Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things

TL;DR

This paper introduces Graphene, a novel lightweight symmetric authenticated encryption framework for IoT that offers breach-resiliency, efficient offline-online cryptography, and compact tags, addressing key limitations of existing standards.

Contribution

Graphene is the first symmetric FAAE framework for IoT that combines key evolution, offline-online cryptography, and UMACs for enhanced security and performance.

Findings

Significant performance improvements over existing AE schemes.

Demonstrated breach-resiliency and low latency on microcontrollers.

Open-source implementation available for public testing.

Abstract

The Internet of Things (IoT) relies heavily on resource-limited devices to communicate critical (e.g., military data) information under low-energy adversarial environments and low-latency wireless channels. Authenticated Encryption (AE) guarantees confidentiality, authenticity, and integrity, making it a vital security service for IoT. However, current deployed (lightweight) AE standards lack essential features like key compromise resiliency and compact authentication tags, as well as performance enhancements such as offline-online cryptography. To address these gaps, we propose Graphene, the first (to our knowledge) symmetric Forward-secure and Aggregate Authenticated Encryption (FAAE) framework designed for the performance and security demands of low-end IoT infrastructures. Graphene innovates by synergizing key evolution strategies and offline-online cryptographic processing with Universal Message Authentication Codes (UMACs) to guarantee breach-resiliency, near-optimal online latency, and compactness. We demonstrate Graphene efficiency through two distinct instantiations, each balancing unique performance trade-offs with extensibility for diverse MACs. Our experimental evaluation on commodity hardware and 32-bit ARM Cortex-M4 microcontroller shows Graphene significant performance gains over existing alternatives. Graphene is also backward compatible with standard-compliant cryptographic implementations. We release our implementation as open source for public testing and adaptation.