A Review of Data Security and Cryptographic Techniques in

IoT based devices

Ghulam Mustafa Rehan Ashraf Muhammad Ayzed Mirza
Department of Computer Science * corresponding Author Department of Computer Science
National textile University Department of Computer Science National Textile University
Faisalabad, Pakistan National Textile University Faisalabad, Pakistan
ghulammustafanfc@gmail.com Faisalabad, Pakistan ayzed@ntu.edu.pk
rehan@ntu.edu.pk

Abid Jamil Muhammad

Department of Computer Science
National Textile University
Faisalabad, Pakistan
abid.jamil@nu.edu.pk
ABSTRACT
The idea of the Internet of Things (IoT) is to connect or give
access to everything to the Internet. IoT environment not
only provides the facility of Human to Machine connectivity,
however, it also creates Machine to Machine connectivity.
As everything is going to connect to the Internet and also
generating the data. So, the data generating by these devices
is growing up rapidly, that huge amount of data is called
Big Data. This data has huge Volume, High Velocity, and
different Variety. The security of this data is a risk. As we
know that, the IoT devices have constraints like low power
and less computational speed and the traditional encryption
algorithms like DES, 3DES, and AES are more complex.
Traditional encryption algorithm seems not feasible for IoT
devices. So, we need to develop Lightweight encryption algo-
rithm for IoT devices for secure communication and secure
data transmission in IoT environment. Cryptography and
Steganography techniques are used for securing the data over
the Internet. Cryptography encrypts the data by using a
key and make a ciphertext that cannot be readable by the
normal user. Steganography hides the data by concealing
it into another medium like data, image, audio, video, or
mixed. This paper provides a review of important lightweight
cryptographic techniques used for IoT devices.
KEYWORDS
Lightweight, Security, IoT, Cryptography, Stenography, En-
cryption, Decryption, Ciphers, Big Data
ACM Reference Format:
Ghulam Mustafa, Rehan Ashraf, Muhammad Ayzed Mirza, Abid
Jamil, and Muhammad. 2018. A Review of Data Security and
ACM acknowledges that this contribution was authored or co-authored
by an employee, contractor or affiliate of a national government. As
such, the Government retains a nonexclusive, royalty-free right to
publish or reproduce this article, or to allow others to do so, for
Government purposes only.
ICFNDS’18, June 26–27, 2018, Amman, Jordan
© 2018 Association for Computing Machinery.
ACM ISBN 978-1-4503-6428-7/18/06. . . $15.00
https://doi.org/10.1145/3231053.3231100
Department of Computer Science
National Textile University
Faisalabad, Pakistan
muhammad.dcs@ntu.edu.pk
Cryptographic Techniques in IoT based devices. In ICFNDS’18:
International Conference on Future Networks and Distributed
Systems, June 26–27, 2018, Amman, Jordan. ACM, New York,
NY, USA, 10 pages. https://doi.org/10.1145/3231053.3231100
1 INTRODUCTION
Internet of Things (IoT) is a system of some interconnected
devices, like digital devices, mechanical machines, things, ob-
jects and peoples. These devices have their unique identifiers
and have the capability of transmission of data over the net-
work without any human-to-human or human-to-computer
collaboration [1]. In 1982 Kevin Ashton first time proposed
the term "Internet of Things". His aim was to offer the fa-
cilities of human beings to communicate with the virtual
or imaginary environment [2]. A thing or object in Internet
of things (IoT) can be any computing device to whom we
can assign an IP address and that device have a capability
to transfer the data over the network. Sensors embedded in
these devices so that these devices can sense the environment
and collect the data, then this collected data transfer over
the internet. Internet of Things allows "things" to sensed and
controlled remotely. With the very fast growth of internet
technology, our lives are steadily led into a Virtual World
[3]. We are going to live in an imaginary space. People can
do anything in this virtual world, like shopping, chat and
work.Internet of things is a new emerging domain which will
bring a huge change in the real life of human beings.
IoT concept of connecting everything to the internet is
the main reason for generating the Big Data. Big Data is
also an emerging field and the latest topic of interest [4]. IoT
devices increasing day by day, and the data generating by
them also increases. The structure, un structure and multi-
structure data generating by IoT devices. The main sources
of big data are Clouds, Mobile Devices, Social media, and
Networking websites. Big Data concept can be understood by
its three V’s characteristics, Volume, Velocity, and Variety.
Volume characteristic of big data describes that how much
space is required to store it? Volume is a massive amount of
data generated by any source.Velocity is the speed at which
ICFNDS’18, June 26–27, 2018, Amman, Jordan
the data is generated, store, and transfer from one node
to another. Velocity characteristic of big data can also be
defined as the time taken by data from system to cloud or
cloud to system. Variety characteristic of big data defines the
type of data, like structure, unstructured, or multi-structure.
These three V’s of big data are shown in the Figure. 1.
Figure 1: Three V’s of Big Data
Applications of Internet of Things are in every field. There
are some applications of Internet of Things, Like Smart Home,
Smart City, Health Care, Agriculture, Transportation, Smart
Factory, Supply Chain, Emergency, User Interaction, Retail
and Lifestyle.
