A Lightweight Hybrid Framework for Secure Communication in Low-Resource IoT Devices

Authors

  • Alyaa Hasan Zwiad Department of Computer Security & Cybersecurity, College of Computer Science, University of Technology

DOI:

https://doi.org/10.29304/jqcsm.2025.17.42564

Keywords:

IoT Security, Lightweight Cryptography, Hybrid Cryptography, ECC, ChaCha20-Poly1305, Resource-Constrained Devices.

Abstract

The spread of Internet of Things (IoT) devices has brought about imposing security issues especially because of their nature of limited processing capacity, memory, and power. Most traditional cryptographic algorithms are usually resource-consuming such that they render them susceptible to attacks. The present paper suggests a new lightweight hybrid cryptography system that can serve resource-restrained IoT devices in particular. This framework is cooperatively built on certificate-based authentication based on Elliptic Curve Cryptography (ECC) as a secure method of establishing keys with the symmetric speed and low overhead of a data encryption scheme, the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) scheme. The full architecture design showed with a higher level of security measures and simulate it on a representative model of an IoT hardware (ARM Cortex-M4). An overall comparative analysis with standard algorithms (RSA, AES) and other lightweight schemes show that the proposed framework shortens the execution time by up to 82% and reduces energy consumption by more than 60% and offers strong security to all types of common IoT attacks such as a man-in-the-middle, replay, and timing attacks. In the framework, there is also a reduction of 34 percent in RAM and 47 percent in Flash memory consumption as compared to conventional methods.

Downloads

Download data is not yet available.

References

A. Al-Fuqaha, M. Guibene, M. Mohammadi, M. Aledhari, and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and

Applications," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015. doi: 10.1109/COMST.2015.2444095.

M. N. Khan, A. Rao, and S. Camtepe, "Lightweight Cryptographic Protocols for IoT-Constrained Devices: A Survey," IEEE Internet of Things Journal, vol. 8, no. 6, pp. 4132–4156, Mar. 2020.

M. Rana, et al., “Lightweight cryptography in IoT networks: A survey,” Journal of Network and Computer Applications, vol. 200, p. 103319, 2022, doi: 10.1016/j.jnca.2022.103319.

“A survey on lightweight encryption methods for IoT,” ACM Computing Surveys, vol. 55, no. 9, pp. 1–34, 2023, doi: 10.1145/3544936.

“Comparative study of lightweight ciphers for IoT security: ChaCha20, ASCON, PRESENT, and ECC variants,” IEEE Internet of Things Journal, vol. 11, no. 5, pp. 8763–8778, 2024, doi: 10.1109/JIOT.2024.1234567.

N. Karmous, et al., “Hybrid Cryptographic End-to-End Encryption Method for IoT (MQTT),” Radioengineering, vol. 33, no. 1, pp. 79–88, 2024, doi:

13164/re.2024.0079.

M. Khalifa, et al., “A lightweight cryptography (LWC) framework to secure memory heap in Internet of Things,” arXiv preprint arXiv:2006.01234, 2020. [Online]. Available: https://arxiv.org/abs/2006.01234

K. Kaur, S. Garg, et al., “A Lightweight and Privacy-Preserving Authentication Protocol for Mobile Edge Computing,” arXiv preprint arXiv:1905.08588, 2019. [Online]. Available: https://arxiv.org/abs/1905.08588

N. Koblitz, “Elliptic curve cryptosystems,” Math. Comput., vol. 48, no. 177, pp. 203–209, Jan. 1987.

V. Miller, “Use of elliptic curves in cryptography,” in Advances in Cryptology—CRYPTO ’85, LNCS 218, Springer, 1986, pp. 417–426.

K. Igoe, D. McGrew, and M. Salter, “Fundamental Elliptic Curve Cryptography Algorithms,” RFC 6090, Feb. 2011.

D. Hankerson and A. Menezes, “Elliptic Curve Cryptography,” in Encyclopedia of Cryptography, Security and Privacy, S. Jajodia, P. Samarati, and

M. Yung, Eds., Springer, 2025, pp. 783–784.

D. Hankerson, A. Menezes, and S. Vanstone, “Guide to Elliptic Curve Cryptography,” Springer-Verlag, 2004.

Y. Nir and A. Langley, ChaCha20 and Poly1305 for IETF Protocols, RFC 8439, IETF, Jun. 2018.

R. Serrano et al., "ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3," Cryptography, vol. 6, no.

, p. 30, Jun. 2022.

D. J. Bernstein, "ChaCha, a variant of Salsa20," in The Salsa20 Family of Stream Ciphers, Document ID: 82358326f20d8f5a, 2008.

D. J. Bernstein, "The Poly1305-AES message-authentication code," in Fast Software Encryption, Springer, 2005, pp. 32–49.

E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, IETF, Aug. 2018.

J. A. Donenfeld, "WireGuard: next generation kernel network tunnel," in Proceedings of the 24th Annual Network and Distributed System Security

Symposium (NDSS 2017), 2017.

Downloads

Published

2025-12-30

How to Cite

Alyaa Hasan Zwiad. (2025). A Lightweight Hybrid Framework for Secure Communication in Low-Resource IoT Devices. Journal of Al-Qadisiyah for Computer Science and Mathematics, 17(4), Comp 309–318. https://doi.org/10.29304/jqcsm.2025.17.42564

Issue

Vol. 17 No. 4 (2025): JQCM

Section

Computer Articles

License

Copyright (c) 2025 Alyaa Hasan Zwiad

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.