Data Security Collection with LEA Cipher for Iot-Based Monitoring

EasyChair Preprint № 1421

Data Security Collection With LEA Cipher For IoT-Based Monitoring

Xuelan Yang and Tao Hai

EasyChair preprints are intended for rapid dissemination of research results and are integrated with the rest of EasyChair.

August 25, 2019 Data Security Collection With LEA Cipher For IoT- Based Monitoring

1 2 Xuelan Yang , Tao Hai

1 Baoji University of Art and Science, Shaanxi, China 2 Baoji University of Art and Science, Shaanxi, China

Abstract. There are tremendous security concerns with patient health monitoring sensors in Internet of Things (IoT). The concerns are also realized by recent sophisticated security and privacy attacks, including data breaching, data integrity, and data collusion. Conventional solutions often offer security to patients health monitoring data during the communication. However, they often fail to deal with complicated attacks at the time of data conversion into cipher and after the cipher transmission. In this paper, we first study privacy and security concerns with health-care data acquisition and then transmission. Then, we propose a secure data collection scheme for IoT-based healthcare system named SecureData with the aim to tackle security concerns similar to the above. SecureData scheme is composed of four layers: 1) IoT network sensors/devices; 2) Fog layers; 3) cloud computing layer; and 4) healthcare provider layer. We mainly contribute to the first three layers. For the first two layers, SecureData includes two techniques: 1) light-weight field programmable gate array (FPGA) hardware-based cipher algorithm and 2) secret cipher share algorithm. We study KATAN algorithm and we implement and optimize it on the FPGA hardware platform, while we use the idea of secret cipher sharing technique to protect patients’ data privacy. At the cloud computing layer, we apply a distributed database technique that includes a number of cloud data servers to guarantee patients’ personal data privacy at the cloud computing layer. The performance of SecureData is validated through simulations with FPGA in terms of hard-ware frequency rate, energy cost, and computation time of all the algorithms and the results show that SecureData can be efficent when applying for protecting security risks in IoT-based healthcare. Keywords: Data collection, hardware-based security, healthcare, Internet of Things (IoT), privacy, secret cipher, threats.

1 Introduction

INTERNET of Things (IoT) consists of automatically and grated in machines and physical objects. IoT technologies lead our life to interact with the sensors/devices 2 of the world and leverages collected smart data from them to facilitates our life so easy and convenience [1]–[5]. These technologies have now been known as an example of a smart cyber-physical systems, which also incorporate technologies of many related emerging systems, including smart energy and grids, smart power plants, smart home monitoring, smart cities, and smart healthcare system [6]–[8]. In smart healthcare applications, IoT sensors/devices are introduced to patients in aspects. The patients’ health infor-mation (data) are collected from ECG, fetal monitors, temperature, or blood glucose levels and safety of this data is crucial regarding patients’ lives. Computer science and IoT community, and healthcare providers have been struggling secure each and every sensor/device in the IoT network with the integrity of its data. Though the safety and comfort of patients’ everyday health relies on this data collection, the safety of the data is greatly affected by cyber threats/attacks. In addition, patients’ privacy sensitive data can also be affected. Conventional solutions often offer security to patients’ health monitoring data during the communication. However, they often fail to deal with complicated attacks at the time of data conversion into cipher and after the cipher transmission. Ransomware, DDoS attacks, insider, e-mail compromise, and fraud scams are com-mon types of attacks in healthcare [9]. Besides, there are types of attacks that are very related to communication, including eavesdropping, impersonation, data integrity, data breach, collusion, and so on. Particularly, these threats/attacks bring new challenges, for example, data can be compromised during the data communication [1], by which patients ’ personal data can be revealed.