Figure 2: Definition of Internet of Things
Figure. 2 shows the concept of IoT. The IoT’s concept
of anything, anytime, anyone, anyplace, any service and
any network changes its benefits into drawbacks, if security
privacy is not abundant. For example, if there is not enough
security and privacy then any one can have access to any
other’s personal information. The security and privacy in IoT
is a big issue because there is no restrictions on its way. Figure.
3 explains the IoT concept more precisely. Which defines that
a network is consists of the host to host communication. The
G. Mustafa, R. Ashraf, A. Mirza, A. Jamil, Muhammad
internet is defined as the communication of the hosts over the
web. It becomes mobile-internet when mobile devices involved
in this scenario. Overall it becomes IoT when everything
connected to the internet like mobiles, homes, refrigerators,
cars, machines, and peoples. Figure. 4 shows the three layers
architecture of the IoT. Three layers of IoT are Sensing layer,
Transport layer, and Application layer. In IoT everything
is going connected to the internet or everything is going to
become Smart. Just like to make Smart Home, Smart Schools,
Smart Hospitals and Smart Cities. So the Authentication of
each new user or device, which is trying to become part of
this network is also an issue. Due to wireless communication
in IoT, eavesdropping and Man in the Middle attacks are
also possible. The main issues in securing the IoT devices
are:
Confidentiality. Data travel between source and destination,
Machine to Machine, Machine to Human, Human to Human,
or Human to Machine can easily be tracked by attacker or
intruder and secret information can be expose. End-to-End
security is mandatory in IoT. Confidentiality can be achieved
by encryption/decryption.
Data Integrity. Nobody can change the data at intermediate
stage between source and destination. When data travel on
the internet, intruder attacks on that data. We should apply
some techniques to secure the traveling data so that the
intruder can not change or modify the data, if they success
to achieve the data.
Authentication. Communicating entities should be able to
authenticate each other. So that they can ensure that they
are communicating with the claimed entities.
Human IoT Trust Relationship. Trust is not defined for
human beings only, it also be defined for Device or System.
Trust defined as human to human, human to device, device
to device and device to human.
The rest of this paper is structured as follows: Section 2
describes the background of cryptography and steganogra-
phy. Section 3 describes the Literature Review of lightweight
cryptography and the combined effect of cryptography and
steganography techniques. Section 4 gives the brief analysis
of literature review. Section 5 describes the brief conclusion.
2 BACKGROUND OF SECURITY
TECHNIQUES
Steganography
"Steganography derived from two Greek words ’steganos’
which means either secret or covered and ’graphein’ which
means writing or drawing" [6]. Which shows that steganogra-
phy means secret writing, secret drawing, covered writing, or
covered drawing. About 2000 years ago, the Greek used this
technique to transfer secret messages. Steganography means
hiding a secret message within another message. Steganog-
raphy is used to hide secret data into the non-secret data.
The file in which the secret data is concealed is called the
carrier. After concealing the secret data the modified carrier
A Review of Data Security and Cryptographic Techniques in IoT based devices
Figure 3: Senario of Internet of Things [9]
looks like an original carrier. Some best carriers are images,
audio and video files. In steganography, we do not encrypt
the data, we simply conceal our data within image, audio or
video files.
Cryptography
Cryptography is used to build security. Cryptography is a
powerful tool to protect the data. Our computer password
is secured by cryptographic hash function. When we send
an email, it’s also secure by cryptography technique SSL.
Cryptography concern with confidentiality (no one can ac-
cess the data except the person to whom it may concern),
integrity (no one can change or modify the data), and au-
thenticate (sender and receiver conform their identity) [6].
Cryptography is used to store and transfer the data in such
a form that only sender and receiver can understand it or
process it. An intruder can not access or understand that
data. Cryptography depends upon the algorithm and the
key. Two main terms used in cryptography encryption and
decryption. Encryption is a process to convert a plain text
into cipher text and decryption is the process to convert
cipher text to plain text.
Lightweight Cryptography
In Internet of Things machines connected to machines or
machines connected to human to communicate or to send
data. IoT devices have less computational power, so we need
to design lightweight encryption techniques to encrypt the
data. Lightweight Cryptography is used in a constrained en-
vironment like RFID tags, healthcare devices, and sensors
[7]. While developing Lightweight Cryptography techniques,
we must have to take into consideration the software and
hardware specification. For example, how much energy it will
consume? How much time will it take to encrypt the data?
How much is RAM size required to run it? Lightweight Cryp-
tography does not means, that it will compromise the security
ICFNDS’18, June 26–27, 2018, Amman, Jordan
[8]. There are two main types of Cryptography, Symmetric
key cryptography and Asymmetric cryptography.
