem by increasing the complexity of the encryption algorithm to 2 256 . Therefore it can withstand the brute-force attack. K is split into 8-bit blocks as follows.
K = k 1 , k 2 , k 3 , . . . , k 32 .
The initial values can be derived as follows.
x 0 = x 0 + ( k 1 k 2 k 3 . . . k 11 ) / 256
y 0 = y 0 + ( k 12 k 13 k 14 . . . k 22 ) / 256
z 0 = z 0 + ( k 23 k 24 k 25 . . . k 32 ) / 256
where x 0 , y 0 and z 0 are the initial given values.

3. Scan Methodology

In [48,49], Giuseppe Peano and David Hilbert demonstrated that Space-filling curves are fractal objects. They formulate curves that visit every point in a unit square. The Scan represents a family of two-dimensional spatial accessing methodology to generate a large number of scanning paths [50]. The Hilbert curve H 2 n , for n 1 , is a fractal structure that is generated by the following recursive production rule [51]:
H 2 n
→ rightRot( H 2 n 1 ) → U → H 2 n 1 → R → H 2 n 1 D → leftRot( H 2 n 1 ) →
rightRot( H 2 )
→ U → R → D → -
rightRot( H 2 n )
→ R → U → L →
leftRot( H 2 )
→ L → D → R →
where D, U, L and R indicate the directions taken by the curve (Down, Up, Left and Right).

4. Hilbert Curve Scan Pattern

The scan path of Hilbert curve can be drawn either from right bottom (RB), left bottom (LB), right top (RT) or left top (LT) of the square grid [52,53]. The proposed construction method of the S-box is based on this scan path. The application of Hilbert curve scan pattern in this work is to redistribute values in the initial generated S-box. The representation of Hilbert curve using matrices is performed recursively via successive approximations which are called an order for that curve. The Orders (n) one through three of the Hilbert curve are shown in Figure 4.
Figure 5 shows that values from 0 to 3 are provided by the first order Hilbert curve and values from 0 to 15 are provided by the second order Hilbert curve.
The idea of using this Hilbert curve comes from the fact that we can develop an algorithm that describes it easily. This algorithm can be very interesting to redistribute values in a matrix. For example, suppose that the binary representation for a random cell N on the curve of order o: H o ( N ) = 111001010 . . . 11 . The four children n 0 , n 1 , n 2 and n 3 of H o ( N ) of order o + 1 will be represented as follows:
H o + 1 ( n 0 ) = C O N C A T ( H o ( N ) , 00 ) H o + 1 ( n 1 ) = C O N C A T ( H o ( N ) , 01 ) H o + 1 ( n 2 ) = C O N C A T ( H o ( N ) , 10 ) H o + 1 ( n 3 ) = C O N C A T ( H o ( N ) , 11 )

5. Modified AES S-Box Generation

An S-Box takes m input bits and transforms them into m output bits where n can be different to m. It is called ( m × n ) S-box and is implemented as a LookUp Table (LUT). The basic function of an S-Box is transforming one byte of input data into another one. It is specifically designed to be resistant to linear and differential cryptanalysis.

5.1. The Main Idea

The generating algorithm of the S-box is based on creating a set S of 2048 bits by using a chaotic map. Then, 8 subsets of Boolean functions are obtained from the main set S. The flowchart of the construction method is shown in Figure 6.

5.2. Generate the Chaotic Boolean Functions

  • Generate a chaotic set S of 2048 bits.
    • Define an empty binary set S.
    • Iterate Equation (1) for 200 times to get rid of the transient effect by using x 0 , y 0 , z 0 .
    • Iterate Equation (1) for 2048 times and denote the current state value as x , y , z . x is obtained by Equation (7) and inserted in S.
      x = m o d ( f l o o r ( 10 4 * x ) , 2 )
  • Get m Boolean functions by dividing the set S into 8 binary subsets of 256 bits.
  • Create the initial S-box.
  • Adjustment: Each element in the S-box must be unique. To guarantee this property, an adjustment of the S-box is needed.

5.3. Generate a Cryptographically Strong S-box

In this part, the initial S-box which was obtained above will be improved in order to produce a better S-box. Improving the algorithm is based on the Hilbert curve that will be used to permute values of the initial S-box. This permutation step will be iterated 1000 times. At each iteration we calculate the nonlinearity value of the generated S-box. Whenever we find a high value of nonlinearity, we save the corresponding S-box. The improvement of the algorithm of the S-box is described in Figure 7.