Circumstances similar to the above prevent the conscious-ness of patients ’ healthcare in IoT future, when these situations are not handled timely and properly. Though there exist various security protocols to protect data from the threats/attacks, including encryption and authentication algorithms, MAC algorithms, public-key cryptosystems, k-anonymity, and so on [10]–[16]. They also have different limitations in terms of processor performance (frequency), energy cost, computation cost, etc., when applying them in IoT-based healthcare. Though many existing work provide security to patients ’ data privacy over communication, they may not protect the dataonce a cloud server is negotiated, especially when a cloud 81 server is under attacks by the insider or cloud provider. The IoT paradigm still requires efﬁcient solutions to protect patient data against cyber threats/attacks throughout the way from the IoT sensors toward the healthcare provider.

In this paper, we envisage to contribute to the protection of IoT-based healthcare data. At ﬁ rst, we study the privacy and security concerns with healthcare data acquisition and transmission. Then, we present a secure data collection scheme for IoT-based healthcare system named SecureData with the aim to tackle security concerns like the above. As shown in Fig. 1, SecureData 3 scheme is composed of four layers: 1) IoT network sensors/devices layer; 2) Fog layer; 3) cloud computing layer; and 4) healthcare service provider.

We mainly contribute to the first three layers. For the first two layers, SecureData includes two techniques: 1) lightweight fi eld programmable gate array (FPGA) hardware-based cipher algorithm and 2) secret cipher share algorithm. That is, for the fi rst two layers, SecureData includes two techniques: 1) light-weight FPGA hardware-based KATAN ciphers for secured communication and 2) secret cipher share algorithm. For the KATAN ciphers, we study KATAN algorithm as one representative encryption algorithm of block ciphers [17]and we optimize it on the FPGA hardware platform. In the secret cipher sharing, a whole cipher is broken into a number of shares at the Fog computing layer. The shares are 106 sent through secure communication separately toward the cloud. We apply the Slepian – Wolf coding-based secret sharing (SW-SCSS) in SecureData. Share repairing is used in case of data loss or compromise for patients ’ data privacy. At the cloud computing layer, SecureData include a number of cloud data servers [18], [19] to guarantee patients’ personal data privacy.

Our contributions in this paper are fourfold.

1) We ﬁrst investigate security challenges with data collection and then propose a secured data collection scheme for IoT-based healthcare called SecureData.

2) For data collection with security, we present KATAN secret cipher algorithm that is implemented and optimized on the FPGA hardware platform.

3) For data collection with privacy, we apply a new idea of secret cipher share with share repairing and share reconstruction at the cloud computing layer.

4) The performance of SecureData is validated through simulations of both KATAN secret cipher algorithm and 125 secret cipher share algorithm in terms of hardware frequency rate, energy cost, and computation time of all the 127 algorithms. The results show that SecureData can beefﬁcient to the security and privacy of patients’ data in 128 IoT-based healthcare.

This paper is organized as follows. First, we describe the security challenges and threat models. Then, we present the design of the SecureData scheme. Next, we present the KATAN secret cipher algorithm. Next, we propose the SW-SCSS algorithm. Then, we give the implementation and evaluation. Finally, we offer the conclusion of this paper with future work. 4

2 Security Challenges and Threat Models For IoT-based Water Quality Monitoring

In this section, we discuss challenges to data security in IoT-based Water Quality Monitoring and security threat models.

