Design Space Exploration for Ultra-Low Energy and Secure IoT MCUs

This article explores the design space of secure communication in ultra-low-energy IoT devices based on Micro-Controller Units (MCUs). It tries to identify, benchmark, and compare security-related design choices in a Commercial-Off-The-Shelf (COTS) embedded IoT system which contributes to the energy consumption. We conduct a study over a large group of software crypto algorithms: symmetric, stream, hash, AEAD, MAC, digital signature, and key exchange. A comprehensive report of the targeted optimization attributes (memory, performance, and specifically energy) will be presented from over 450 experiments and 170 different crypto source codes. The article also briefly explores a few system-related choices which can affect the energy consumption of secure communication, namely, architecture choice, communication bandwidth, signal strength, and processor frequency. In the end, the article gives an overview of the obtained results and the contribution of all. Finally, it shows, in a case study, how the results could be utilized to have a secure communication in an exemplary IoT device. This article gives IoT designers insight into ultra-low-energy security, helps them to choose appropriate cryptographic algorithms, reduce trial-and-error of alternatives, save effort, and hence cut the design costs.

[1]  Mihir Bellare,et al.  EAX: A Conventional Authenticated-Encryption Mode , 2003, IACR Cryptol. ePrint Arch..

[2]  Jiayu Li,et al.  A Multi-Source Energy Harvesting System to Power Microcontrollers for Cryptography , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[3]  Joseph H. Silverman,et al.  Polynomial Rings and Efficient Public Key Authentication II , 2001 .

[4]  Jason Smith,et al.  The Simon and Speck Block Ciphers on AVR 8-Bit Microcontrollers , 2014, LightSec.

[5]  François Arnault,et al.  A New Approach for FCSRs , 2009, Selected Areas in Cryptography.

[6]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[7]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[8]  Achiya Bar-On,et al.  A 2^70 Attack on the Full MISTY1 , 2016, CRYPTO.

[9]  Tadayoshi Kohno,et al.  CWC: A High-Performance Conventional Authenticated Encryption Mode , 2004, FSE.

[10]  Kris Gaj,et al.  Hardware Benchmarking of Cryptographic Algorithms Using High-Level Synthesis Tools: The SHA-3 Contest Case Study , 2015, ARC.

[11]  Goutam Paul,et al.  A Combinatorial Analysis of HC-128 , 2010, IACR Cryptol. ePrint Arch..

[12]  Marian Srebrny,et al.  A SAT-based preimage analysis of reduced Keccak hash functions , 2013, Inf. Process. Lett..

[13]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[14]  Florian Mendel,et al.  Rebound Attacks on the Reduced Grøstl Hash Function , 2010, CT-RSA.

[15]  Robin Ankele,et al.  Software Benchmarking of the 2nd round CAESAR Candidates , 2016, IACR Cryptol. ePrint Arch..

[16]  Xiaoli Yu,et al.  Reflection Cryptanalysis of PRINCE-Like Ciphers , 2013, Journal of Cryptology.

[17]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[18]  Xiaoli Yu,et al.  Biclique Cryptanalysis of Reduced-Round Piccolo Block Cipher , 2012, ISPEC.

[19]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[20]  Jens-Peter Kaps,et al.  Lightweight Cryptography for FPGAs , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[21]  Carles Gomez,et al.  Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology , 2012, Sensors.

[22]  Mehmet A. Orgun,et al.  Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review , 2017, IEEE Sensors Journal.

[23]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[24]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[25]  T. Suzaki,et al.  TWINE : A Lightweight , Versatile Block Cipher , 2011 .

[26]  Jason Smith,et al.  The SIMON and SPECK lightweight block ciphers , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[27]  Kevin Marquet,et al.  Survey and benchmark of lightweight block ciphers for wireless sensor networks , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[28]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[29]  Kunwar Singh,et al.  Cryptanalysis of Salsa and ChaCha: Revisited , 2017, MONAMI.

[30]  Sheila Frankel,et al.  IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap , 2011, RFC.

[31]  Alex Biryukov,et al.  Triathlon of lightweight block ciphers for the Internet of things , 2018, Journal of Cryptographic Engineering.

[32]  Dag Arne Osvik,et al.  A More Compact AES , 2009, Selected Areas in Cryptography.