5.4. Experimental Results and Cryptographic Properties of the Chaotic S-box

The initial values of the Lorenz system are x 0 = 0 , y 0 = 1 , z 0 = 1.05 . The initial generated S-box is illustrated in Table 1. We keep permuting the values of the S-box and we calculate the nonlinearity of the generated S-boxes at each iteration until we get the S-box with the highest value of nonlinearity. Table 2 shows the best S-box with a value of nonlinearity equal to 107. Table 3 shows the inverse S-box which is simply the S-box run in inverse. It is used for the decryption algorithm. After executing our algorithm, nonlinearity value increased from 104 (iteration number 0) to 107 (iteration number 602). The evolution of the nonlinearity value is illustrated in Figure 8. The improvement of the value of nonlinearity is achieved thanks to the permutation step ensured by the Hilbert curve-based scan pattern.
The cryptographic properties of the S-box are presented as follows:

5.4.1. Bijectivity

The output values of the generated S-box are in the interval [0, 255]. Therefore, the S-box satisfies the requirement of bijectivity.

5.4.2. Nonlinearity

The average value of nonlinearity is equal to 107 Table 4. A comparison of the nonlinearity value of our s-box with others is illustrated in Table 5.

5.4.3. Strict Avalanche Criterion: SAC

The dependence matrix is illustrated in Table 6 and its mean value is 0.4932 which is very close to the ideal value 0.5. A comparison with other dependence values obtained from other S-boxes is illustrated in Table 7.

5.4.4. Bits Independence Criterion: BIC

The mean value of BIC-nonlinearity is 102.2857 which means that the S-box validates the BIC property (Table 8).

5.4.5. Nist Statistical Test Suite

To evaluate the randomness of the S-box, we applied all NIST tests. Table 9 demonstrates that the generated S-box has passed all tests.

6. The Proposed Image Encryption Scheme

Many factors and constraints on sensor nodes must be taken into consideration for the implementation of lightweight cryptography. We listed essentially: energy, memory, computational speed and communications bandwidth. Because of the execution time, power consumption depends on the processing speed. Hence, the number of computations that determines the processing speed becomes the index of lightness.
With regard to security, lightweight encryption is the adopted method of the overall system security. This work is based on the fact that the proposed cryptosystem needs to be based on an algorithm that shows a sufficient security level in modern cryptography. In the context of lightweight algorithms, there have been many proposed optimised implementations that improve the algorithms performance [64].
The implementation of an encryption scheme in a wireless sensor depends on two determining factors: the memory size and the energy consumption. A wireless sensor with a RAM size of 8 KB and a ROM size of 116 KB is not able to do the following actions simultaneously:
  • store the TinyOS operating system,
  • store the encryption algorithm,
  • store the grayscale image to be encrypted and
  • run the algorithm in order to generate the encrypted image.
Therefore, the proposed solution consists of developing a lightweight algorithm and implementing it in an XM1000 wireless sensor. In the following part, we will show that the encryption algorithm is able to encrypt grayscale images of large sizes. The flowchart of the main algorithm is illustrated in Figure 9.
To implement the algorithm, we propose to encrypt the image by blocks of 16 bytes. We note that after running the code with larger blocks, the sensor gave us unstandard results and that is why we chose the 16 bytes. To encrypt the grayscale image, the main code is triggered via the Boot.booted() event. To get the ciphered image from the sensor, we divided it into blocks of 4 × 16 bytes and we sent each block apart. In our implementation, we used images of 50 × 64 bytes and a period of 5 × 10 2 s. In TinyOs, Timer.startPeriodic() is the command to set the period and Timer.fired() is the event to send ciphered blocks. Finally, all received blocks are concatenated into one ciphered image. The generated S-box, which is used in the modified AES, is illustrated in Table 2.

7. Experimental Results

7.1. The Setup

As mentioned earlier, we chose to implement the solution on the XM1000 sensor which consists of the MSP430 microcontroller and the CC2420 radio chip. The code was implemented under the TinyOs operating system. TinyOS is an embedded operating system written in the nesC [65].

7.2. Security Analysis and Experimental Results

7.2.1. Memory Consumption and Execution Times

Our algorithm was implemented under a physical sensor (XM1000 sensor), not a simulation, wich gave us real results. 50 × 64 is the size of the image we ciphered and the execution time of the algorithm is 230,399 milliseconds. The ROM consumption is 13,624 KB and the RAM consumption is 7826 KB.

