Face-off Between the CAESAR Lightweight Finalists: ACORN vs. Ascon

Farahmand, Farnoud; Abdulgadir, Abubakr; Kaps, Jens-Peter; Gaj, Kris

doi:10.1109/fpt.2018.00066

Cited by 14 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ACORN is constructed based on stream cipher that processes bit-by-bit; however, it processes 32 steps in parallel, which makes it faster in hardware and software platforms [130]. The encryption and authentication shares 293 bits state encrypted via 128 bits key, 128 bits nonce to generate a 128 bits tag.…”

Section: Stream Cipher-based Lightweight Authenticated Encryption (Scae)mentioning

confidence: 99%

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

AlJabri

Abawajy

Huda

2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Internet of Things (IoT) is a promising technology for creating smart environments, smart systems, and smart services. Since security is a fundamental requirement of IoT platforms, solutions that can provide both encryption and authenticity simultaneously have recently attracted much attention from academia and industry. This article analyses in detail state-of-the-art lightweight authenticated encryption (LAE) targeted to IoT systems. This work provides a thorough description of the algorithms, and the study systematically classifies them to facilitate understanding of relevant intricacies of the schemes. Among reviewed algorithms, there is a trade-off to retain design security, resources cost, and efficient performance. ACORN is the effective scheme on various platforms in terms of utilization of resources and power consumption, while MORUS and AES-CLOC are the fastest in hardware platforms. However, they are susceptible to misuse despite their resistance to side channel attacks. In contrast, JOLTICK, PRIMATESs, COLM, DeoxysII, OCB, and AES-JAMBU are provably resistant to nonce misuse. The challenges for possible future research are summarized. Overall, the article provides researchers and developers with practical guidance on various design aspects and limitations as well as open research challenges in the current lightweight authenticated encryption for IoT.

show abstract

Section: Stream Cipher-based Lightweight Authenticated Encryption (Scae)mentioning

confidence: 99%

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

AlJabri

Abawajy

Huda

2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Implementing one permutation round in one clock cycle requires 2.06k LUTs in a Spartan-6 device. Similarly, Ascon, by implementing one permutation per clock cycle, consumes 1.64k LUTs [23]. A bit-sliced technique has been used for the S-box implementation, and implementations have been done in the Spartan-6.…”

Section: Related Workmentioning

confidence: 99%

“…Since these implementations are similar (both are based on one round per clock cycle), Gimli outperforms because of its inherent structure. A lighter version (bit-sliced S-box) was implemented [23]. Although that design can reduce some hardware resources, TP and TP/A are 70% less, compared to the Gimli implementation.…”

Section: Comparisonmentioning

confidence: 99%

A Flexible Gimli Hardware Implementation in FPGA and Its Application to RFID Authentication Protocols

2021

View full text Add to dashboard Cite

Radio Frequency Identification (RFID) systems have bestowed numerous conveniences in a multitude of applications, but the underlying wireless communications architecture makes it vulnerable to several security threats. To mitigate these issues, various authentication protocols have been proposed. The literature accommodates comprehensive proposals and analysis of authentication protocols, but not many of them provide hardware implementations. In addition, there is diverse demand for hardware area and throughput (TP) requirements from RFID system components (tags, readers, database servers), which demand a flexible implementation strategy. This paper proposes a flexible implementation strategy for the lightweight authenticated encryption (AE) and hash function called Gimli, and applies it to a state-of-theart authentication protocol. This allows the authentication protocol to be implemented efficiently, wherein the area and TP can be adjusted flexibly according to the RFID system requirements. This implementation strategy is generic; it can be used to implement any other AE and hash functions. This strategy can also be applied to other authentication protocols that heavily use AE and hash functions. To provide a detailed analysis, the hardware are optimization techniques in each component of the RFID system for a state-ofthe-art authentication protocol are analyzed. When implemented with the most area-optimized versions, we achieve TP of 740 Mbps and 420 Mbps for Gimli hash and Gimli AE, respectively, and for throughputoriented implementation, the results are 3.08 Gbps and 1.43 Gbps, respectively. This shows that the proposed implementation strategies allow us to implement authentication protocols in a flexible manner to meet the differing requirements in TP and area for RFID applications.

show abstract

“…This meant the authenticated ciphers had to exhibit improved performance on resource-constrained devices while being able to exhibit resistance to side channel attacks. This kind of attack is often used to target cryptographic implementations on resource-constrained IoT devices deployed in remote locations with little to no physical protection [21]. Thus, in addition to being efficient, authenticated ciphers are also expected to be resistant to such attacks.…”

Section: Acornmentioning

confidence: 99%

Security and Performance in IoT: A Balancing Act

et al. 2020

View full text Add to dashboard Cite

With predictions suggesting there will be 18 billion Internet of Things (IoT) devices live by 2022, performance of these low powered devices, as well as security is of utmost importance. Managing security and performance is a balancing act. Achieving this balance will always continue to be a challenge. This research presents two main contributions to this area. The first contribution is a framework to measure cryptographic performance of IoT devices. The areas of measurement are power consumption, time cost, energy cost, random access memory (RAM) usage and flash usage. The second contribution is an insightful comparison of the performance of the ATmega328, STM32F103C8T6 and ESP8266 low powered microcontroller devices. Experiments were conducted on these devices running various cryptographic operations. The measured operations are from three encryption algorithms: Advanced Encryption Standard (AES), ChaCha and Acorn. The proposed methods from this research are real-world in nature rather than simulated, and can be used by others wishing to conduct their own IoT performance testing. The results show that the ATmega328 has the lowest overall power consumption. The ESP8266 was generally the fastest performing device. ChaCha outperformed AES in both time cost and energy cost. Both algorithms outperformed Acorn in these metrics. The STM32F103C8T6 device displayed the best overall energy cost, while still performing well in terms of time. The results from the experiments conducted in this study can be used by network designers, developers and others to make appropriate decisions in IoT deployments with regards to balancing performance and security.

show abstract

Face-off Between the CAESAR Lightweight Finalists: ACORN vs. Ascon

Cited by 14 publications

References 7 publications

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

A Flexible Gimli Hardware Implementation in FPGA and Its Application to RFID Authentication Protocols

Security and Performance in IoT: A Balancing Act

Contact Info

Product

Resources

About