[33]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[34]  Paulo S. L. M. Barreto,et al.  Survey and comparison of message authentication solutions on wireless sensor networks , 2013, Ad Hoc Networks.

[35]  Florian Mendel,et al.  Cryptanalysis of Ascon , 2015, CT-RSA.

[36]  Lei Hu,et al.  Related-Key Impossible Differential Analysis of Full Khudra , 2016, IWSEC.

[37]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[38]  François-Xavier Standaert,et al.  On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[39]  Serge Vaudenay,et al.  Improved Linear Cryptanalysis of Reduced-Round MIBS , 2014, IWSEC.

[40]  Charalampos Manifavas,et al.  ULCL - An Ultra-lightweight Cryptographic Library for Embedded Systems , 2018, PECCS.

[41]  Itai Dinur,et al.  Improved Differential Cryptanalysis of Round-Reduced Speck , 2014, IACR Cryptol. ePrint Arch..

[42]  Matt Henricksen,et al.  Bit-Pattern Based Integral Attack , 2008, FSE.

[43]  Tatu Ylönen,et al.  The Secure Shell (SSH) Protocol Architecture , 2006, RFC.

[44]  Yanjun Li,et al.  Improved Integral Attacks on Reduced-Round CLEFIA Block Cipher , 2011, WISA.

[45]  Xiaoyun Wang,et al.  Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques , 2015, FSE.

[46]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[47]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[48]  Anne Canteaut,et al.  Sieve-in-the-Middle: Improved MITM Attacks (Full Version) , 2013, IACR Cryptol. ePrint Arch..

[49]  Dong-Sun Kim,et al.  An On-Time Power-Aware Scheduling Scheme for Medical Sensor SoC-Based WBAN Systems , 2013, Sensors.

[50]  Kris Gaj,et al.  Comparison of hardware and software implementations of selected lightweight block ciphers , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[51]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[52]  David Bol,et al.  Towards Green Cryptography: A Comparison of Lightweight Ciphers from the Energy Viewpoint , 2012, CHES.

[53]  Leibo Li,et al.  New Impossible Differential Attacks on Camellia , 2012, ISPEC.

[54]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[55]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[56]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[57]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[58]  Stefan Lucks,et al.  General classification of the authenticated encryption schemes for the CAESAR competition , 2016, Comput. Sci. Rev..

[59]  Paulo S. L. M. Barreto,et al.  Comparison of Authenticated-Encryption schemes in Wireless Sensor Networks , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[60]  Dan Boneh,et al.  Fast Variants of RSA , 2007 .

[61]  Andrey Bogdanov,et al.  White-Box Cryptography Revisited: Space-Hard Ciphers , 2015, CCS.

[62]  Markus Feilner,et al.  OpenVPN: Building and Integrating Virtual Private Networks: Learn how to build secure VPNs using this powerful Open Source application , 2006 .

[63]  Vincent Rijmen,et al.  Collision Attack on 5 Rounds of Grøstl , 2014, FSE.

[64]  Bart Preneel CBC-MAC and Variants , 2005, Encyclopedia of Cryptography and Security.

[65]  Debdeep Mukhopadhyay,et al.  Khudra: A New Lightweight Block Cipher for FPGAs , 2014, SPACE.

[66]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC — Addendum , 2003 .

[67]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[68]  Adi Shamir,et al.  Improved Attacks on Full GOST , 2012, IACR Cryptol. ePrint Arch..

[69]  Daesung Kwon,et al.  LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors , 2013, WISA.

[70]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[71]  Serge Vaudenay,et al.  Cryptanalysis of Reduced-Round MIBS Block Cipher , 2010, CANS.

[72]  T. Good,et al.  Hardware results for selected stream cipher candidates , 2007 .

[73]  Yonglin Hao,et al.  The Boomerang Attacks on BLAKE and BLAKE2 , 2014, Inscrypt.

[74]  Abd-Elhamid M. Taha,et al.  Benchmarking message authentication code functions for mobile computing , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[75]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[76]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[77]  Florian Mendel,et al.  Differential Cryptanalysis of SipHash , 2014, Selected Areas in Cryptography.

[78]  Bo Zhu,et al.  Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64 , 2014, Cryptography and Communications.

[79]  Lin Ding,et al.  Cryptanalysis of MICKEY family of stream ciphers , 2013, Secur. Commun. Networks.

[80]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[81]  Dongdai Lin,et al.  RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms , 2015, Science China Information Sciences.