7.2.2. Information Entropy

Information entropy is an important feature of randomness and it is an indicator of the pixel values distribution. The equation to calculate it is illustrated in Equation (12):
H ( m ) = i = 0 2 n 1 p ( m i ) l o g 2 1 p ( m i ) .
m: information source, p ( m ) : probability of m where p ( m ) represents the probability of symbol m.
Table 10 shows the information entropy of the encrypted images.
The information entropy of the encrypted images is better than the information entropy of the encrypted ones. Therefore, the efficiency and security of the proposed cryptosystem are validated. We notice that all values of entropy are very close to 8 (Table 10). Therefore the probability of accidental information disclosure is minor.

7.2.3. The Histogram Analysis

The histogram of an image measures the distribution of gray levels in the image [66,67]. Therefore, histograms have been plotted in order to evaluate the uniformity of the encrypted images [68]. Table 11 shows that the histograms of the encrypted images are uniform unlike those of the plain images. Therefore the attacker cannot extract information from the encrypted image because the encryption algorithm damaged the original images’ features.

7.2.4. Correlation Coefficient Analysis

To measure the correlation between two adjacent pixels, horizontally, vertically and diagonally, developers of image encryption algorithms analysed correlation coefficients. The correlation coefficients of two adjacent pixels are calculated according to the following formula [69,70]:
r x y = c o v ( x , y ) D ( x ) D ( y ) ,
c o v ( x , y ) = 1 N i = 1 N ( x i E ( x ) ) ( y i E ( y ) ) ,
E ( x ) = 1 N i = 1 N x i ,
D ( x ) = 1 N i = 1 N ( x i E ( x ) ) 2 .
where x and y are gray level values of two adjacent pixels. N is the total number of the selected pixels, E ( x ) is the mean values of x i and E ( y ) is the mean values of y i . Correlation coefficients are given in Table 12. We can conclude, from the analysis of Table 12, that the proposed algorithm can resist against statistical attacks. We note that the image correlation values of the encrypted image are very close to zero. Table 13 illustrates the distribution of two adjacent pixels.

8. Conclusions

In this paper, a lightweight encryption algorithm based on the standard AES was proposed. The first step was generating a cryptographically strong S-box based on chaotic Boolean functions. The Hilbert curve scan pattern and the Lorenz system were used in order to realize the permutation and diffusion phases. Cryptographic properties of the chaotic S-box and NIST tests validates its strength. The algorithm was developed to be implemented in highly constrained IoT devices. In order to show the effectiveness of the scheme, it was implemented to encrypt a grayscale image by using an XM1000 sensor. Experimental results showed that the algorithm is light enough to satisfy many criteria like memory consumption, execution time and information entropy.

Author Contributions

Supervision and funding acquisition, B.M.A.; writing—original draft and writing—review and editing, R.G.; methodology, T.G.; resources and validation, H.A. and A.A. All authors have read and agreed to the published version of the manuscript.


This research was funded by the Deanship of the Scientific Research of the University of Ha’il, Saudi Arabia (project: RG-20091).

Conflicts of Interest

The authors declare no conflict of interest.