2.1 Security Challenges in IoT-based Water Quality Monitoring

Over these years, sensor technologies and cloud computing technologies are rapidly industrialized with many facilities, services, and applications incorporating the technologies into our daily life such as water quality monitoring system. In smart IoT-based water quality monitoring system applications, the wireless sensing devices collect and incorporate data on water quality and relay the data to a personal wireless IoT device. For instance, water quality data includes pH, tubidity, dissolved oxygen or active microorganism levels. Similarly, in Fig. 2, we provide a Fog layer node to store the access logs data each day of the water. Those logs` data is clearly privacy-sensitive data. The Fog layer can utilize the Fog nodes to mitigate a tremendous amount of loads on the water quality monitoring`s Web logs data storage, data management, and data communication while being able to protect the privacy of the data. The data is then transferred to data storage for the judgement of water quality. Nonetheless, a good amount of data transmitted by IoT sensor system is sensitive data. As a result, the sensitive data collection is subject to performance of the security and privacy algorithms and protocols. Regarding a cloud computing environment for water monitoring, there are many secure algorithms/protocols to safeguard water quality information. Current schemes offer general security architectures and protocols, however, they still have various weakness and are limited to ensure security and privacy to water data. Computer science and IoT community, and providers of water quality monitoring have been struggling to provide protection to each and every sensor/device in the IoT network with the integrity. Though the safety of water relies on this data collection [1], the protection of the data is greatly affected by cyber threats/attacks. Ransomware, DDos attacks, insider, e-mail compromise, and fraud scams are common types of attacks in water quality monitoring [2],[3]. Besides, there are types of attack that are very related to communication, including impersonation, data integrity, data breaches, collusion, and so on. Particularly, these threats/attacks bring new challenges, for example, data can be compromised during data communication [4], by which water quality data can be revealed.

2.2 Threat Models

We assume a few sophisticated threats in this paper. The security and privacy 5 threat models for IoT-based water quality monitoring applications with monitoring sensor devices are briefly discussed as follows.

1)Colllusion Attacks: There are a plenty of existing work on security protocols [4], [5], [6], [7], [8]. In these protocols, every IoT networked sensor/device or leader is assumed to be honest. They use numerous security techniques such as authentication, hardware-baased ciphers, and authorization for secure communications. But there can be severe concerns with many of these protocols: data leakage due to some complex cyber-attacks, including collusion attack. It is a kind of attacks that may bring signiﬁcant privacy risks when IoT monitoring sensor/device purposely maintains connections with an outsider. Such an outsider may be negotiated by an attacker who can earn required information from the monitoring system. The most important issue is that it is tough to detect such the outsider as the negotiated IoT sensor/device looks working well, transmitting data, and making decision correctly [8].

2) Eavesdropping: It is a kind of threats that bring security risks to the water`s quality monitoring data privacy. It involves sniffing important monitoring data transmitted by the IoT sensor/device, which results in the privacy risks in communication. Suppose that an IoT sensor/device transmit unencrypted monitoring data toward the neighboring or upstream nodes. An attacker might eavesdrop the monitoring data by sniffing it by means of a sniffing software tool. Any eavesdropper might use a super receiver antenna like sniffers to capture the water`s monitoring data.

3) Impersonation: An attacker plays the duty of somebody that IoT sensor/device is possible to trust the attacker or the attacker makes you convince adequately in order to trick you into permitting access to the monitoring data, database, and the IoT networked resources.

4) Water`s Data Leakage and Destruction: Water quality monitoring data leakage is simply an unauthorized access or transmission of monitoring data from the monitoring system to an external destination. Unintentional or inadvertent data leakage is also unauthorized. 6

Based on the discussion above, secured data collection deals with both the outside attack and the inside attack. For these we consider two kinds of protections: 1) hardware-based LEA secret cipher and 2) secret cipher sharing. The attackers may not be able to compromise the LEA cipher. However, they may get the water`s monitoring data from other way such as compromising the cloud server. In this case, secret cipher sharing algorithm can be useful. Therefore, this may become difficult for attackers to compromise data after facing two types of security in DataProtect.

3 DESIGN OF DATAPROTECT

In this section, we present the proposed DATAPROTECT for data security and privacy in IoT-based water quality monitoring.Besides, there is comparison between the algorithm of KATAN and LEA.

3.1 Four layers

Secret Share Generation Gateway

LEA Cipher Secret Reconst

Threat

Fig.2. DataProtect scheme designed for water quality monitoring

As shown in Fig. 2, DataProtect scheme has four layers as follows. 1) IoT Networked Sensors/Devices Layer: This layer is composed of numerous monitoring sensor/devices and other networked devices. To keep all the collected data from these devices secure, especially when the data is being exchanged with other sensors/devices and forwarded to the upper layer, we offer a lightweight LEA secret cipher algorithm in this layer for secure transmission of water`s monitoring data.