[82]  Daesung Kwon,et al.  Related-Key Attack on the Full HIGHT , 2010, ICISC.

[83]  Kaisa Nyberg,et al.  Zero-correlation linear cryptanalysis of reduced-round LBlock , 2012, Des. Codes Cryptogr..

[84]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[85]  Andrey Bogdanov,et al.  Exploring Energy Efficiency of Lightweight Block Ciphers , 2015, IACR Cryptol. ePrint Arch..

[86]  Charalampos Manifavas,et al.  Lightweight Cryptography for Embedded Systems - A Comparative Analysis , 2013, DPM/SETOP.

[87]  Charanjit S. Jutla Parallelizable Encryption Mode with Almost Free Message Integrity , 2001 .

[88]  Marine Minier,et al.  Survey and Benchmark of Stream Ciphers for Wireless Sensor Networks , 2007, WISTP.

[89]  Daesung Kwon,et al.  Biclique Attack on the Full HIGHT , 2011, ICISC.

[90]  Hadi Soleimany Self-similarity cryptanalysis of the block cipher ITUbee , 2015, IET Inf. Secur..

[91]  Dawu Gu,et al.  Impossible Differential Attacks on Reduced-Round LBlock , 2012, ISPEC.

[92]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[93]  Joo Yeon Cho,et al.  Improved Linear Cryptanalysis of SOSEMANUK , 2009, ICISC.

[94]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[95]  Qianqian Yang,et al.  Automatic Differential Analysis of ARX Block Ciphers with Application to SPECK and LEA , 2016, IACR Cryptol. ePrint Arch..

[96]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[97]  Marine Minier,et al.  A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock , 2012, Inf. Process. Lett..

[98]  Jar-Ferr Yang,et al.  Cryptanalysis on PHOTON hash function using cube attack , 2012, 2012 International Conference on Information Security and Intelligent Control.

[99]  Nazife Baykal,et al.  Differential Attacks on Lightweight Block Ciphers PRESENT, PRIDE, and RECTANGLE Revisited , 2016, LightSec.

[100]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[101]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[102]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[103]  Domenico Formica,et al.  Performance Evaluation of Bluetooth Low Energy: A Systematic Review , 2017, Sensors.

[104]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[105]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[106]  Yonglin Hao,et al.  A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique , 2015, NSS.

[107]  Alex Biryukov,et al.  Design Strategies for ARX with Provable Bounds: Sparx and LAX , 2016, ASIACRYPT.

[108]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices , 2012, CARDIS.

[109]  Kris Gaj,et al.  RTL implementations and FPGA benchmarking of selected CAESAR Round Two authenticated ciphers , 2017, Microprocess. Microsystems.

[110]  Babak Sadeghiyan,et al.  MIBS: A New Lightweight Block Cipher , 2009, CANS.

[111]  Hyangjin Lee,et al.  The SEED Encryption Algorithm , 2005, RFC.

[112]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[113]  Zdenek Martinasek,et al.  Evaluation of Software-Oriented Block Ciphers on Smartphones , 2013, FPS.

[114]  Keting Jia,et al.  Improved Differential Attacks on Reduced SIMON Versions , 2014, IACR Cryptol. ePrint Arch..

[115]  Chae Hoon Lim,et al.  Fast Implementation of Elliptic Curve Arithmetic in GF(pn) , 2000, Public Key Cryptography.

[116]  Subhamoy Maitra,et al.  Chosen IV cryptanalysis on reduced round ChaCha and Salsa , 2016, Discret. Appl. Math..

[117]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[118]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[119]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[120]  Charanjit S. Jutla Encryption Modes with Almost Free Message Integrity , 2001, EUROCRYPT.

[121]  Pascal Lafourcade,et al.  Related-Key Cryptanalysis of Midori , 2016, INDOCRYPT.

[122]  A. E. Harmanci,et al.  ITUbee: A Software Oriented Lightweight Block Cipher , 2013, LightSec.

[123]  Russ Housley,et al.  Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) , 2007, RFC.

[124]  Éliane Jaulmes,et al.  Cryptanalysis of the F-FCSR Stream Cipher Family , 2005, Selected Areas in Cryptography.

[125]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[126]  Anne Canteaut,et al.  Related-Key Attack on Full-Round PICARO , 2015, SAC.

