Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things

• URL: http://arxiv.org/abs/2510.22100v1
• Date: Sat, 25 Oct 2025 00:51:34 GMT
• Title: Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things
• Authors: Saif E. Nouma, Attila A. Yavuz,
• Abstract summary: Authenticated Encryption (AE) guarantees confidentiality, authenticity, and integrity, making it a vital security service for the Internet of Things (IoT)<n>Current AE standards lack essential features like key compromise resiliency and compact authentication tags.<n>We propose Graphene, a framework designed for the performance and security demands of low-end IoT infrastructures.
• Score: 1.3249299424572232
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The Internet of Things (IoT) relies heavily on resource-limited devices to communicate critical (e.g., military data) information under low-energy adversarial environments and low-latency wireless channels. Authenticated Encryption (AE) guarantees confidentiality, authenticity, and integrity, making it a vital security service for IoT. However, current deployed (lightweight) AE standards lack essential features like key compromise resiliency and compact authentication tags, as well as performance enhancements such as offline-online cryptography. To address these gaps, we propose Graphene, the first (to our knowledge) symmetric Forward-secure and Aggregate Authenticated Encryption (FAAE) framework designed for the performance and security demands of low-end IoT infrastructures. Graphene innovates by synergizing key evolution strategies and offline-online cryptographic processing with Universal Message Authentication Codes (UMACs) to guarantee breach-resiliency, near-optimal online latency, and compactness. We demonstrate Graphene efficiency through two distinct instantiations, each balancing unique performance trade-offs with extensibility for diverse MACs. Our experimental evaluation on commodity hardware and 32-bit ARM Cortex-M4 microcontroller shows Graphene significant performance gains over existing alternatives. Graphene is also backward compatible with standard-compliant cryptographic implementations. We release our implementation as open source for public testing and adaptation.

Related papers

• Developing and Evaluating Lightweight Cryptographic Algorithms for Secure Embedded Systems in IoT Devices [0.0]
  The study presents novel lightweight algorithms that are founded upon the Feistel-network architecture and their safety under cryptanalytic attacks.<n>The results have shown that lightweight cryptography is an effective strategy that could be used to establish security and maintain performance in the IoT.
  arXiv  Detail & Related papers  (2026-01-06T12:45:12Z)
• Diamond: Design and Implementation of Breach-Resilient Authenticated Encryption Framework For Internet of Things [1.1788684008907848]
  We introduce Diamond, the first provable secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework.<n>Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-of reduction in end-to-end latency.<n>Our evaluation across 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4, and 8-bit architectures confirms that Diamond consistently outperforms FAAE variants.
  arXiv  Detail & Related papers  (2026-01-01T14:14:06Z)
• LSEG: A Lightweight and Secure Key Exchange Protocol for Smart Grid Communication [0.9449650062296824]
  This paper proposes a lightweight authentication and secure key exchange protocol for smart grid environments.<n>Session communication is protected using ASCON128a, a lightweight, NIST-standardized, authenticated encryption algorithm.<n>Results show LSEG effectively balances security, efficiency, and compliance, making it a scalable solution for secure communication in smart grid infrastructures.
  arXiv  Detail & Related papers  (2025-11-10T19:01:55Z)
• Lightweight and High-Throughput Secure Logging for Internet of Things and Cold Cloud Continuum [2.156208381257605]
  We present Parallel Optimal Signatures for Secure Logging (POSLO), a novel digital signature framework.<n>POSLO offers constantsize signatures and public keys, near-optimal signing efficiency, and fine-to-coarse tunable verification for log auditing.<n>For example, POSLO can verify 231 log entries per second on a mid-range consumer GPU while being significantly more compact than state-of-the-art.
  arXiv  Detail & Related papers  (2025-06-10T13:26:36Z)
• PWC-MoE: Privacy-Aware Wireless Collaborative Mixture of Experts [59.5243730853157]
  Large language models (LLMs) hosted on cloud servers alleviate the computational and storage burdens on local devices but raise privacy concerns.<n>Small language models (SLMs) running locally enhance privacy but suffer from limited performance on complex tasks.<n>We propose a privacy-aware wireless collaborative mixture of experts (PWC-MoE) framework to balance computational cost, performance, and privacy protection under bandwidth constraints.
  arXiv  Detail & Related papers  (2025-05-13T16:27:07Z)
• Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
  This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.<n>We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.<n>This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
  arXiv  Detail & Related papers  (2025-04-22T09:40:05Z)
• Trusted Compute Units: A Framework for Chained Verifiable Computations [41.94295877935867]
  This paper introduces the Trusted Compute Unit (TCU), a unifying framework that enables composable and interoperable computations across heterogeneous technologies.<n>By enabling secure off-chain interactions without incurring on-chain confirmation delays or gas fees, TCUs significantly improve system performance and scalability.
  arXiv  Detail & Related papers  (2025-04-22T09:01:55Z)
• ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• FL-DABE-BC: A Privacy-Enhanced, Decentralized Authentication, and Secure Communication for Federated Learning Framework with Decentralized Attribute-Based Encryption and Blockchain for IoT Scenarios [0.0]
  This study proposes an advanced Learning (FL) framework designed to enhance data privacy and security in IoT environments. We integrate Decentralized Attribute-Based Encryption (DABE), Homomorphic Encryption (HE), Secure Multi-Party Computation (SMPC) and technology. Unlike traditional FL, our framework enables secure, decentralized authentication and encryption directly on IoT devices.
  arXiv  Detail & Related papers  (2024-10-26T19:30:53Z)
• Lightweight and Resilient Signatures for Cloud-Assisted Embedded IoT Systems [2.156208381257605]
  Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA) We create two novel digital signatures called Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA) They offer a nearoptimally efficient signing with small keys and signature sizes.
  arXiv  Detail & Related papers  (2024-09-20T22:43:47Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
  Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
  arXiv  Detail & Related papers  (2023-12-20T09:40:45Z)
• LiteQSign: Lightweight and Quantum-Safe Signatures for Heterogeneous IoT Applications [1.9185059111021852]
  Traditional digital signatures are infeasible for low-end devices with limited computational, memory, and energy resources.<n>LightQSign (LightQS) achieves near-optimal signature generation efficiency with only a small, constant number of hash operations per signing.<n>On an 8-bit microcontroller, it achieves up to 1.5-24x higher energy efficiency and 1.7-22x shorter signatures than PQ counterparts.
  arXiv  Detail & Related papers  (2023-11-30T16:20:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.