  1. Lee, J.; Kapitanova, K.; Son, S.H. The price of security in wireless sensor networks. Comput. Netw. 2010, 54, 2967–2978. [Google Scholar] [CrossRef]
  2. Fernandez-Anez, V. Stakeholders approach to smart cities: A survey on smart city definitions. In International Conference on Smart Cities; Springer: Berlin/Heidelberg, Germany, 2016; pp. 157–167. [Google Scholar]
  3. Martínez-Ballesté, A.; Pérez-Martínez, P.A.; Solanas, A. The pursuit of citizens’ privacy: A privacy-aware smart city is possible. IEEE Commun. Mag. 2013, 51, 136–141. [Google Scholar] [CrossRef]
  4. Abomhara, M.; Køien, G.M. Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mobil. 2015, 4, 65–88. [Google Scholar] [CrossRef]
  5. McKay, K.; Bassham, L.; Sönmez Turan, M.; Mouha, N. Report on Lightweight Cryptography; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2016. [Google Scholar] [CrossRef]
  6. Bogdanov, A.; Knudsen, L.R.; Leander, G.; Paar, C.; Poschmann, A.; Robshaw, M.J.; Seurin, Y.; Vikkelsoe, C. PRESENT: An ultra-lightweight block cipher. In International Workshop on Cryptographic Hardware and Embedded Systems; Springer: Berlin/Heidelberg, Germany, 2007; pp. 450–466. [Google Scholar]
  7. Pieprzyk, J. Topics in Cryptology-CT-RSA 2010: The 10th Cryptographers’ Track at the RSA Conference 2010, San Francisco, CA, USA, March 1–5, 2010. Proceedings; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2010; Volume 5985. [Google Scholar]
  8. Blondeau, C.; Nyberg, K. Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 2014; pp. 165–182. [Google Scholar]
  9. Shirai, T.; Shibutani, K.; Akishita, T.; Moriai, S.; Iwata, T. The 128-bit blockcipher CLEFIA. In International Workshop on Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 2007; pp. 181–195. [Google Scholar]
  10. Tsunoo, Y.; Tsujihara, E.; Shigeri, M.; Saito, T.; Suzaki, T.; Kubo, H. Impossible differential cryptanalysis of CLEFIA. In International Workshop on Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 2008; pp. 398–411. [Google Scholar]
  11. Guo, J.; Peyrin, T.; Poschmann, A.; Robshaw, M. The LED block cipher. In International Workshop on Cryptographic Hardware and Embedded Systems; Springer: Berlin/Heidelberg, Germany, 2011; pp. 326–341. [Google Scholar]
  12. Dinur, I.; Dunkelman, O.; Keller, N.; Shamir, A. Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full AES 2. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2013; pp. 337–356. [Google Scholar]
  13. Shibutani, K.; Isobe, T.; Hiwatari, H.; Mitsuda, A.; Akishita, T.; Shirai, T. Piccolo: An ultra-lightweight blockcipher. In International Workshop on Cryptographic Hardware and Embedded Systems; Springer: Berlin/Heidelberg, Germany, 2011; pp. 342–357. [Google Scholar]
  14. Minier, M. On the security of Piccolo lightweight block cipher against related-key impossible differentials. In International Conference on Cryptology in India; Springer: Berlin/Heidelberg, Germany, 2013; pp. 308–318. [Google Scholar]
  15. Borghoff, J.; Canteaut, A.; Güneysu, T.; Kavun, E.B.; Knezevic, M.; Knudsen, L.R.; Leander, G.; Nikov, V.; Paar, C.; Rechberger, C.; et al. PRINCE–a low-latency block cipher for pervasive computing applications. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2012; pp. 208–225. [Google Scholar]
  16. Banik, S.; Bogdanov, A.; Isobe, T.; Shibutani, K.; Hiwatari, H.; Akishita, T.; Regazzoni, F. Midori: A block cipher for low energy. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2015; pp. 411–436. [Google Scholar]
  17. Guo, J.; Jean, J.; Nikolic, I.; Qiao, K.; Sasaki, Y.; Sim, S.M. Invariant Subspace Attack Against Full Midori64. IACR Cryptol. EPrint Arch. 2015, 2015, 1189. [Google Scholar]
  18. Lin, L.; Wu, W. Meet-in-the-middle attacks on reduced-round Midori64. IACR Trans. Symmetric Cryptol. 2017, 215–239. [Google Scholar] [CrossRef]