2) Fog Computing Layer: The water monitoring sensors/devices then transfer the water`s monitoring data toward a cloud data server, through this Fog computing layer. The cloud computing has limitation for applications requiring high privacy 7 of data, particularly, in water monitoring settings. This limitation can be mitigated in the Fog computing paradigm. Like the cloud computing, but Fog layer is in direct reach of edge network. Offering the cloud service directly where the data is generated at the IoT network edge, which is often viewed as a “descendent cloud.” Although a Fog computing node is at the edge, this reduces latency and induces network efficiency. It minimizes the cloud burden by minimizing data exchange with the cloud thus utilizing the IoT network bandwidth. Being at the edge Fog network, we may also offer better data security and privacy. In this paper, Fog is a crucial issue that requires to produce secret cipher shares and distribute the secret cipher shares to different cloud servers.

3) A Cloud Computing Layer: This layer stores and summarizes water`s monitoring data from the secret cipher shares that are sent by the IoT sensors/devices through the Fog computing layer. This layer also offers query services to various water`s monitoring data users, including monitoring service providers. In DataProtect, this layer particularly helps to perform the secret cipher share reconstruction. The Fog layer breaks a cipher into multiple pieces cipher shares for privacy issue. Cloud computing layer helps to process them and combine them.

4) A Provider of water quality monitoring: In the water monitoring service provider layer, a provider gets water`s information in a combined form and in a meaningful way, which was sent in a form of cipher shares through the Fog computing layer. A provider should have access to the water`s data to monitor water quality.

In this paper, we emphasize on the first three layers of DataProtec, as shown in Fig. 2. We arrange a lightweight LEA secret cipher at IoT network layer to offer secure communication, and a secret cipher share at the Fog computing layer to offer privacy. In the cloud computing layer of DataProtect, we put the water`s monitoring data in a distributed data storage environment that is composed of a number of cloud servers. We supposed that a cloud server may be negotiated, especially when a cloud server is under attack by the insider or the cloud provider, water`s monitoring information can be revealed by attackers.

3.2 Lightweight Encryption Algorithm (LEA)

Lightweight ciphers are crucial for secure data communication in resource-limited IoT sensors/devices. Attempting to implement lightweight ciphers in hardware in water quality monitoring sensor networks, Lightweight Encryption Algorithm (LEA) [9]is the more suitable for this networks. LEA, a new lightweight block cipher, is a software-oriented lightweightness for resource-constrained small devices. It has three key sizes of 128, 192, or 256 bit and a 128-bit block size and just uses simple operations like addition, rotation and XOR(ARX). LEA has a small code size and consumes low power [10, 11], further, it is secure against all 8 the existing attacks [12-19].

3.2.1 Specifications of LEA

LEA is a block cipher of 128-bit block size. The key sizes are 128, 192 and 256 bits and the number of the rounds are 24, 28, and 32 respectively. The process of LEA consists of key scheduling, encryption and decryption. The following tables presents the notations of key scheduling and encryption [27].

Table 1. Key schedule for LEA Input: master key K, constants Output: round key RK 1.T[0] = K[0], T[1] = K[1], T[2] = K[2], T[3] = K[3]. 2. for i = 0 to 23 3. T[0] = ROL1(T[0] + ROLi(delta [i mod 4]) 4. T[1] = ROL3(T[1] + ROLi + 1(delta [i mod 4]) 5. T[2] = ROL6(T[2] + ROLi + 2(delta [i mod 4]) 6. T[3] = ROL11(T[3] + ROLi + 3(delta[i mod 4]) 7. RKi = (T[0], T[1], T[2], T[1], T[3], T[1]) 8. end for 9. return RK

Table 2. Encryption for LEA Input: plaintext P, round key RK Output: ciphertext C