Symmetric Key Cryptography
In symmetric key cryptography same key is used for encryp-
tion and decryption. The sender encrypts the data by using
the secure key and the same key is used by the receiver to
decrypt the data. The sender and receiver negotiate the key
by a secure channel to start the conversation. There are many
algorithms that are based on symmetric key cryptography,
like Caesar cipher, Block cipher, Stream cipher, DES (Data
Encryption Standard), and AES (Advanced Encryption Stan-
dard).
Asymmetric Key Cryptography
Asymmetric Cryptography also called public key cryptogra-
phy. In this technique, two different keys are used for encryp-
tion and decryption. These two keys are known as a public
key and private key. Sender and receiver have its own public
and private keys. One key is used for encryption and the other
key is used for decryption. The private key is a secret key,
private key never expose. Public key announced to others. If
a sender wants to send data to the receiver, it will encrypt
the data by using the receiver’s public key. On the other end,
the receiver will decrypt the data by using its own private key.
There are many algorithms that are based on asymmetric or
public key cryptography, like Diffie-Hellman, RSA (Rivest -
Shamir - Adleman) and Elliptic Curve Cryptography (ECC).
3 LITERATURE REVIEW
Many algorithms and techniques have been proposed to secure
the data generated by IoT devices. In the following section,
we have shown a number of current security algorithm and
techniques that used to encrypt the data generated by IoT
devices.
For designing a lightweight cipher for the Internet of Things
Muhammad Tausif et al. [10] evaluated 13 lightweight ciphers.
ICFNDS’18, June 26–27, 2018, Amman, Jordan
Figure 4: Layers Architecture of Internet of Things [1]
Internet of Things changing our lives aspects towards smart-
ness like smart home, smart health, and smart cities. IoT
based on physical objects which use sensors to collect data
and actuators to share the data with other objects. Smart
things having controlled resources like limited battery and
small size RAM. So, lightweight ciphers required for IoT
to secure communication. To secure communication on the
Internet of Things 13 lightweight ciphers were evaluated. The
lightweight ciphers were evaluated on three parameters: RAM,
code size, and execution time and analysis the performance
of these ciphers on a different platform: 8 bit, 16 bit and 32
bit. The proposed solution was checked on different parame-
ters like key size, block size, SBox, round function, number
of rounds, structure, key scheduling, code size, RAM and
Execution Time. Association rule mining was used to check
the relationship between performance parameters and the
component elements of the lightweight ciphers. The results
have shown some guidelines to design lightweight ciphers.
Designers must have to keep in mind the fewer device re-
sources like memory, execution time and code size. Key must
be fixed and take small space. In short, it provides basement
to enhance the cipher in several ways like code size, size of
memory, and execution time.
Muhammad Usman et al. [11] proposed a lightweight en-
cryption algorithm and named as Secure IoT. Billions of
devices are connected to the Internet of Things. That are
generating a big data and security of big data is a risk. IoT
G. Mustafa, R. Ashraf, A. Mirza, A. Jamil, Muhammad
devices are necessarily smaller in size and low powered. How-
ever, encryption algorithms are more complex and consume
the energy of IoT devices. So a lightweight encryption algo-
rithm is proposed, that is a symmetric key algorithm and
uses a 64-bit key to encrypt the 64-bit block cipher. The
suggested algorithm was a hybrid method. The algorithm has
only 5 rounds which consume less energy. Each round needs
a unique key, so it uses 5 keys for encryption and decryption.
The proposed algorithm was evaluated on different criteria
to check its security strength. Key Sensitivity, Execution
Time, Image Histogram & Entropy, Memory Utilization and
Correlation were the evaluation parameters. On ATmega 328
platform, the algorithm used 22 bytes of memory, and it takes
0.188 milliseconds execution time, and 0.187 milliseconds for
encryption and decryption. The Avalanche test showed that
a single bit change in key or plain text brings about 49 &
change in the ciphertext.
A dynamic key approach proposed by Manish Kumar et
al. [12] to secure the Internet of Things. Nowadays a major
area of interest is data security of digital world as IoT, where
devices communicate with other devices. It makes human life
simpler but the security of the data produces by them is a
risk. The proposed dynamic key approach was symmetric key
encryption Symmetric key encryption. Which used a 128-bit
key that could not be accessed by brute force attack. That
takes data of 8 bytes as an input and generates a fixed cipher-
text of 8 bytes as output. That calculates sixteen subkeys of
8 bits from the 128-bit key. Then shuffling processes is used
A Review of Data Security and Cryptographic Techniques in IoT based devices
to repel the known plaintext attack, and at the end diffusion
process used for avalanche effect. The proposed solution was
checked on different negative aspects like different keys for
encryption and decryption, a slight change in key, a slight
change in plain text, and wrong ciphertext. The results have
shown that the model was able to detect all these slight
changing and its ciphertext could not be decrypted. The sys-
tem was able to detect the minor changing. The key length
was satisfactory to protect it from brute force attack. It used
an equal number of bits of output ciphertext and input plain
text, to save the network bandwidth.
Jagdish Patil et al. [13] introduced a lightweight block
cipher technique named as LiCi. They proposed an encryption
technique that uses a 128-bit key to encrypt the 64-bit plain
text, to produce 64-bit cipher. It uses 4-bit input and 4-bit
output S-box. It divides the 64-bit plain text into two halves.