  19. Kim, S.; Verbauwhede, I. AES Implementation on 8-bit Microcontroller; Department of Electrical Engineering, University of California: Los Angeles, CA, USA, 2002. [Google Scholar]
  20. Law, Y.W.; Doumen, J.; Hartel, P. Survey and benchmark of block ciphers for wireless sensor networks. ACM Trans. Sens. Netw. (TOSN) 2006, 2, 65–93. [Google Scholar] [CrossRef]
  21. Vitaletti, A.; Palombizio, G. Rijndael for sensor networks: Is speed the main issue? Electron. Notes Theor. Comput. Sci. 2007, 171, 71–81. [Google Scholar] [CrossRef][Green Version]
  22. Duh, D.R.; Lin, T.C.; Tung, C.H.; Chan, S.J. An implementation of AES algorithm with the multiple spaces random key pre-distribution scheme on MOTE-KIT 5040. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), Taichung, Taiwan, 5–7 June 2006; Volume 2, pp. 64–71. [Google Scholar]
  23. Khambre, P.; Sambhare, S.; Chavan, P. Secure data in wireless sensor network via AES (Advanced encryption standard). IJCSIT 2012, 3, 3588–3592. [Google Scholar]
  24. Hussain, I.; Shah, T.; Gondal, M.A. Image encryption algorithm based on PGL (2, GF (2 8)) S-boxes and TD-ERCS chaotic sequence. Nonlinear Dyn. 2012, 70, 181–187. [Google Scholar] [CrossRef]
  25. Wang, X.; Teng, L. An image blocks encryption algorithm based on spatiotemporal chaos. Nonlinear Dyn. 2012, 67, 365–371. [Google Scholar] [CrossRef]
  26. Ye, G.; Wong, K.W. An image encryption scheme based on time-delay and hyperchaotic system. Nonlinear Dyn. 2013, 71, 259–267. [Google Scholar] [CrossRef]
  27. Zhang, X.; Zhao, Z. Chaos-based image encryption with total shuffling and bidirectional diffusion. Nonlinear Dyn. 2014, 75, 319–330. [Google Scholar] [CrossRef]
  28. Wang, X.; Wang, Q. A novel image encryption algorithm based on dynamic S-boxes constructed by chaos. Nonlinear Dyn. 2014, 75, 567–576. [Google Scholar] [CrossRef]
  29. Lambić, D. A new discrete-space chaotic map based on the multiplication of integer numbers and its application in S-box design. Nonlinear Dyn. 2020, 100, 699–711. [Google Scholar] [CrossRef]
  30. Farah, M.B.; Farah, A.; Farah, T. An image encryption scheme based on a new hybrid chaotic map and optimized substitution box. Nonlinear Dyn. 2019, 99, 3041–3064. [Google Scholar] [CrossRef]
  31. Ye, T.; Zhimao, L. Chaotic S-box: Six-dimensional fractional Lorenz–Duffing chaotic system and O-shaped path scrambling. Nonlinear Dyn. 2018, 94, 2115–2126. [Google Scholar] [CrossRef]
  32. Aboytes-González, J.; Murguía, J.; Mejía-Carlos, M.; González-Aguilar, H.; Ramírez-Torres, M. Design of a strong S-box based on a matrix approach. Nonlinear Dyn. 2018, 94, 2003–2012. [Google Scholar] [CrossRef]
  33. Crossbow, T. Telosb Data Sheet. 2010. Available online: (accessed on 12 January 2021).
  34. IEEE Computer Society LAN/MAN Standards Committee. IEEE Standard for Information Technology Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks Specific Requirements. Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (LR-WPANs). 2006. Available online: (accessed on 12 January 2021).
  35. Garcia-Morchon, O.; Kumar, S.; Keoh, S.; Hummen, R.; Struik, R. Security Considerations in the IP-based Internet of Things draft-garciacore-security-06. Internet Eng. Task Force 2013. Available online: (accessed on 12 January 2021).
  36. Evans, D. The internet of things: How the next evolution of the internet is changing everything. CISCO White Pap. 2011, 1, 1–11. [Google Scholar]
  37. Clearfield, C. Why the FTC Can’t Regulate the Internet Of Things. Forbes Magazine, 18 September 2013. Available online: (accessed on 12 January 2021).
  38. Banafa, A. IoT and Blockchain Convergence: Benefits and Challenges. IEEE Internet Things Newsl. 2017. Available online: (accessed on 12 January 2021).