1. X0[0] = P[0], X0[1] = P[1], X0[2] = P[2], X0[3] = P[3]. 2. for i = 0 to 23 3. Xi + 1[0] = ROL9(Xi[0] ⊕ RKi[0]) + (Xi[1] ⊕ RKi[1]) 4. Xi + 1[1] = ROR5(Xi[1] ⊕ RKi[2]) + (Xi[2] ⊕ RKi[3]) 5. Xi + 1[2] = ROR3(Xi[2] ⊕ RKi[4]) + (Xi[3] ⊕ RKi[5]) 6. Xi + 1[3] = Xi[0] 7. end for 8. C[0] = X24[0], C[1] = X24[1], C[2] = X24[2], C[3] = X24[3]. 9. return C 9

1) Key Schedule As it shows in Table 2 key scheduling generates a sequence of round keys RKi. It uses several constants that are defined as the following: delta0=c3efe9db, delta1=44626b02, delta2=79e27c8a, delta3=78df30ec, delta4=715ea49e, delta5=c785da0a, delta6=e04ef22a, delta7=e5c40957 [47]. The constants are generated from the hexadecimal expression of the square root of 766,995 where 76, 69, and 95 are ASCII codes for “L”, “E”, and “A”[28]. 2) Encryption/Decryption The LEA has different number of rounds based on the key size. The 24 rounds for 128-bit keys, 28 rounds for 192-bit keys, and 32 rounds for 256-bit keys. The round keys encrypt a 128-bit plaintext P = (P[0], P[1], P[2], P[3]) generating a 128-bit ciphertext C = (C[0], C[1], C[2], C[3]). The decryption process is basically the inverse of the encryption process.

3.3 LEA VS KATAN

A. Overview LEA is a new lightweight block cipher announced by the Electronics and Telecommunications Research Institute in Korea [9]. Because it has a small code size and consume low power, LEA is very efficient for limited-resource small devices [10]. Besides, It has a fast encryption on microprocessor since it operates just three operations, the addition, rotation and XOR(ARX) [10, 20].

B. LEA v/s KATAN ciphers KATAN algorithm, proposed in [21], is hardware-oriented light block ciphers. It supports 32-, 48- and 64- bit block size. All of the KATAN ciphers have 80-bit key. KATAN is crucial for secure communication for resource-constrained devices [22]. Here is the comparison between these two lightweight ciphers, LEA and KATAN.

1)Attacks The attack resistance ability of LEA`s is stronger than KATAN`s [9]. KATAN have been revealed to be vulnerable to chosen-IV attacks and chosen message attacks [9]. On the other hand, LEA can be against existing attacks such as Differential [12], Differential-Linear [13], Truncated Differential [14], Impossible Differential [15], Lineal [16], Integral [17], Boomerang [18] and Zero Correlation [19].

2)Size KATAN algorithm offers a 80-bit key and three block sizes: 32-, 48- and 64-bits. LEA has three sizes of 128, 192, 256 bits and a 128-bit block size. Increasing the block size by 50% increases resources by 53%, so LEA can deal with more data than KATAN [23]. 10

3)Rounds Incremental rounds impact the maximum frequency and increase power by 38% and energy will decrease[24, 25]. KATAN algorithm comprises of 254 rounds. Unlike KATAN, LEA-128/192/256 bits iterates in 24/28/32 rounds respectively. all of above means LEA consumes low power and saves more energy.

4)Structure LEA is more safety than KATAN in terms of structure. All the ciphers in the KATAN family share the key schedule(80-bit key,254 rounds), use the same nonlinear functions[21]. Although LEA use the same round-function, key scheduling algorithms are different, which means it`s impossible to carry out different hardware implementations using the same logic for key scheduling [9].

5)Energy Energy per bit is a key performance metric for the cipher implementations [11] and high energy consumption results in shorter battery lifetime, which in some cases is inconvenient to replace or recharge [25]. KATAN, using a large number of small logic rounds, is not energy-efficient and it consumes high energy per bit. Whereas LEA with consuming low power is efficient for limited-resource devices/sensors.

