메뉴 건너뛰기

ucalip

History

(History / Patent / Author / Research / Research paper / Development / Result)

Design and Hardware Implementation of a Simplified DAG-Based Blockchain and New AES-CBC Algorithm for IoT Security

by   and  *
 
 
Department of Electrical and Electronics Engineering, Chung-Ang University, Seoul 06974, Korea
*
Author to whom correspondence should be addressed.
Academic Editors: Javier Prieto and Fernando De la Prieta
Electronics 202110(9), 1127; https://doi.org/10.3390/electronics10091127
Received: 1 April 2021 / Revised: 5 May 2021 / Accepted: 6 May 2021 / Published: 10 May 2021
(This article belongs to the Special Issue IoT Security and Privacy through the Blockchain)

Abstract

Recently, to enhance the security of the Internet of Things (IoT), research on blockchain-based encryption algorithms has been actively conducted. However, because blockchains have complex structures and process large amounts of data, there are still many difficulties in using the conventional blockchain-based encryption algorithms in an IoT system that must have low power consumption and be ultra-lightweight. In this study, to address these problems (1) we simplified the conventional Directed Acyclic Graph (DAG)-based blockchain structure, and (2) we proposed a new Advanced Encryption Standard (AES)-Cipher Block Chaining (CBC) algorithm with enhanced security by periodically changing the secret key and initialization vector (IV) in the conventional AES-CBC encryption algorithm. Because the DAG, which is the conventional blockchain structure, randomly transmits data to multiple blocks, there may be overlapping blocks, and the quantity of transmitted data is not limited; thus, the time and power consumption for encryption and decryption increase. In this study, a simplified DAG was designed to address these problems so that packets can be transmitted only to three blocks, without overlapping. Finally, to verify the effectiveness of the algorithm proposed in this paper, an IoT system consisting of 10 clients and one server was implemented in hardware, and an experiment was conducted. Through the experiment, it was confirmed that when the proposed AES-CBC algorithm was used, the time taken and the amount of power consumed for encryption and decryption were reduced by about 20% compared to the conventional AES-CBC algorithm.

1. Introduction

Recently, technologies such as artificial intelligence, big data, cloud computing, the Internet of Things (IoT), and network performance have improved with the advent of the hyper-connected era. Due to advances in these technologies, resources are increasingly virtualized for sharing. Networks are virtualized to share network resources or build a cloud environment. Although the number of applications using networks is increasing, network security remains inadequate. The IoT is a technology used to connect and control sensors through networks. This technology is used not only in industries but also in homes. When the IoT is used at home to connect and control home devices, such as consumer devices, security systems, and home appliances, it is known as a smart home system. However, individual devices connected to home systems can create security problems. The IoT is controlled through a network, and connected devices with weak security may suffer various types of damage by hackers. Vulnerabilities such as simple patterns of encryption, non-periodic password changes, old platforms, a lack of encryption algorithms, and a lack of security in network connections can be revealed. Using these vulnerabilities, personal information can be stolen to cause financial damage, and secondary damage such as the invasion of user privacy can also be caused through identifying life patterns. Today, the seriousness of the privacy invasion problem is increasing due to the increased number of single-person households. Furthermore, the vulnerability of the IoT is also steadily growing [1,2]. To address this problem, symmetric key algorithms such as the Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), and Lightweight Encryption Algorithm (LEA) with a block encryption structure have been applied to increase security [3,4]. However, these approaches make it easy to obtain cracked data [5]. In addition, security should be enhanced due to problems such as new malicious codes and denial of service [6]. Recently, the security of blockchains has been emphasized [7,8]. Much research has been conducted to improve security, but most studies have focused on improving security suitable for one-to-one communication. Blockchains have the advantage of being capable of enhancing security through verification between nodes, which makes forgery difficult. Consequently, research using blockchain techniques to develop robust security algorithms is actively underway [9,10,11,12,13,14,15].
In this study, the security of the IoT environment was improved using a blockchain-based algorithm. The algorithm was implemented by imitating the Directed Acyclic Graph (DAG) algorithm.
When a client connected to a particular sensor sends data, the encrypted data are randomly transmitted to other clients. The clients who receive the data decrypt and re-encrypt it before retransmitting the encrypted data to other clients and, finally, to the server. The server that receives the data decrypts and aggregates these data, and adopts the data that were verified the most. Encryption was performed using the AES algorithm, and the cipher key was set to be changed periodically. Consequently, using this method, problematic clients can be identified, and the inference of the cipher key is impossible, even when the data are exposed. The performances of the conventional AES-CBC algorithm and the proposed new AES-CBC algorithm were compared, and the overhead of the proposed algorithm was evaluated.
The remainder of this paper is organized as follows. In Section 2, related works are discussed, and in Section 3, the background technology of the DAG-based blockchain structure and AES-CBC algorithm is explained. In Section 4, the proposed Simplified DAG-based Blockchain Structure is described, and in Section 5, the proposed new AES-CBC encryption algorithm is described. In Section 6, system configuration and hardware equipment are described, and in Section 7, experiments of encryption and decryptions, verification of encryption, and analysis of the proposed AES-CBC algorithm are described. Section 8 compares the conventional AES-CBC encryption algorithm with the proposed new AES-CBC encryption algorithm, and Section 9 presents the conclusion of the paper.