  39. Jamal, S.S.; Anees, A.; Ahmad, M.; Khan, M.F.; Hussain, I. Construction of cryptographic S-Boxes based on mobius transformation and chaotic tent-sine system. IEEE Access 2019, 7, 173273–173285. [Google Scholar] [CrossRef]
  40. Wang, Q.; Nie, C.; Xu, Y. Constructing Boolean Functions Using Blended Representations. IEEE Access 2019, 7, 107025–107031. [Google Scholar] [CrossRef]
  41. Bassham, L.; Rukhin, A.; Soto, J.; Nechvatal, J.; Smid, M.; Barker, E.; Leigh, S.; Levenson, M.; Vangel, M.; Banks, D.; et al. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2010. [Google Scholar] [CrossRef]
  42. Zhang, G.; Ding, W.; Li, L. Image encryption algorithm based on tent delay-sine cascade with logistic map. Symmetry 2020, 12, 355. [Google Scholar] [CrossRef][Green Version]
  43. Guesmi, R.; Farah, M.A.B.; Kachouri, A.; Samet, M. A novel chaos-based image encryption using DNA sequence operation and Secure Hash Algorithm SHA-2. Nonlinear Dyn. 2016, 83, 1123–1136. [Google Scholar] [CrossRef]
  44. Guesmi, R.; Farah, M.A.B.; Kachouri, A.; Samet, M. Hash key-based image encryption using crossover operator and chaos. Multimed. Tools Appl. 2016, 75, 4753–4769. [Google Scholar] [CrossRef]
  45. Li, T.; Du, B.; Liang, X. Image Encryption Algorithm Based on Logistic and Two-Dimensional Lorenz. IEEE Access 2020, 8, 13792–13805. [Google Scholar] [CrossRef]
  46. Hamza, R.; Muhammad, K.; Arunkumar, N.; Ramírez-González, G. Hash based encryption for keyframes of diagnostic hysteroscopy. IEEE Access 2017, 6, 60160–60170. [Google Scholar] [CrossRef]
  47. Zhou, S.; He, P.; Kasabov, N. A Dynamic DNA Color Image Encryption Method Based on SHA-512. Entropy 2020, 22, 1091. [Google Scholar] [CrossRef]
  48. Peano, G. Sur une courbe, qui remplit toute une aire plane. Math. Ann. 1890, 36, 157–160. [Google Scholar] [CrossRef]
  49. Hilbert, D. Über die stetige Abbildung einer Linie auf ein Flächenstück. In Dritter Band: Analysis· Grundlagen der Mathematik· Physik Verschiedenes; Springer: Berlin/Heidelberg, Germany, 1935; pp. 1–2. [Google Scholar]
  50. Maniccam, S.S.; Bourbakis, N.G. Image and video encryption using SCAN patterns. Pattern Recognit. 2004, 37, 725–737. [Google Scholar] [CrossRef]
  51. Suresh, V.; Madhavan, V.C. Image encryption with space-filling curves. Def. Sci. J. 2012, 62, 46–50. [Google Scholar] [CrossRef][Green Version]
  52. Sivakumar, T.; Venkatesan, R. Image encryption based on pixel shuffling and random key stream. Int. J. Comput. Inf. Technol. 2014, 3, 1468–1476. [Google Scholar]
  53. Shahna, K.; Mohamed, A. A novel image encryption scheme using both pixel level and bit level permutation with chaotic map. Appl. Soft Comput. 2020, 90, 106162. [Google Scholar]
  54. Lambić, D. A novel method of S-box design based on chaotic map and composition method. Chaos Solitons Fractals 2014, 58, 16–21. [Google Scholar] [CrossRef]
  55. Guesmi, R.; Farah, M.A.B.; Kachouri, A.; Samet, M. Chaos-based designing of a highly nonlinear S-box using Boolean functions. In Proceedings of the 2015 IEEE 12th International Multi-Conference on Systems, Signals & Devices (SSD15), Mahdia, Tunisia, 16–19 March 2015; pp. 1–5. [Google Scholar]
  56. Guesmi, R.; Farah, M.A.B.; Kachouri, A.; Samet, M. A novel design of Chaos based S-Boxes using genetic algorithm techniques. In Proceedings of the 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA), Doha, Qatar, 10–13 November 2014; IEEE Computer Society: Piscataway Township, NJ, USA, 2014; pp. 678–684. [Google Scholar]
  57. Lambić, D. A novel method of S-box design based on discrete chaotic map. Nonlinear Dyn. 2017, 87, 2407–2413. [Google Scholar] [CrossRef]
  58. Lambić, D. S-box design method based on improved one-dimensional discrete chaotic map. J. Inf. Telecommun. 2018, 2, 181–191. [Google Scholar] [CrossRef]
  59. Çavuşoğlu, Ü.; Zengin, A.; Pehlivan, I.; Kaçar, S. A novel approach for strong S-Box generation algorithm design based on chaotic scaled Zhongtang system. Nonlinear Dyn. 2017, 87, 1081–1094. [Google Scholar] [CrossRef]