C.Conclusion Comparison between KATAN and LEA shows LEA is the more suitable for our network environment, where the devices/sensors used have limited memory space and small processing power are very small than KATAN cipher. To be clearer, table 1 is helpful.

Table 1. comparison between KATAN and LEA algorithm

Algorithms Attacks Size rounds Structure

KATAN [13] Vulnerable: chosen-IV Key size(bits): 254 Same key schedule(80- attacks 、 chosen message 80 bit key,254 rounds) and attacks [9] Block size (bits): the same 32,48,64 nonlinear functions [21] 11

LEA [1] Against all existing attacks: Key size(bits): 24,28,32 same Differential [12], 128,192,256 round Differential-Linear [13], Block size (bits): -function, Truncated Differential [14], 128 Different key scheduling Impossible Differential [15], Algorithms [9] Lineal [16], Integral [17], Boomerang [18] and Zero Correlation [19]

3.4 SECRET CIPHER SHARE AND EXACT SHARE REPAIR

In the previous section, we have LEA secret cipher for secure message transmission. In this section, we study the secret cipher share generation algorithm to ensure the privacy of the secured message during communication. We name it as“secret cipher share.” First, we overview the secret cipher share and then describe the algorithm.

A. Secret Cipher Share Overview

While transferring the LEA secret cipher to the cloud servers, to provide protection to water’s quality monitoring data against potential security risks at the cloud, we apply secret cipher sharing scheme at the Fog layer. Previously, secret data sharing algorithms have been in distributed systems [29], [30]. We use the secret cipher sharing algorithm distributing a cipher secret into a group of cloud servers, which are transmitted from the Fog layer. A cipher is broken into a number of secret ciphers. Each cloud server may have a share of the secret ciphers. All of the secret ciphers are required to be reconstructed before a water service provider can see it. When an adequate number of secret cipher shares are merged together, the whole original cipher can be reconstructed. Each secret cipher share alone does not convey any meaningful information. In the Fog layer, water’s quality data collected from IoT sensor/devices increase dramatically. Managing this data at the Fog node is tough when this is big data. As a result, we use a cloud storage to store water’s quality data. To offer the protection to the water’s quality monitoring data, a cipher secret sharing scheme is interesting.

B. Main Concept and Protection to the Privacy of Secret Cipher

The main concept of the secret cipher share algorithm is, one original (or whole) secret cipher can be broken down in a number of cipher shares and distributing them into a number of cloud servers at the cloud computing layer, where each server is the recipient of one cipher share of the original secret cipher. Such a system is called a (n, m)-threshold system of secret cipher shares. In this system, any value of m or extra cipher shares are utilized so as to combine all of broken 12 shares of cipher. It was invented independently by Shamir and Blakley in 1979 [31], [29], [30]. However, according to the original secret sharing system, the secret cipher share size should be as identical as the secret cipher size. In solving this limitation, cipher share sizes of Shamir and Blakley’s secret cipher share scheme need to be improved. Later, the Ramp secret share algorithm has been suggested in [31], [29], and [30] that offer a share size can be of 1/m of the original secret cipher size. Here, m is the amount of secret block ciphers, which are parts of the original secret cipher S. Though the schemes gain average computation cost, they do not provide a share repair feature. This is highly possible that a share can be lost or compromised by the attacker or other reasons, as modeled in Section II. If the lost share is not possible to recover, important patients’ data may be lost. To facilitate share repair feature, XOR network coding is used to the secret cipher sharing schemes [32], [33]. However, when using XOR network coding, two problems appear in network coding-based secret cipher sharing scheme. The first problem is that the secret cipher share size is greater than before, instead of lesser than before. The second problem is that the new restored secret cipher shares are not as the identical as the initial com-promised cipher shares. As a result, this scheme is still not useful.