[127]  Patrick Schaumont,et al.  Optimizing Cryptography in Energy Harvesting Applications , 2017, ASHES@CCS.

[128]  Hongjun Wu,et al.  The Stream Cipher HC-128 , 2008, The eSTREAM Finalists.

[129]  Yosuke Todo Integral Cryptanalysis on Full MISTY1 , 2015, CRYPTO.

[130]  Hitoshi Yanami,et al.  Differential Cryptanalysis of a Reduced-Round SEED , 2002, SCN.

[131]  Céline Blondeau,et al.  Differential Cryptanalysis of PUFFIN and PUFFIN2 , 2011 .

[132]  Christoph Huber,et al.  The first batteryless, solar-powered cardiac pacemaker. , 2015, Heart rhythm.

[133]  Yue Sun,et al.  Linear Cryptanalysis of Light-Weight Block Cipher ICEBERG , 2012 .

[134]  Peng Zhang,et al.  Saturation Attack on the Block Cipher HIGHT , 2009, CANS.

[135]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[136]  Sergey Panasenko,et al.  Lightweight Cryptography: Underlying Principles and Approaches , 2011 .

[137]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[138]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[139]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[140]  Martin R. Albrecht,et al.  An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers , 2012, Selected Areas in Cryptography.

[141]  Thomas Peyrin,et al.  Deoxys V1 , 2014 .

[142]  Kexin Qiao,et al.  Related-Key Rectangle Attack on Round-reduced Khudra Block Cipher , 2015, NSS.

[143]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[144]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[145]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[146]  Thomas Pornin Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) , 2013, RFC.

[147]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[148]  Marine Minier,et al.  On the Security of Piccolo Lightweight Block Cipher against Related-Key Impossible Differentials , 2013, INDOCRYPT.

[149]  Steve Babbage,et al.  The MICKEY Stream Ciphers , 2008, The eSTREAM Finalists.

[150]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[151]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[152]  Jimmy Jose,et al.  Cryptanalysis of the Grain Family of Ciphers: A Review , 2019, 2019 International Conference on Communication and Signal Processing (ICCSP).

[153]  Sheila Frankel,et al.  The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec , 2003, RFC.

[154]  Marine Minier,et al.  Improved Impossible Differential Attacks against Round-Reduced LBlock , 2014, IACR Cryptol. ePrint Arch..

[155]  Amr M. Youssef,et al.  Impossible Differential Cryptanalysis of Reduced-Round SKINNY , 2017, AFRICACRYPT.

[156]  Martin Hell,et al.  Breaking the F-FCSR-H Stream Cipher in Real Time , 2008, ASIACRYPT.

[157]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[158]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[159]  I. Nikolic,et al.  Security Analysis of the Block Cipher Camellia , 2012 .

[160]  Nicolas Courtois,et al.  Security Evaluation of GOST 28147-89 in View of International Standardisation , 2012, Cryptologia.

[161]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy , 2015, ASIACRYPT.

[162]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[163]  Sangjin Lee,et al.  Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA , 2002, FSE.

[164]  Hongjun Wu A New Stream Cipher HC-256 , 2004, FSE.

[165]  Dmitry Khovratovich,et al.  Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family , 2012, IACR Cryptol. ePrint Arch..

[166]  Thomas Peyrin,et al.  Unaligned Rebound Attack: Application to Keccak , 2012, FSE.

[167]  Nora Cuppens-Boulahia,et al.  Revised Selected Papers of the 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security - Volume 8247 , 2013 .

[168]  Joos Vandewalle,et al.  Linear Cryptanalysis of RC5 and RC6 , 1999, FSE.

[169]  Ivica Nikolic,et al.  Rotational Rebound Attacks on Reduced Skein , 2010, Journal of Cryptology.

[170]  Gautam Srivastava,et al.  Differential Cryptanalysis of Round-Reduced LEA , 2018, IEEE Access.

[171]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[172]  Yu Sasaki,et al.  Comprehensive Study of Integral Analysis on 22-Round LBlock , 2012, ICISC.

[173]  Tim Güneysu,et al.  Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices , 2012, AFRICACRYPT.

[174]  Xiaoyun Wang,et al.  Impossible Differential Cryptanalysis of Midori , 2016, IACR Cryptol. ePrint Arch..

[175]  María Naya-Plasencia,et al.  Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN , 2011, INDOCRYPT.

