Diamond: Design and Implementation of Breach-Resilient Authenticated Encryption Framework For Internet of Things

• URL: http://arxiv.org/abs/2601.00353v1
• Date: Thu, 01 Jan 2026 14:14:06 GMT
• Title: Diamond: Design and Implementation of Breach-Resilient Authenticated Encryption Framework For Internet of Things
• Authors: Saif E. Nouma, Gokhan Mumcu, Attila A. Yavuz,
• Abstract summary: We introduce Diamond, the first provable secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework.<n>Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-of reduction in end-to-end latency.<n>Our evaluation across 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4, and 8-bit architectures confirms that Diamond consistently outperforms FAAE variants.
• Score: 1.1788684008907848
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Resource-constrained Internet of Things (IoT) devices, from medical implants to small drones, must transmit sensitive telemetry under adversarial wireless channels while operating under stringent computing and energy budgets. Authenticated Encryption (AE) is essential for ensuring confidentiality, integrity, and authenticity. However, existing lightweight AE standards lack forward-security guarantees, compact tag aggregation, and offline-online (OO) optimizations required for modern high-throughput IoT pipelines. We introduce Diamond, the first provable secure Forward-secure and Aggregate Authenticated Encryption (FAAE) framework that extends and generalizes prior FAAE constructions through a lightweight key evolution mechanism, an OO-optimized computation pipeline, and a set of performance-tiered instantiations tailored to heterogeneous IoT platforms. Diamond substantially reduces amortized offline preprocessing (up to 47%) and achieves up to an order-ofmagnitude reduction in end-to-end latency for large telemetry batches. Our comprehensive evaluation across 64-bit ARM Cortex-A72, 32-bit ARM Cortex-M4, and 8-bit AVR architectures confirms that Diamond consistently outperforms baseline FAAE variants and NIST lightweight AE candidates across authenticated encryption throughput and end-to-end verification latency while maintaining compact tag aggregation and strong breach resilience. We formally prove the security of Diamond and provide two concrete instantiations optimized for compliance and high efficiency. Our open-source release enables reproducibility and seamless integration into IoT platforms.

Related papers

• Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC Under Channel Uncertainty [36.06255760148067]
  Integrated sensing and communication (ISAC) systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication.<n>This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel state information (CSI) and in the presence of unknown eavesdropper (Eve) locations.
  arXiv  Detail & Related papers  (2026-03-05T11:20:27Z)
• Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol With Over-the-Air Enrollment [22.842391212425184]
  Internet of Drones (IoD) is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication.<n>Access control and the transmission of sensitive data pose significant security challenges for IoD systems.<n>We propose a lightweight mutual authentication mechanism that integrates Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technologies for secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication.
  arXiv  Detail & Related papers  (2025-12-26T02:04:24Z)
• Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things [1.3249299424572232]
  Authenticated Encryption (AE) guarantees confidentiality, authenticity, and integrity, making it a vital security service for the Internet of Things (IoT)<n>Current AE standards lack essential features like key compromise resiliency and compact authentication tags.<n>We propose Graphene, a framework designed for the performance and security demands of low-end IoT infrastructures.
  arXiv  Detail & Related papers  (2025-10-25T00:51:34Z)
• Towards Reliable Service Provisioning for Dynamic UAV Clusters in Low-Altitude Economy Networks [48.73244147035607]
  Unmanned Aerial Vehicle (UAV) cluster services are crucial for promoting the low-altitude economy by enabling scalable, flexible, and adaptive aerial networks.<n>We propose a Lightweight and Privacy-Preserving Cluster Authentication and Session Key Update (LP2-CA) scheme for dynamic UAV clusters in low-altitude economy networks.
  arXiv  Detail & Related papers  (2025-09-07T15:54:11Z)
• Designing a Layered Framework to Secure Data via Improved Multi Stage Lightweight Cryptography in IoT Cloud Systems [1.5803208833562954]
  This paper presents a novel multi-layered hybrid security approach aimed at enhancing lightweight encryption for IoT-Cloud systems.<n>The proposed framework consists of three core layers: (1) the H.E.EZ Layer which integrates improved versions of Hyperledger Fabric, Enc-Block and a hybrid ECDSA-ZSS scheme to improve encryption speed, scalability and reduce computational cost; (2) the Credential Management Layer independently verifying data authenticity and authenticity; and (3) the Time and Auditing Layer designed to reduce traffic overhead and optimize performance across dynamic workloads.
  arXiv  Detail & Related papers  (2025-09-01T18:53:20Z)
• AlDBaran: Towards Blazingly Fast State Commitments for Blockchains [52.39305978984572]
  AlDBaran is an authenticated data structure capable of handling state updates efficiently at a network throughput of 50 Gbps.<n>AlDBaran provides support for historical state proofs, which facilitates a wide array of novel applications.<n>On consumer-level portable hardware, it achieves approximately 8 million updates/s in an in-memory setting and 5 million updates/s with snapshots at sub-second intervals.
  arXiv  Detail & Related papers  (2025-08-14T09:52:15Z)
• Federated Learning-Enhanced Blockchain Framework for Privacy-Preserving Intrusion Detection in Industrial IoT [0.0]
  Industrial Internet of Things (IIoT) systems have become integral to smart manufacturing, yet their growing connectivity has exposed them to significant cybersecurity threats.<n>Traditional intrusion detection systems (IDS) often rely on centralized architectures that raise concerns over data privacy, latency, and single points of failure.<n>We propose a novel Federated Learning-Enhanced Framework (FL-BCID) for privacy-preserving intrusion detection tailored for IIoT environments.
  arXiv  Detail & Related papers  (2025-05-21T11:11:44Z)
• ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Lightweight and Resilient Signatures for Cloud-Assisted Embedded IoT Systems [2.156208381257605]
  Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA) We create two novel digital signatures called Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA) They offer a nearoptimally efficient signing with small keys and signature sizes.
  arXiv  Detail & Related papers  (2024-09-20T22:43:47Z)
• Lightweight CNN-BiLSTM based Intrusion Detection Systems for Resource-Constrained IoT Devices [38.16309790239142]
  Intrusion Detection Systems (IDSs) have played a significant role in detecting and preventing cyber-attacks within traditional computing systems. The limited computational resources available on Internet of Things (IoT) devices make it challenging to deploy conventional computing-based IDSs. We propose a hybrid CNN architecture composed of a lightweight CNN and bidirectional LSTM (BiLSTM) to enhance the performance of IDS on the UNSW-NB15 dataset.
  arXiv  Detail & Related papers  (2024-06-04T20:36:21Z)
• Task-Oriented Integrated Sensing, Computation and Communication for Wireless Edge AI [46.61358701676358]
  Edge artificial intelligence (AI) has been proposed to provide high-performance computation of a conventional cloud down to the network edge. Recently, convergence of wireless sensing, computation and communication (SC$2$) for specific edge AI tasks, has aroused paradigm shift. It is paramount importance to advance fully integrated sensing, computation and communication (I SCC) to achieve ultra-reliable and low-latency edge intelligence acquisition.
  arXiv  Detail & Related papers  (2023-06-11T06:40:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.