ITICT108A Pros and Cons of Lightweight Cryptography Assessment Answer
Cryptography is used to encrypt data while sending or receiving it. The lightweight cryptography is also a method of encryption that is used for smaller footprints with lesser computing complexity. It is mainly use to expand the application of cryptography to better secure communication between devices by following international guidelines and standards. Its main goal to enhance the security in newer applications such as wireless monitoring system in clinics, ITS (intelligent transport system), vehicle security or smart meters etc. The lightweight cryptography is developed to use lesser computing power, minimum memory utilization and minimum power consumption. This cryptography technique is used to provide security to the devices which have limited access of resources. This is the main reason that it more usable, faster and simpler than conventional cryptography.
Due to the less power consumption feature, it is mostly used in RFID devices where no power source is available and with the IoT devices. The lightweight cryptography provides them a fundamental security and help a successful and secure implementation. This cryptography method delivers a balanced performance against gates equivalent (GE) and draining power and the method require low RAM and ROM. Recently, a symmetric lightweight cryptography is developed for IoT devices that has advanced hashes, MAC, ciphers. The previously used asymmetric cryptography is used for IoT devices that has number theoretic tools, codes and lattices. This cryptography also has several attacks includes that mainly targeted to its key size, tag or block.
Advantages and disadvantages
The lightweight cryptography is specifically developed to meet so many special security requirements but this approach also has several drawbacks besides so many benefits. Its main advantage is, its used of very low resources, less consumption of power. This make lightweight cryptography faster while operation and compatible to the environment where it is being used. This technique makes the lightweight cryptography more inexpensive to be use in so many technologies. This cipher is developed to handle lesser amount of information with minimum bandwidth. So, it is primarily being used to implement with hardware. Owing to these restrictions it is very difficult to optimize the previous algorithm in response with the lightweight cipher. Just because they lost so much resistance by limiting the computing resources. This highly delayed the procedure of the development of this algorithm. Lightweight cryptography uses an encryption standard, ISO / IEC 29192, but this is not so secure enough and several successful attacks can be carried out on this cryptography algorithm. All the above discussed things are making the use of this lightweight cipher, practically so challenging and highly expert practice.
This cryptography technique translates the plain text message in to an encrypted cipher text message and that can only be decrypted by the designated receiver of that message. Both receiver and sender share a secret key to encrypt a decrypt a message. Mainly two key methods are used public key and private key. In the conventional cryptography method, it is very hard to derive the original message from the encrypted text message that called cipher text, without using specific decryption key. So many techniques are used by the conventional cryptography to encrypt a message and produce a cipher text, such as substitution, translation, block translation, transposition and stenography. As a very simple method of decrypting a message, it replaces the plain text with symbols, rearranging the text, hiding etc. Some implementation uses more than one technique for increasing security. There are basically two main approaches are used to make the conventional cryptography more secure. First, the used algorithm for encryption is very strong. So that if the opponent knows some part of the cipher message, he is unable to decrypt the whole text. Second, both sender and receiver of the message securely share their keys and keep it safe at themselves. Because if somebody knows the secret keys and the used algorithm, he can read all the secret information shared between the hosts.
Advantages and disadvantages
Cryptography is a technique to share confidential information in a secure way between users, computers or other communication channels. There are so many forms of attack that can be used to steal our information. Conventional cryptography provides us a rigid set of tools that ensure the specific user will receive the data without any intervention. A cryptography technique provides four main types of benefits. It provides confidentiality of message by securing the information sharing between users. Several authentication techniques are also used by conventional cryptography such as digital signature or MAC to secure the message from spoofing attacks. Integrity of data is provided by using hash functions with non-repudiation of message. These are some basic advantages delivered by the conventional cryptography. Besides this, this cryptography approach has several drawbacks also. A strong encrypted, digitally signed and authentic message sometimes very hard to be read by the receiver and also takes time in decrypting. High availability of message is not ensured by this cryptography technique. The fundamental chosen access control of information is also can not be deliver through this cryptography. As it did not guard the information or data against vulnerabilities or threats that can attack on our network or system due to unsecure design. Cryptography consume time and somehow costlier, when using with a set of information. Security of the cryptography is depending up on the difficulty of the algorithm used and the computing power of our system. Any problem in resolving such algorithm with insufficient computing power can make the whole system vulnerable to theft of information or any possible attack.
Conventional cryptography methods are used in so many encryption methods from so long time. Today it is used in so many technologies to make it more secure with the addition of encryption to them. AES, SHA and so other algorithms are working together in a computer system and require high processing power to encrypt or decrypt a message. While these encryption techniques are not compatible to be used with IoT like devices because of their high resource uses and much space requirements. The lightweight cryptography techniques are revolving now these days and used in a variety of mobile devices which has limited resource. Both international (IEC or ISO) and national (NIST) identified a lot of methods that could be used with lightweight cryptography and very beneficial while using with RFID or IoT devices. So, both category of cryptography can be identified as –
Lightweight cryptography – used with RFID, sensing network or embedded system
Conventional cryptography – used with computers, servers, smart phones and tablets
In embedded systems, we preferably use 8 bit to 32 bit micro controllers that are facing so many issues with conventional cryptography. While sensing network like RFID devices has restricted number of gates present for security and these are extremely controlled with power exhausted on the devices. That why AES is cannot be used in so many embedded devices. The lightweight cryptography always uses smaller block size from 64 bits to 80 bits large, smaller key size of lesser then 90 bits and simple rounds with less complexities for example; S-box just having 4 bits round. Using limited resources create the chance of so many weaknesses and side channel attacks. As compare to the AES which uses 128 bits encryption key, can be cracked within 30 minutes. So, we can identify that the vulnerabilities are enhanced with lightweight cryptography technology. There is always a compromise between the used cryptography method and the overall security of the architecture. Although the lightweight cryptography method provides balanced performance compared to draining power and gates equivalent, as compared to the common cryptography methods like SHA or AES 256. In IoT technology, many interconnected resources consuming devices are not designed to carried out exclusive conventional cryptography computing that make it harder to implement adequate cryptography jobs. Using lightweight cryptography with IoT devices is becoming thoughtful concern while using more resource consuming devices in to IoT security while they are insufficient of carrying enough load of cryptographic algorithms. As a conclusion, we can say that lightweight cryptography is developed to be used with mobile devices such as RFID or IoT to add a little amount of encryption using some algorithms. While the conventional cryptography is traditionally used in so many applications and deliver a sufficient amount of encryption security to it. Both technologies are different from each other in terms of security level and their uses. There is no doubt that conventional cryptography is far better secure then lightweight cryptography, but it very hard be used with IoT or RFID devices.