[176]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[177]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[178]  Hung Cao,et al.  Power Approaches for Implantable Medical Devices , 2015, Sensors.

[179]  Anne Canteaut,et al.  Sosemanuk, a Fast Software-Oriented Stream Cipher , 2008, The eSTREAM Finalists.

[180]  Brice Minaud,et al.  A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro , 2015, EUROCRYPT.

[181]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[182]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[183]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[184]  Huaxiong Wang,et al.  Cryptanalysis of Rabbit , 2008, ISC.

[185]  Zhihao Jiang,et al.  Cyber–Physical Modeling of Implantable Cardiac Medical Devices , 2012, Proceedings of the IEEE.

[186]  Eyal Kushilevitz,et al.  Improved Cryptanalysis of RC5 , 1998, EUROCRYPT.

[187]  Lei Hu,et al.  Differential Security Evaluation of Simeck with Dynamic Key-guessing Techniques , 2016, ICISSP.

[188]  François-Xavier Standaert,et al.  Improving the security and efficiency of block ciphers based on LS-designs , 2016, Designs, Codes and Cryptography.

[189]  Lei Hu,et al.  Extension of Meet-in-the-Middle Technique for Truncated Differential and Its Application to RoadRunneR , 2016, NSS.

[190]  Gregor Leander,et al.  Differential Cryptanalysis of Round-Reduced PRINTcipher: Computing Roots of Permutations , 2011, FSE.

[191]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[192]  Behnam Dezfouli,et al.  Empirical analysis and modeling of Bluetooth low-energy (BLE) advertisement channels , 2018, 2018 17th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net).

[193]  Technologie NIST Special Publication 800-53 , 2010 .

[194]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[195]  Amr M. Youssef,et al.  Impossible Differential Attack on Reduced Round SPARX-64/128 , 2017, AFRICACRYPT.

[196]  Vincent Rijmen,et al.  Rebound Attack on Reduced-Round Versions of JH , 2010, FSE.

[197]  Shuang Wu,et al.  Cryptanalysis of Round-Reduced LED , 2015, IACR Cryptol. ePrint Arch..

[198]  Cihangir Tezcan The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA , 2010, INDOCRYPT.

[199]  Christof Paar,et al.  Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures , 2013, RFIDSec.

[200]  Ferhat Karakoç,et al.  Biclique Cryptanalysis of TWINE , 2012, CANS.

[201]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[202]  Yu Sasaki,et al.  New Impossible Differential Search Tool from Design and Cryptanalysis Aspects - Revealing Structural Properties of Several Ciphers , 2017, EUROCRYPT.

[203]  Kaisa Nyberg,et al.  Links Between Truncated Differential and Multidimensional Linear Properties of Block Ciphers and Underlying Attack Complexities , 2014, IACR Cryptol. ePrint Arch..

[204]  Cheng Wang,et al.  An ultra compact block cipher for serialized architecture implementations , 2009, 2009 Canadian Conference on Electrical and Computer Engineering.

[205]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[206]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[207]  Andrey Bogdanov,et al.  SPONGENT: The Design Space of Lightweight Cryptographic Hashing , 2011, IEEE Transactions on Computers.

[208]  Vincent Rijmen,et al.  On the Design and Security of RC2 , 1998, FSE.

[209]  Kaisa Nyberg,et al.  Multidimensional Linear Cryptanalysis of Reduced Round Serpent , 2008, ACISP.

[210]  María Naya-Plasencia,et al.  Cryptanalysis of KLEIN (Full version) , 2014, IACR Cryptol. ePrint Arch..

[211]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[212]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[213]  Mahbub Hassan,et al.  A Survey of Wearable Devices and Challenges , 2017, IEEE Communications Surveys & Tutorials.

[214]  Michal Hojsík,et al.  Differential Fault Analysis of Trivium , 2008, FSE.

[215]  Máire O'Neill,et al.  Hardware Comparison of the ISO/IEC 29192-2 Block Ciphers , 2012, 2012 IEEE Computer Society Annual Symposium on VLSI.

[216]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[217]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[218]  Suhap Sahin,et al.  RoadRunneR: A Small and Fast Bitslice Block Cipher for Low Cost 8-Bit Processors , 2015, LightSec.

[219]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[220]  Charalampos Manifavas,et al.  A survey of lightweight stream ciphers for embedded systems , 2016, Secur. Commun. Networks.