  60. Tang, G.; Liao, X.; Chen, Y. A novel method for designing S-boxes based on chaotic maps. Chaos Solitons Fractals 2005, 23, 413–419. [Google Scholar] [CrossRef]
  61. Asim, M.; Jeoti, V. Efficient and Simple Method for Designing Chaotic S-Boxes. ETRI J. 2008, 30, 170–172. [Google Scholar] [CrossRef]
  62. Özkaynak, F.; Özer, A.B. A method for designing strong S-Boxes based on chaotic Lorenz system. Phys. Lett. A 2010, 374, 3733–3738. [Google Scholar] [CrossRef]
  63. Jakimoski, G.; Kocarev, L. Chaos and cryptography: Block encryption ciphers based on chaotic maps. IEEE Trans. Circuits Syst. I Fundam. Theory Appl. 2001, 48, 163–169. [Google Scholar] [CrossRef]
  64. Zhang, F.; Dojen, R.; Coffey, T. Comparative performance and energy consumption analysis of different AES implementations on a wireless sensor network node. Int. J. Sens. Netw. 2011, 10, 192–201. [Google Scholar] [CrossRef]
  65. Levis, P.; Madden, S.; Polastre, J.; Szewczyk, R.; Whitehouse, K.; Woo, A.; Gay, D.; Hill, J.; Welsh, M.; Brewer, E.; et al. TinyOS: An operating system for sensor networks. In Ambient intelligence; Springer: Berlin/Heidelberg, Germany, 2005; pp. 115–148. [Google Scholar]
  66. Yasser, I.; Mohamed, M.A.; Samra, A.S.; Khalifa, F. A Chaotic-Based Encryption/Decryption Framework for Secure Multimedia Communications. Entropy 2020, 22, 1253. [Google Scholar] [CrossRef]
  67. Zhu, S.; Zhu, C. Secure Image Encryption Algorithm Based on Hyperchaos and Dynamic DNA Coding. Entropy 2020, 22, 772. [Google Scholar] [CrossRef] [PubMed]
  68. Li, Z.; Peng, C.; Tan, W.; Li, L. A Novel Chaos-Based Color Image Encryption Scheme Using Bit-Level Permutation. Symmetry 2020, 12, 1497. [Google Scholar] [CrossRef]
  69. Wang, B.; Xie, Y.; Zhou, S.; Zheng, X.; Zhou, C. Correcting errors in image encryption based on DNA coding. Molecules 2018, 23, 1878. [Google Scholar] [CrossRef][Green Version]
  70. Yasser, I.; Khalifa, F.; Mohamed, M.A.; Samrah, A.S. A new image encryption scheme based on hybrid chaotic maps. Complexity 2020, 2020, 9597619. [Google Scholar] [CrossRef]
Figure 1. IOT Architecture.
Figure 1. IOT Architecture.
Symmetry 13 00129 g001
Figure 2. The Lorenz attractor.
Figure 2. The Lorenz attractor.
Symmetry 13 00129 g002
Figure 3. The lyapunov exponents.
Figure 3. The lyapunov exponents.
Symmetry 13 00129 g003
Figure 4. Hilbert Curve.
Figure 4. Hilbert Curve.
Symmetry 13 00129 g004
Figure 5. Hilbert Curve values.
Figure 5. Hilbert Curve values.
Symmetry 13 00129 g005
Figure 6. Flowchart of the initial S-box.
Figure 6. Flowchart of the initial S-box.
Symmetry 13 00129 g006
Figure 7. Flowchart of the improvement algorithm.
Figure 7. Flowchart of the improvement algorithm.
Symmetry 13 00129 g007
Figure 8. The nonlinearity evolution.
Figure 8. The nonlinearity evolution.
Symmetry 13 00129 g008
Figure 9. The flowchart of the main algorithm.
Figure 9. The flowchart of the main algorithm.
Symmetry 13 00129 g009
Table 1. The generated initial S-Box.
Table 1. The generated initial S-Box.
Table 2. The  S-Box.
Table 2. The  S-Box.
Table 3. The inverse S-Box.
Table 3. The inverse S-Box.
Table 4. Nonlinearity and SAC.
Table 4. Nonlinearity and SAC.
S-Box12345678Avg. NonlinearityAvg. SAC
Table 5. Comparison of the nonlinearity of chaotic S-box with others.
Table 5. Comparison of the nonlinearity of chaotic S-box with others.
AES S-box112112112112112112112112112
APA S-box112112112112112112112112112
Gray S-box112112112112112112112112112
Our S-box108108106108106106108106107
Xyi S-box106104104106104106104106105
Residue Prime94100104104102100989499.5
Table 6. The dependence matrix.
Table 6. The dependence matrix.
Table 7. Comparison of the values of the dependence matrix of chaotic S-box with others.
