Novel one round message authentication scheme for constrained IoT devices

Security and privacy concerns have emerged as critical challenges in the Internet-of-Things (IoT) era. These issues need to be carefully addressed due to the sensitive data within IoT systems. However, some IoT devices have various limitations in terms of energy, memory capacity, and computational resources, which makes them extremely vulnerable to security attacks. Data integrity with source authentication are essential security services for protecting IoT data value and utility. Existing message authentication algorithms (MAAs), which are either based on block ciphers or keyed hash functions, require multiple rounds and complex operations, which leads to unacceptable overhead for resource-limited devices and delay-sensitive applications. Moreover, the high number of IoT connected devices generates a huge amount of data, which challenges even the capacity of powerful network devices to handle the security of such Big Data. As such, the protection of such amounts of generated data calls for lightweight security solutions. In this paper, we propose a lightweight MAA that provides data integrity and source authentication. The proposed solution is based on a dynamic key structure with a single round and simple operations. The used cryptographic primitives (substitution and permutation tables) are dynamic and get updated for each new input message by using specific update primitives. The dynamic structure of the proposed MAA allows for decreasing the required number of rounds to just one, while maintaining a high degree of security. The security tests results show that the proposed keyed hash functions (1) achieve the desired cryptographic properties, (2) are immune against existing attacks and (3) require low overhead in terms of computational and storage resources.