From 128-bit key, it abstracts left most significant bits and
uses as the first round key, and next left most significant bits
are used as second round key. LiCi technique has 31 rounds.
The proposed solution was evaluated on different parameters,
like block size, key size, execution time, throughput and
number of cycles. LiCi cipher was also compared with other
lightweight ciphers on the base of hardware performance
like power consumption, flash memory used and GE,s. LiCi
uses 1944 bytes of memory and it requires 1153 GE,s (Gate
Equivalents) to encrypt the 64- bit data with a 128-bit key.
LiCi cipher consumes 30mW power that was less power as
compared to other existing techniques. It resists the linear
and differential attacks.
Ria Das et al. [14] suggested a hybrid approach that com-
bines the benefit of both cryptography and steganography
to achieve the Confidentiality and Data Integrity. With the
benefits of IoT, the IoT security has always been a serious
issue. The prime attack on IoT devices is a loss of confidential
information or modification of this information that is called
Confidentiality and Integrity. Cryptography is used to prevent
the Integrity attacks and Steganography is used to prevent
the confidentiality attacks. The presented model divided into
two phases. In first phase data transmission between IoT
sensor device and the home server. The IoT devices have lim-
itations with respect to power, memory and computational
abilities. So, a combination of simple steganography (LSB
substitution) and lightweight cryptography (XOR operation)
proposed for IoT device to home server data encryption. In
second phase data transmission between home server and
cloud. So, there are no resource constraints. A combination
of steganography (MSB-LSB substitution) and Advanced
Encryption Standard (AES) / Data Encryption Standard
(DES) used for encryption in this phase. The experiments of
the proposed solution were conducted using Matlab R2013a.
Dataset takes from 1 to 100 characters. Simple XOR used
for encryption, MD5 used for creating message digest and
LSB substitution steganography used between IoT devices
to the home server. AES/DES used for encryption, then
MD5 used for creating a hash and MSB-LSB substitution
steganography technique proposed for data encryption, be-
tween the home server and cloud. They compare the simple
ICFNDS’18, June 26–27, 2018, Amman, Jordan
LSB substitution with the proposed MSB - LSB substitution
scheme of steganography technique. The results show that
MSB - LSB Substitution scheme performs better than simple
LSB substitution scheme of steganography.
Another novel approach for securing the IoT was offered by
Bouchra Echandouri, et al. [15] named as a lightweight mes-
sage authentication code protocol using cellular automata,
based on keyed hash function LCAHASH-MAC. RFID tags
are the significant components of IoT. RFID tags automati-
cally detect the target signal, collect and send the instruction
to the controller. There are many security threats for these
tags, the major threat is data authentication e.g snooping,
replay attack, relay attack, Counterfeiting etc. These RFID
tags have restrictions on memory size and computational
capabilities. So, lightweight cryptography techniques used
to secure them. The proposed solution based on three algo-
rithms. The first algorithm was sub keys generation using
the Pseudo-random number generators, to provide resistance
against key recovery attack. The second algorithm was to
generate MAC of the message. The input of the algorithm
was a message of any length (make chunks of 512 bits) and
a key which calculated in the first step. The last step is the
verification of MAC. The input of the step was the message,
key and the tag which was generated in the second step.
The output of this step was valid or invalid. The main se-
curity aspect of the keyed hash function was that it should
resist against key recovery attack. Exhaustive research key
attack was infeasible because it will require approximately
years to get the right key. Key sensitivity test showed that
one-bit change in key affects approximately 50% change in
the output. The computational complexity of the proposed
algorithm was O(n). Traditional cryptographic techniques
provide security very well but these were not applicable to
constrained devices like RFID. So, a lightweight message au-
thentication code technique based on LCASHAH, proposed
in [13] to deny access to unauthorized entities and to provide
security. The results showed that the proposed algorithm
was more secure and fast as compared to other well-known
hash-based message authentication techniques.
Chaitanya Bapat, et al. [16] provided a hybrid technique
that combines the benefit of both cryptography and steganog-
raphy. IoT systems consist of electronic devices, computing
devices, household devices, and sensors. Thanks to IoT de-
vices, which make it possible to control household devices
through mobile phones. In our daily life, it is very difficult for
us to sustain different keys of mechanical locks. Hence these
locks were replaced by smart locks or electromagnetic locks.