C. New Secret Cipher Share

In the DataProtect, we present a new secret cipher sharing algorithm using the Slepian–Wolf coding (SWC) [34]. The algorithm can offer the secret share size that is optimal. It applies the idea of binning method for the coding. There exist many schemes of the SWC [30], [35]. Proposed algorithm offers the exact-share repair feature. Importantly, the share sizes stay constant no matter whether or not they are compromised. Suppose that a secret share gets lost otherwise compromised, then a fresh cipher share can be produced, which can be precisely as identical as the whole/original one. The efficiency of the proposed algorithm may increase when decreasing the size of secret share, the storage, and also the cost of communication for the secret cipher share. Note that inspecting all compromised secrete cipher share is not the focus of this paper. Nevertheless, there are other solutions including homomorphic signature that may be utilized to cover the focus [7], [30]. In DataProtect, the cipher secret share size is decreased mostly in contrast to that of coding-based secret cipher share algorithm for the XOR network. Meanwhile, we are yet to preserve all the advantages. 1) Reconstructions of the secret cipher shares are made through the XOR network for achieving fast computation cost. 2) The exact cipher share repair is managed, which is the same as the original one. This improved version utilizes another network coding scheme called the SWC. SWC is usually applied in data compression application. Moreover, the reduction on the size of the secret cipher share may lead to a decreased cost of communication in the Fog layer also in the cloud servers. Therefore, this secret 13 cipher share repair feature helps to recover whole/original secret cipher shares. It just makes the scheme consistent with the LEA secret cipher state.

4 Typesetting of Your Paper at Springer

In the previous sections, we provided how to produce hardware-based light-weight secret ciphers and secret cipher share generation. In this section, we provide performance and security analysis with SecureData, though the aim in this paper is to justify computation (frequency), resources usage, and energy usage of the hardware-based light-weight secret ciphers and secret cipher share generation. We present SecureData for secure data collection in IoT-based healthcare system, as healthcare devices are highly vulnerable to security attacks. Particularly, in the IoT network sensors/devices layer of SecureData, attacks are made through communication, i.e., when data is transmitted from IoT network sensors/devices to the upstream location. Attackers can compromise the devices or overhear the communication and try to construct the original cipher using cipher generation algorithm. We think to integrate hardware-based secret ciphers, instead of directly using the cipher generation algorithm. We used a modified KATAN secret cipher algorithm which instruments registers and functions in the IoT devices’ (sensors) hardware, as shown in Figs. 4 and 5. We have set control logic to coordinate the activities registers and functions. This also manages communication with the outside system. Encryption operation of a given message plaintext is initiated when the declaration of start signal made. Then, the message plaintext can be loaded into registers and can trigger. However, attackers want to compromise the data KATAN secret cipher. To compromise, they first need to learn information and configuration of the functions, registers, and the logic control configuration between them as well as the secret key generation, including different parameters including, block size and variable key. Thus, SecureData is designed to provide secure communication in between the first two layers.

5 Conclusion

In this paper, we have investigated challenges with data collection in IoT-based healthcare applications and proposed a new data collection scheme called SecureData to provide data security and preserve the privacy of the patients’ personal data. For the secure communication, we present KATAN secret cipher algorithm and implement and optimize it on the FPGA hardware platform. For the privacy of the KATAN cipher, we apply secret cipher sharing and share repairing. The performance analysis shows that the SecureData scheme can be efﬁcient in terms of frequency, cost of energy, and overall computation cost when to apply against attacks. Our future work includes the detailed implementation of the 14 algorithms with various metrics and investigate the protection performance of the algorithms under threats/attacks when to apply to particular applications.