2. Related Work

Various studies have been conducted to build a system suitable for the IoT. For the current work, related studies were reviewed to address technical issues, such as security, reliability, and scalability.
Biswas et al. proposed a PoBT algorithm that enables block security at the stage of transaction verification and block generation. PoBT is a lightweight consensus algorithm that integrates peers according to the number of nodes participating in the session. The computational time required for peers is reduced, and the IoT transaction speed is enhanced by limiting resources. In addition, the memory required for IoT nodes is reduced using a distributed peer system [16].
Mohanty et al. developed an ELIB algorithm using a lightweight consensus algorithm, Certificateless (CC), and distributed throughput management (DTM), so that it can be applied to the IoT. To reduce the resources consumed, the number of blocks was limited, and the throughput of the consensus algorithm of the blockchain was also limited. As a result, the time and energy required to process the blocks were reduced [17].
Huang et al. proposed a credit-based proof of work (PoW). Power was limited through PoW to fit IoT devices, and a blockchain infrastructure with a DAG structure was built. Functionally, the nodes were divided into two categories: light and full nodes. Light nodes are IoT devices that are connected to the full nodes to interact, and the collected sensor data are subject to data authority management with AES block encryption. The full nodes have two roles, as an administrator and a gateway, and a secure blockchain system was implemented using AES block ciphers [18].

3. DAG-Based Blockchain Structure and AES-CBC Algorithm

3.1. Struture of DAG

The structure of DAG is attracting attention as a core technology in the era of blockchain 3.0 [19,20,21,22,23]. Figure 1 shows a structure of the DAG. As a non-circulating directed graph, it has multi-directionality without any fixed order and continues in only one
이미지 1.png

 

3.2. AES-CBC Algorithm

3.2.1. AES Algorithm

The AES algorithm was established by the National Institute of Standards and Technology and was the first algorithm that was approved for Top Secret use by the US National Security Agency [24]. The AES algorithm is a symmetric key algorithm that uses the same key in encryption and decryption processes. A symmetric key algorithm refers to an algorithm that uses the same cipher key for encryption and decryption. The encryption structure is composed of a Substitution–Permutation Network (SPN) structure and a Feistel structure. The AES algorithm uses the SPN structure, which is shown in Figure 2. In Figure 2, S represents the substitution box (S-box), and P represents the permutation box (P-box). Regarding the encryption process of the AES algorithm, ciphertexts are generated through many rounds of processes in the S-box and P-box. The S-box is a basic packet used for encryption, and its function realizes the non-linear substitution of data. The function of the P-box is changing the location of data. The SPN structure has the disadvantage that it must be designed to require an inverse function in the encryption and decryption processes, b

 

ut has the advantage that it can be designed more efficiently than the Feistel structure because encryption and decryption are possible simultaneously without moving bits during the encryption process.
이미지 2.png

3.2.2. CBC Operating Mode

The block encryption technology has five operating modes: Electronic CodeBook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher FeedBack (CFB) mode, Output FeedBack (OFB) mode, and Counter (CTR) mode. The CBC mode is the most secure encryption method among block encryption operating modes and is the most commonly used. Figure 3 is a block diagram that shows the encryption and decryption processes in CBC mode [25]. In the CBC operating mode encryption process, as shown in Figure 3a, each block performs an XOR operation with the encryption result of the previous block before being encrypted, and in the case of the first block, the initialization vector (IV) is used. The decryption process in the CBC operating mode proceeds in the reverse order of the encryption process, as shown in Figure 3b. However, because the first block does not have the encryption result of the previous block, the ciphertext and the initialization vector (IV) are XOR operated [26,27].
 

이미지 4.png

 

https://www.mdpi.com/2079-9292/10/9/1127/htm

 

 


List of Articles
제목
2021년4월: [Rp]Design and Hardware Implementation of a Simplified DAG-Based Blockchain and New AES-CBC Algorithm for IoT Security file
2019년07월 : 상표등록:UCALIP - C.I file
2017년10월 : [Rp]옥내용 음식폐기물 처리시스템 설계 및 제작 (The design and fabrication of management system for weight measuring food wastes for indoor) file
2016년10월 : [특허등록번호 10-1726140-0000] 옥내용 음식물쓰레기 중량계량형 관리장치 file
2015년02월 : [특허 등록번호10-1545113-0000] 쓰레기 수거장치 file
2013년11월 : [Rp] 패턴 분석으로 관리하는 가정용 스마트 전기관리 시스템[학술대회] 1 file
2012년00월 : [Rp] 자동 쓰레기 집하 시설에 사용되는 1회사용 종량제 봉투 인식 장치 설계에 관한 연구 file
2011년11월 : [상표 등록번호40-0889075-0000] 'LOGIMASON' 상표등록
2011년08월 : [중기청]'중소기업청 로봇관련 공동개발 과제 선정'
2011년03월 : [특허] 쓰레기 봉투 감지장치 및 이것이 수행하는 쓰레기 투입구 개폐방법 특허등록번호10-1021924-0000 file
2010년04월 : [생기연] 한국생산기술연구원 연구개발 위탁업체로선정
2009년02월 : [상표 등록번호40-0823296-0000] CORENESS 상표등록
2007년10월 : [연구] 고속 화상처리 시스템 설계 완료
2007년10월 : [연구] 1kv 고압 임펄스 장치 설계 완료
2005년03월 : [개발] 주차장 무인 제어 관리 시스템기술 설계 완료
2003년12월 : [개발] 임베디드리눅스 커널및 jffs, LAN, LCD 관련 포팅기술완료
2003년06월 : 메이슨창업
2003년00월 : [Rp] 빌딩 출입 보안 시스템의 정보폭주 방지방법에 관한 연구[논문]
2002년00월 : [Rp] 빌딩 출입 보안 시스템의 정보폭주 방지방법에 관한 연구 [논문] file
2001년02월 : [특허 등록번호10-0404451-0000 발명자] 차량용 블랙박스 시스템 및 차량용 블랙박스 해독방법과그 프로그램 소스를 저장한 기록매체 file
2001년00월 : [Rp] 지능형 빌딩 시스템의 성능 개선에 관한 연구 [논문] file
2000년09월 : [출간] 통신 응용 실험[출간:공동저자] file
2000년00월 : [Rp] 전자회로 부품검사기의 가딩전압 발생법에 관한연구[논문] file
1999년00월 : [Rp] 전자회로의 부품 검사의 속도 개선에 관한 연구 [논문] file
1998년00월 : [Rp] 통신 시스템의 전자회로 부품 검사 방법에 관한 연구[논문] file
1995년12월 : [특허 등록번호10-0090901-0000] 펑션테스터및그의구동방법 file
1992년11월 : [출간] MS-DOS DEVICE DRIVER 작성법 [출간:편저] file
Board Pagination Prev 1 Next
/ 1