Despite that, the smart locks provide us easiness and comfort-
ability, the security issue arises due to IoT based smart locks
like MITM (Man In The Middle) attack. In the proposed
scheme a Bluetooth Low Energy (BLE) protocol was used
to connect smart lock to the key. BLE protocol capable to
transfer data between IoT devices and smartphones. MITM
attack can be carried out in BLE protocol. To handle the
issue a combination of cryptography and steganography was
proposed, Confidentiality achieved by the steganography and
Integrity achieved by the cryptography. It was a server-client
ICFNDS’18, June 26–27, 2018, Amman, Jordan
model, on the client (Android Smart Phone) side, the user
enters the key that was encrypted by AES algorithm and
then the ciphertext was embedded in an image. The image
was sent by using BLE protocol. On the server side, the
ciphertext extracted from the image and then decrypted that
ciphertext to get the key. The algorithm checks the valid key
and then take the decision to open the lock or not. Evaluation
parameters of the proposed technique were the size of the
image, dimensions of the image and time taken to encode,
encrypt, sent, receive, decrypt and decode. Lesser the image
size, faster it transferred. As the BLE protocol has different
issues including MITM (Man in the Middle) attack. By using
the combination of cryptography and steganography elim-
inate the threat of MITM attack. Steganography provides
the confidentiality, an intruder cannot differentiate between
2 images, original image and the other image that has data
encoded in it. Cryptography prevents the integrity attacks.
Sunggyun Jang, et al. [17] proposed an efficient device
authentication protocol without certification authority for
IoT. Wireless devices are used for Internet of Things (IoT),
like RFID, Bluetooth, and ZigBee. As IoT technology grows
rapidly the possibility of information leakage and hacking
also increasing. Hacking tools enable the intruder to access
the information stored in the memory of wireless devices. IoT
devices should not allow accessing the information without
authentication. For this issue, the different protocol has been
proposed, like DTLS, SSL/TLS. DTLS protocol requires six
message packet exchange, and if a packet loss, it will retrans-
mit all packets from the beginning, which was not affordable
in IoT environment. So, a lightweight authentication protocol
for IoT devices proposed. The proposed authentication have
some steps:
1 The device sends MAC address or serial number to the
target device by using AES Encryption technique.
2 The target device builds the hash tree and send the
timestamp to the device, and encrypt its message by
using AES technique.
3 The device forms the hash tree by using the same hash
tree algorithm used by the target device.
4 The Root Hash is transmitted for authentication, the
target device authenticates, and hash shake completes.
There were three Evaluation parameters of the proposed
scheme. First was authentication delay time, the initial au-
thentication time and re-authentication time. The second was
code size and the third was power consumption. By compar-
ing with the existing authentication protocol, the proposed
protocol was more efficient and used less number of messages
exchanged. The proposed protocol was based on a keyed
hash algorithm and not require a certification authority. The
security was achieved on every step by using the Advanced
Encryption Standard to encrypt the messages, exchanged
between device and target device.
Shadi Aljawarneh, et al. [18] introduced a resource effi-
cient encryption model to encrypt the multimedia big data.
IoT widely used in various areas, like academic, industries,
healthcare, wireless networking, and communication. IoT
G. Mustafa, R. Ashraf, A. Mirza, A. Jamil, Muhammad
devices generating a huge amount of data called big data.
Currently, multimedia big data is the biggest big data, as it
generates 60% internet traffic and 70% mobile phones traffic.
The main issue of multimedia was its security. Symmetric key
encryption algorithms were used to secure data generated by
IoT devices, these algorithms require a more computational
cost for multimedia big data. The proposed system does
not require an additional key for encryption. So, does not
require key distribution and updating of the key. The pro-
posed scheme generate a key from the data by using Feistel
Encryption Scheme. It takes input files as multi-size blocks
(each block size is 256 bit). Then each block divided into
key and plain text. Key encrypted using Feistel Encryption
Scheme and plaintext encrypted using AES algorithm. AES
generate a ciphertext of data by performing 10 rounds of
encryption and a unique key for all rounds. Finely Genetic
Algorithm used to integrate cipher key and cipher data. On
the other side, decryption was the reverse of the encryption
scheme. There were some Performance parameters of the
proposed scheme. Size of the input file, running time and
throughput of symmetric key encryption algorithms (MARS,
3DES, DES, RC6, and Blowfish) and avalanche effect. The
different symmetric key algorithm used different key size,
different plaintext size and a different number of rounds. The
proposed system was built to secure multimedia big data
against real-time attacks like DoS and tampering attacks.
The results show that the proposed system gives the best
security for multimedia big data. The results show that the
proposed solution has less running time for encryption and
decryption and has the highest throughput for encryption
and decryption and has highest avalanche effect as compared
to others symmetric key algorithm.
Rini Indrayani, et al. [19] presented a combination of cryp-
tography and steganography to enhance the security of the
transmitting data over the network. There are different lev-
els of confidentiality of exchanging data, like personal data,
organizational data or state data. So the security of the
confidential data is an important issue. Many cryptographic
algorithms developed to secure the data. Steganography is
one of them, which used to hide important data into another
data so that it cannot detect. Nowadays, different tools avail-
able in the market that has an ability to detect any use of
steganography. Therefore, a combination of steganography
and cryptography proposed. The mp3 audio file used as a
carrier file for steganography. Detection of the mp3 audio file
as a data file, not an easy task because the mp3 file generally
used over the internet for entertainment. The secret data em-
bedded in the mp3 audio file after encrypted with Advanced
Encryption Standard (AES) using a key that process with
MD5 hash function. The secret data file that sender wants to
embed could be of any type like text, image, video or audio.