Table 7. Comparison of the values of the dependence matrix of chaotic S-box with others.
S-BoxMinimum ValueMaximum ValueAverage Value
AES S-box0.4800.5280.504
APA S-box0.4720.5260.499
Gray S-box0.4780.5260.502
Our S-box0.43750.56250.4932
Xyi S-box0.4700.5360.503
Residue Prime S-box0.470-0.502
Table 8. BIC -Nonlinearity criterion.
Table 8. BIC -Nonlinearity criterion.
Table 9. Randomness test of the S-box.
Table 9. Randomness test of the S-box.
Statistic Testsp-Value for Cipher-Images
Frequency (Monobits) test0.99258
Frequency test within a block0.543019
Runs test0.859684
Test for the longest run of ones in a block0.99889
Binary matrix rank test0.481248
Discrete Fourier transform (Spectral) test0.167931
Non-overlapping template matching testSuccess
Overlapping template matching test0.886589
Maurer’s “universal statistical” test0.895623
Linear complexity test0.919679
Serial test (1)0.773031
Serial test (2)0.079182
Approximate entropy test0.0920
Cumulative sums0.675322
Random excursions testSuccess
Random excursions variant testSuccess
Table 10. Entropy values.
Table 10. Entropy values.
ImagesPlain ImageCiphered Image
Table 11. Histograms of the plain/encrypted images.
Table 11. Histograms of the plain/encrypted images.
Plain ImagesHistogramsCiphered ImagesHistograms
Symmetry 13 00129 i001 Symmetry 13 00129 i002 Symmetry 13 00129 i003 Symmetry 13 00129 i004
Symmetry 13 00129 i005 Symmetry 13 00129 i006 Symmetry 13 00129 i007 Symmetry 13 00129 i008
Symmetry 13 00129 i009 Symmetry 13 00129 i010 Symmetry 13 00129 i011 Symmetry 13 00129 i012
Symmetry 13 00129 i013 Symmetry 13 00129 i014 Symmetry 13 00129 i015 Symmetry 13 00129 i016
Symmetry 13 00129 i017 Symmetry 13 00129 i018 Symmetry 13 00129 i019 Symmetry 13 00129 i020
Symmetry 13 00129 i021 Symmetry 13 00129 i022 Symmetry 13 00129 i023 Symmetry 13 00129 i024
Symmetry 13 00129 i025 Symmetry 13 00129 i026 Symmetry 13 00129 i027 Symmetry 13 00129 i028
Table 12. Correlation coefficients of two adjacent pixels in the plain/encrypted image.
Table 12. Correlation coefficients of two adjacent pixels in the plain/encrypted image.
Table 13. Distribution of two adjacent pixels in the plain/encrypted images.
Table 13. Distribution of two adjacent pixels in the plain/encrypted images.
Symmetry 13 00129 i029 Symmetry 13 00129 i030 Symmetry 13 00129 i031 Symmetry 13 00129 i032
Symmetry 13 00129 i033 Symmetry 13 00129 i034 Symmetry 13 00129 i035 Symmetry 13 00129 i036
Symmetry 13 00129 i037 Symmetry 13 00129 i038 Symmetry 13 00129 i039 Symmetry 13 00129 i040
Symmetry 13 00129 i041 Symmetry 13 00129 i042 Symmetry 13 00129 i043 Symmetry 13 00129 i044
Symmetry 13 00129 i045 Symmetry 13 00129 i046 Symmetry 13 00129 i047 Symmetry 13 00129 i048
Symmetry 13 00129 i049 Symmetry 13 00129 i050 Symmetry 13 00129 i051 Symmetry 13 00129 i052
Symmetry 13 00129 i053 Symmetry 13 00129 i054 Symmetry 13 00129 i055 Symmetry 13 00129 i056
Symmetry 13 00129 i057 Symmetry 13 00129 i058 Symmetry 13 00129 i059 Symmetry 13 00129 i060
Symmetry 13 00129 i061 Symmetry 13 00129 i062 Symmetry 13 00129 i063 Symmetry 13 00129 i064
Symmetry 13 00129 i065 Symmetry 13 00129 i066 Symmetry 13 00129 i067 Symmetry 13 00129 i068
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Alshammari, B.M.; Guesmi, R.; Guesmi, T.; Alsaif, H.; Alzamil, A. Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box. Symmetry 2021, 13, 129.

AMA Style

Alshammari BM, Guesmi R, Guesmi T, Alsaif H, Alzamil A. Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box. Symmetry. 2021; 13(1):129.

Chicago/Turabian Style

Alshammari, Badr M., Ramzi Guesmi, Tawfik Guesmi, Haitham Alsaif, and Ahmed Alzamil. 2021. "Implementing a Symmetric Lightweight Cryptosystem in Highly Constrained IoT Devices by Using a Chaotic S-Box" Symmetry 13, no. 1: 129.

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop