The document discusses lightweight cryptography standards for Internet of Things (IoT) devices. It provides an overview of IoT applications and why lightweight cryptography is needed for resource-constrained IoT devices. It summarizes ISO/IEC 29192 standards that specify lightweight block ciphers, stream ciphers, and hash functions suitable for IoT, including PRESENT, SIMON, SPECK, Enocoro, Trivium, PHOTON, SPONGENT, and Lesamnta-LW. Lightweight cryptography algorithms are designed specifically for IoT devices to have small code and memory footprints while meeting security needs with lower computational and energy costs than general-purpose algorithms.

1. Light Weight
Cryptography for IOT

2. What is Internet of Things?
It’s basically collection of devices that are connected to the Internet and communicate with
other devices.
The term was coined by Kevin Ashton in 1999.
A Coke vending machine at Carnegie Mellon U. is considered as the first IoT device (1982).

3. IoT Applications
Smart Homes
Wearables
Retail
Smart Cities
Healthcare
Transportation
Industry

4. Why Lightweight Cryptography
Typical IoT devices are resource-constrained. They generally have
lower computational power,
smaller memory size,
lower power consumption,
smaller physical size,
lower price
than full-fledged devices such as PCs, laptops, or tablets. We need cryptography algorithms that
have small footprints and consume low power without sacrificing security.

5. ISO/IEC 29192
Is about standards on lightweight cryptography.
Lightweight cryptography is classified by a combination of the constraints on chip area, energy
consumption, program code and RAM size, communication bandwidth, and execution time.
Defines 80 bits security as the minimum security strength for lightweight cryptography.
Specifies a number of block ciphers, stream ciphers, and hash functions as standards.
Not yet completed. Work still in progress for standards on MAC.

6. Block Ciphers
Block ciphers specified by ISO/IEC 29192:
PRESENT: 64 bits block size and 80 or 128 bits key size
CLEFIA: 128 bits block size and 128, 192, and 256 bits key size
SIMON: 48 – 128 bits block size, 96 – 256 bits key size
SPECK: 48 – 128 bits block size, 96 – 256 bits key size

7. PRESENT Block Cipher
Designed for some very specific applications for which AES is unsuitable.
Designed to conform these characteristics:
To be implemented on hardware
For applications that only need moderate security level
For applications that unlikely to encrypt large amount of data
Where physical size, power consumption, and execution time are the primary concerns (after security).
For some applications it is possible that the key will be fixed at the time when the device is
manufactured.
For some applications the cipher will be used to perform encryption only.
Hardware implementation of PRESENT has much higher throughput and requires a half of gates
compared to the implementation of AES with similar key size.

8. SIMON and SPECK Block Ciphers
Flexible secure block ciphers, can perform well on any platform.
64-256 bits key size, bits block size
SIMON is more hardware oriented, SPECK is more software oriented.
Hardware implementation requires less gates than other algorithms.

9. Stream Ciphers
ISO/IEC 29192 specifies two stream ciphers:
Enocoro: 80 or 128 bits key size
Trivium: 80 bits key size
Both of them are hardware oriented.
The literatures do not really explain much about why these algorithms are considered
‘lightweight’ and do not compare them to other algorithms.

10. Hash Functions
ISO/IEC 29192 specifies three hash functions:
PHOTON: permutation size bits and output size bits
SPONGENT: permutation size bits and output size bits
Lesamnta-LW: permutation size 384 bits and outputs size 256 bits

11. SPONGENT Hash Function
Five different hash sizes: 88, 128, 160, 224, 256
Three types pre-image and second pre-image security level:
1) Full pre-image and second pre-image security level
2) Reduced second pre-image security level
3) Reduced pre-image and second pre-image security level

12. Lesamnta-LW Hash Function
Lightweight 256 bits hash function
Has collision, pre-image, and second pre-image security level of at least 2120.
Hardware implementation only requires 8240 gates.
Software implementation only requires 50 bytes of RAM and runs fast on short messages on 8-
bit CPUs.

13. Comparison
Cryptography algorithms designed for IoT are ‘lightweight’ because:
Designed specifically for constrained devices such as RFID tags and networked sensors (hardware
oriented).
Have several security levels that are sufficient to different types of applications.
Designed to process only small amount of data.
Existing popular cryptography algorithms are ‘heavy’ because:
Designed as general-purpose algorithms.
Generally software-oriented.
High security level.
Can process large amount of data.