At very first step key processed with the Message Digest 5
(MD5) and then Advance Encryption Standard (AES) applied
to secret data and that key to encrypt the secret message.
The encrypted secret message embedded or encoded into the
homogeneous frame of an mp3 audio file. Only that mp3
files can be used for steganography that has a homogeneous
A Review of Data Security and Cryptographic Techniques in IoT based devices ICFNDS’18, June 26–27, 2018, Amman, Jordan

Table 1: Comparision of Lightweight Security Algorithms in IoT

(S-Box = Substitution Box, AES = Advance Encryption Standard, MD5 = Message Digest, SHA = Secured Hash Function, LSB
= Least Significant Bit, MSB = Most Significant Bit, MAC = Message Authentication Code, OTP = One Time Pad, PRN =
Pseudo Random Number, C = confidentiality, I = Integrity, A = Authentication)

Author Technique Used Algorithm used Structure Based Input Size Cipher Size Key Length Rounds Char Security
Cryptography & 1 to
Muhammad Usman et al. [11] SIT (Secure IoT) Feistel & Substitution 64 bit 64 bit 64 bit 5 C,I,A
Steganography 100
8 byte or 8 byte or
Manish Kumar et al. [12] Cryptography Dynamic Key Shuffling & Diffusion 128 bit - - I
64 bit 64 bit
Feistel &
Jagdish Patil et al. [13] Cryptography LiCi 64 bit 64 bit 128 bit 31 - I
S-Boxes
Cryptography & S-Box, LSB, 1 to
Ria Das et al. [14] AES/DES, MD5 128 bit 128 bit 128 bit 10 C,I,A
Steganography LSB-MSB 100
MAC, Hash,
Charifa Hanin et al. [15] Cryptography LCAHASH-MAC 512 bit 512 bit 512 bit - - I,A
PSOCA
Cryptography &
Chaitanya Bapat, et al. [16] AES S-Box, LSB 128 bit 128 bit 128 bit 10 - C,I,A
Steganography
Hash Function
Sunggyun Jang, et al. [17] Cryptography AES, SHA128 128 bit 128 bit 128 bit 10 - A
MAC
AES, Feistel, & 256 bit word,
Shadi Aljawarneh, et al. [18] Cryptography Feistel, S-Box 256 bit 128 bit 10 - I
Genetic Algo 128 bit
Homogeneous
Cryptography &
Rini Indrayani et al. [19] AES, MD5 Frame, 128 bit 128 bit 128 bit 10 audio C,I,A
Steganography
S-Box
Confusion,
Cryptography &
Mani Bharathi.V et al. [20] Chaos Diffusion, 256 bit 256 bit 256 bit - image C,I
Steganography
LSB, MSB
Cryptography & Dynamic Key LSB, MSB
Nikhil Patel et al. [21] 128 bit 128 bit 128 bit - image C,I
Steganography Approach PRN
One Time
Mrudula Sarvabhatla et al. [22] Cryptography OTP, Hash - - - - - A
Pad

frame. The reverse of this performed on the receiver side
to obtain the original message. The proposed solution was
evaluated by testing the mp3 audio file on these perspectives,
Steganography Capacity, Recovery Analysis, Steganalysis
Testing and Frequency Analysis. The results show that mp3
audio file steganography technique using AES encryption
technique and MD5 hash function provide more security. The
combination of cryptography and steganography provides
confidentiality and integrity.
Mani Bharathi, et al. [20] also proposed a combination of
cryptography and steganography for image security. Cryp-
tography used to hide the data or converting information
to its normal form to unreadable form. Steganography used
to hide the data so that no one can suspect the data ex-
cept sender and receiver. Steganography used with Chaotic
algorithm gives more security and large key space. In the
Chaotic algorithm, a one-bit change can change all output
bits. In the proposed method the chaotic algorithm used for
encryption and then encrypted message embedded into a col-
ored image. Two methods were proposed for generating stego
image. In the first method, by extracting the Most Significant
bit (MSB) of the message (that has 80% information about
the message) and replacing it with the Least Significant Bit
(LSB) of the carrier image. Now the resultant has MSB of
the message and MSB of the carrier image that is called
stego image. Its visualization is not good and after decoding
it losses 65% data. The second method is same as the first
method. The difference is that in this method LSB replaced
with MSB of the stego image. The proposed method has two
steps, the cover image was divided into two halves. The MSB
of the secret message will become LSB of the first half of
cover image and LSB of the secret message will become the
LSB of the second half of cover image. The proposed solution
has no limitation on the size of the image. The user can use
the image of any size. The results show that steganography
technique using Chaotic technique provides more security
and has more applications. The combination of cryptography
and steganography provides confidentiality and integrity.
A combination of two types of techniques presented by
Nikhil Patel, et al. [21] to secure the image transmission. In
the first technique, the parameters of the image encrypted
that is called cryptography and can easily be sensed by the in-
truder. The second technique was steganography, in which the
image hidden within the other image and the intruder cannot
sense it easily. Because its physical appearance remains same.