References

[1]Wang, T., Li, Y., Wang, G., Cao, J., Bhuiyan, M. Z. A., & Jia, W. (2017). Sustainable and efficient data collection from WSNs to cloud. IEEE Transactions on Sustainable Computing. [2]Li, J., Zhang, Y., Chen, X., & Xiang, Y. (2018). Secure attribute-based data sharing for resource-limited users in cloud computing. Computers & Security, 72, 1-12. [3]Huang, Z., Liu, S., Mao, X., Chen, K., & Li, J. (2017). Insight of the protection for data security under selective opening attacks. Information Sciences, 412, 223-241. [4]Karati, A., Islam, S. H., Biswas, G. P., Bhuiyan, M. Z. A., Vijayakumar, P., & Karuppiah, M. (2017). Provably secure identity-based signcryption scheme for crowdsourced industrial Internet of Things environments. IEEE Internet of Things Journal, 5(4), 2904-2914. [5]Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117-123. [6]Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., & Wong, D. S. (2015). L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing. Knowledge-Based Systems, 79, 18-26. [7]Lin, Q., Li, J., Huang, Z., Chen, W., & Shen, J. (2018). A short linearly homomorphic proxy signature scheme. IEEE Access, 6, 12966-12972. [8]Bhuiyan, M. Z. A., & Wu, J. (2016, August). Collusion attack detection in networked systems. In 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech) (pp. 286-293). IEEE. [9]Efficient Hardware Implementation of the Lightweight Block Encryption Algorithm LEA [10]Implementation of Energy Efficient/Lightweight Encryption Algorithm for Wireless Body Area Networks [11]A Review of Lightweight Block Ciphers [12]E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES: Springer, 1993. [13]Enhancing differential-linear cryptanalysis [14]Truncated and higher order differentials [15]Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials [16]Linear cryptanalysis method for DES cipher [17]Integral cryptanalysis [18]The boomerang attack [19]Zero correlation linear cryptanalysis with reduced data complexity [20]Android API-based voice recording system in emergency situations [21]KATAN and KTANTAN-A family of small and Efficient Hardware-Oriented Block 15

Ciphers [22]Secured Data Collection With Hardware-Based Ciphers for IoT-Based Healthcare [23]Hardware design and modeling of lightweight block ciphers for secure communications [24]Hardware design and modeling of lightweight block ciphers for secure communications [25]Optimization and Modeling of FPGA Implementation of the Katan Cipher [26]A survey on lightweight block ciphers for low-resource devices-Comparative study and open issues [27]Seo, H., & Kim, H. (2014). Low-power encryption algorithm block cipher in JavaScript. Journal of information and communication convergence engineering, 12(4), 252-256. [28]Lee, D., Kim, D. C., Kwon, D., & Kim, H. (2014). Efficient hardware implementation of the lightweight block encryption algorithm LEA. Sensors, 14(1), 975-994. [29]Aragues, A., Escayola, J., Martínez, I., Del Valle, P., Muñoz, P., Trigo, J. D., & García, J. (2011). Trends and challenges of the emerging technologies toward interoperability and standardization in e-health communications. IEEE Communications Magazine, 49(11), 182-188. [30]Hsieh, M. H., & Watanabe, S. (2016). Channel simulation and coded source compression. IEEE Transactions on Information Theory, 62(11), 6609-6619. [31]Li, J., Chen, X., Li, M., Li, J., Lee, P. P., & Lou, W. (2013). Secure deduplication with efficient and reliable convergent key management. IEEE transactions on parallel and distributed systems, 25(6), 1615-1625. [32]Cai, N., & Yeung, R. W. (2002, June). Secure network coding. In Proceedings IEEE International Symposium on Information Theory, (p. 323). IEEE. [33]Kalantari, A., Zheng, G., Gao, Z., Han, Z., & Ottersten, B. (2015). Secrecy analysis on network coding in bidirectional multibeam satellite communications. IEEE Transactions on Information Forensics and Security, 10(9), 1862-1874. [34]Slepian, D., & Wolf, J. (1973). Noiseless coding of correlated information sources. IEEE Transactions on information Theory, 19(4), 471-480. [35]Hayashi, M., & Matsumoto, R. (2016). Secure multiplex coding with dependent and non-uniform multiple messages. IEEE Transactions on Information Theory, 62(5), 2355- 2409.