The intruder commonly uses Visual Attacks and Statistical
Attacks on transmission images. The proposed solution used
to oppose these two attacks. The proposed scheme based on
Least Significant Bit (LSB) and Most Significant Bit (MSB).
The Least Significant Bit (that has low information) of the
carrier image replaced with Most Significant Bit (that has
high information) of the secret image. With the information
hiding technique, the proposed solution also provides security
by using the cryptographic technique. For cryptography, a
dynamic key used. In the proposed solution the pixel selection
based on Pseudo Random Number (PRN) generator. Which
provides more security. The proposed solution was checked at
the destination end, by using a slight change in key. Which
produce a different output. The results show that steganog-
raphy technique using dynamic key cryptography provides
more security. Least Significant Bit (LSB) Steganography is
ICFNDS’18, June 26–27, 2018, Amman, Jordan
more simple and easy way to hide the secure data or image
within an image.
A lightweight authentication service in Hadoop offered by
Mrudula Sarvabhatla, et al. [22] using One Time Pad key.
The Big Data generated by Social media, Mobile devices, and
Device to Device connectivity. Traditional databases cannot
handle the unstructured, high speed, and a huge amount of
data. So we need to use HDFS i.e Hadoop Distributed File
System, to store and process the big data. The Big Data
consists of very sensitive data like Healthcare data, Credit
card data, Government data or individual personal data.
Therefore secure authentication of the entity, which wants to
connect to the HDFS required. The proposed solution based
on two server model authentication system. These two servers
were Registration server and Backend server. In the first step,
the user sends a registration request consists of his identity
ID, and Password (hashed with a random number) to the
Registration Server. Registration server receives the request
and calculates the One Time Pad key (OTP). Then it XOR
the user ID with the hashed of OTP key, and also XOR the
password with the hashed of OTP key. Then all the calculated
information sends to the Backend server. Backend server also
performs some XOR operation and store all the information
in the database. Then Backend server generates a random
number and sends it to the user. The proposed solution was
analyzed on Resistance to Offline Password Guessing Attack
and Counter to reply attack. The results show that the pro-
posed authentication scheme was cost-effective because it
requires only 15 hash operations. The proposed authenti-
cation scheme opposes the cryptographic attacks with less
computation cost. The proposed authentication scheme is
lightweight and more secure.
4 ANALYSIS OF LITERATURE REVIEW
The analysis of literature review shows that the combination
of cryptography and steganography techniques gives better
results as compared to using only cryptography technique to
secure the data generated by IoT device. Table 1 shows the
comparison of lightweight security algorithms in IoT. The
comparison shows that when we use only cryptography tech-
nique to secure the data generated by IoT devices, we achieved
Data Integrity. It also shows that we can achieve Confidently,
Data Integrity and Authentication with the use of a combina-
tion of cryptography and steganography techniques to secure
the data generated by IoT devices. steganography used to
hide the data into a carrier file, image, audio file or video file.
So that, an intruder cannot sense the data generated by IoT
devices, while traveling over the internet.
5 CONCLUSION
In the last few years, a new emerging domain IoT, attract
the interest of researchers. Ans the use of internet also in-
creases rapidly from the last few years. The security of data
is a big challenge for computer users. Two main techniques
are used for securing the data, Cryptography and Steganog-
raphy. Cryptography is used for data security/encryption
G. Mustafa, R. Ashraf, A. Mirza, A. Jamil, Muhammad
and steganography is used for communication security. Cryp-
tography provides the Integrity (no one can change/modify
the data) and Steganography provides the Confidentiality
(no one can sense or access the data). The literature re-
view describes that the combination of both Cryptography
and Steganography provides the more security. Cryptogra-
phy and Steganography combination overcomes each other’s
weaknesses. Which gives more security and make it difficult
for the intruder/hacker to access or steal the data.
REFERENCES
[1] Oracevic, A., Dilek, S., & Ozdemir, S. (2017). Security in inter-
net of things: A survey. 2017 International Symposium on Net-
works, Computers and Communications (ISNCC), (June), 1-6.
https://doi.org/10.1109/ISNCC.2017.8072001
[2] Borgohain, T., Kumar, U., & Sanyal, S. (2015). Survey
of Security and Privacy Issues of Internet of Things.
arXiv Preprint arXiv:1501.02211, 7. Retrieved from
http://arxiv.org/abs/1501.02211
[3] Suo, H., Wan, J., Zou, C., & Liu, J. (2012). Security in the internet
of things: A review. Proceedings - 2012 International Conference
on Computer Science and Electronics Engineering, ICCSEE 2012,
3, 648-651. https://doi.org/10.1109/ICCSEE.2012.373
[4] Jabbar, S., Malik, K. R., Ahmad, M., Aldabbas, O., Asif, M.,
Khalid, S., Han, K. J., Ahmad, S. H., "A Methodology of Real-
Time Data Fusion for Localized Big Data Analytics" in IEEE
ACCESS, IEEE, 2018.
[5] SathishKumar, J., & R. Patel, D. (2014). A Survey on Internet of
Things: Security and Privacy Issues. International Journal of Com-
puter Applications, 90(11), 20-26. https://doi.org/10.5120/15764-
4454
[6] Baby, A., Scholar, P. G., & Krishnan, H. (2017). Combined Strength
of Steganography and Cryptography- A Literature Survey, 8(3),
1007-1010.
[7] Ahmad, M., Jabbar, S., & Ahmad, A. "A Sustainable Solution to
Support Data Security in High Bandwidth Health Care Remote
Locations by using TCP CUBIC Mechanism" in IEEE Transaction
on Sustainable Computing, , IEEE, 2018.
[8] SathishKumar, J., & R. Patel, D. (2014). A Survey on Internet of
Things: Security and Privacy Issues. International Journal of Com-
puter Applications, 90(11), 20-26. https://doi.org/10.5120/15764-
4454
[9] Zaragoza, M. G., Kim, H., & Lee, R. Y. Big Data and IoT for
U-healthcare Security (2018). Computer and Information Science,
719, 1-11. https://doi.org/10.1007/978-3-319-60170-0
[10] Tausif, M., Ferzund, J., Jabbar, S., & Shahzadi, R. (2017). To-
wards designing efficient lightweight ciphers for internet of things.
KSII Transactions on Internet and Information Systems, 11(8),
4006-4024. https://doi.org/10.3837/tiis.2017.08.014
[11] Usman, M., Ahmed, I., Aslam, M. I., Khan, S., & Shah, U. A.
(2017). SIT: A Lightweight Encryption Algorithm for Secure Inter-
net of Things, 8(1). https://doi.org/10.14569/IJACSA.2017.080151
[12] Kumar, M., Kumar, S., Budhiraja, R., Das, M. K., & Singh, S.
(2017). Lightweight Data Security Model for IoT Applications: A
Dynamic Key Approach. Proceedings - 2016 IEEE International
Conference on Internet of Things; IEEE Green Computing and
Communications; IEEE Cyber, Physical, and Social Computing;
IEEE Smart Data, iThings-GreenCom-CPSCom-Smart Data 2016,
(3), 424-428. https://doi.org/10.1109/iThings-GreenCom-CPSCom-
SmartData.2016.100
[13] Patil, J., Bansod, G., & Kant, K. S. "LiCi: A new ultra-lightweight
block cipher," in 2017 International Conference on Emerging
Trends & Innovation in ICT (ICEI), feb 2017, pp. 40-45.
[14] Das, R., & Das, I. (2017). Secure data transfer in IoT
environment: Adopting both cryptography and steganogra-
phy techniques. Proceedings - 2016 2nd IEEE Interna-
tional Conference on Research in Computational Intelli-
gence and Communication Networks, ICRCICN 2016, 296-301.
https://doi.org/10.1109/ICRCICN.2016.7813674
[15] Echandouri, B., Hanin, C., Omary, F., & Elbernoussi, S. (n.d.).
LCAHASH-MAC : A New lightweight Message Authentication code
Using Cellular Automata for RFID. nov 2017, pp. 287-298.
[16] Bapat, C., Baleri, G., B, S. I., & Nimkar, A. V. (2017). Smart-Lock
Security Re-engineered Using Cryptography and Steganography,
A Review of Data Security and Cryptographic Techniques in IoT based devices ICFNDS’18, June 26–27, 2018, Amman, Jordan

Security in Computing and Communications, 325-336.

[17] Jang, S., Lim, D., Kang, J., & Joe, I. (2016). An Efficient Device
Authentication Protocol Without Certification Authority for Inter-
net of Things. Wireless Personal Communications, 91(4), 1681-1695.
https://doi.org/10.1007/s11277-016-3355-0
[18] Aljawarneh, S., Yassein, M. B., & Talafha, W. A. (2017).
A resource-efficient encryption algorithm for multimedia big
data. Multimedia Tools and Applications, 76(21), 22703-22724.
https://doi.org/10.1007/s11042-016-4333-y
[19] Indrayani, R., Nugroho, H. A., Hidayat, R., & Pratama, I. (2017).
Increasing the security of MP3 steganography using AES Encryp-
tion and MD5 hash function. Proceedings - 2016 2nd International
Conference on Science and Technology-Computer, ICST 2016, 129-
132. https://doi.org/10.1109/ICSTC.2016.7877361
[20] V, M. B., Manimegalai, M., & Sinduja, V. (2013). Enhancement of
Image Security with New Methods of Cryptography and Steganog-
raphy, 9(9), 59-64.
[21] Patel, N., & Meena, S. (n.d.). LSB Based Image Steganography
Using Dynamic Key Cryptography. 2016 International Conference
on Emerging Trends in Communication Technologies (ETCT),
[22] Sarvabhatla, M., Chandra, M. R. M., & Vorugunti, C. S. (2015).
A secure and light weight authentication service in hadoop
using one time pad. Procedia Computer Science, 50, 81-86.
https://doi.org/10.1016/j.procs.2015.04.064