An improved chacha algorithm for securing data on IoT devices

In recent years, revolution of development was exceedingly quick in the Internet. Nevertheless, instead of only linking personal computers, mobiles and wearable equipment's, Internet growths from a web binding to true world physical substances that is indicated to novel connotation, which is labeled as Internet of Things (IoT). This concept is utilized in many scopes like education, health care, agriculture and commerce. IoT devices are presented with batteries to have independence from electric current; consequently, their working time is specified by the total time of the power of these batteries. In many IoT applications, data of IoT devices are extremely critical and should be encrypted. Current encryption approaches are created with a high complexity of an arithmetical process to provide a high level of security. However, these arithmetical processes lead to troubles concerning the efficiency and power consumption. ChaCha cipher is one of these approaches, which recently attracted attention due to its deployment in several applications by Google. In the present study, a new stream cipher procedure is proposed (called Super ChaCha), which performs low duty cycles for securing data on IoT devices. The proposed algorithm represents an improved revision to the standard ChaCha algorithm by increasing resistance to cryptanalysis. The modification focuses on rotation procedure which has been changed from a fixed constant to a variable constant based on random value. Also, the inputs of the cipher are changing in the columns form followed by diagonals form to zigzag form and then by alternate form to provide improved diffusion in comparison with the standard ChaCha. Results regarding the security illustrate that Super ChaCha needs 2512 probable keys to break by brute-force attack. Furthermore, the randomness of Super ChaCha successfully passed the five benchmark and NIST test.


Introduction
The expression "Internet" indicates a senior denomination of protocols and applications; it is established on best of advanced and associated networks. In 24/7 fashion, it assists zillions of humans around the continents [1]. From 1990 to the time being, revolution of development was exceedingly quick in the Internet, growths from a web environment to real-world objects that is indicated to Internet of Things (IoT) [2]. IoT is a network of physical devices that have the ability to sense and collect data from the outside environment. The IoT devices can exist in different geographic locations, and the collected data can be used for different applications in areas such as health care, education, banking, and others. The IoT technology is a modern standard, which is rapidly obtained scope by combining sets of models and communication. The main concept of the IoT includes a diversity of objects like emergency mechanisms (Bluetooth, RFID, sensors) and mobile phones. It has eligiblity to communicate with another mechanism across the Internet. The fast improvement of IoT can help people to make their situation smarter and more computable, overcoming daily problems. In short, IoT presents new opportunities to monitor and manage devices remotely, and hence take decisions based on the information received from various real-time traffic data streams [3][4][5].
The IoT structure consists of five components, namely sensor, aggregator, transmission channel, external utility, and decision trigger [6]. A sensor is an electronic utility for measuring physical attributes (temperature, weight, location, and others). The aggregator is a software dedicated for transforming raw data into aggregated data. The transmission channel is a medium for transmitting the collected data (USB, wireless, wired, or verbal). The external utility (which is either software or hardware) is designed for storage purpose. The decision trigger conceptually defines the end purpose of the IoT. It is reasonable, in most cases, to deal with the decision trigger as an if-then rule [6].
At present, in both education and manufacturing, IoT is rapidly being a major topic of the utmost technologies and trends. Furthermore, according to researchers and scientists, a switch from utilizing conventional equipment's to utilizing the Internet, is coming into a modern era to link smart equipment's [7,8]. By 2017, forecasts illustrated that 3.6 × 10 9 of human beings linked to the Internet, sixty-four of them are linked through smartphones [9]. This guides to quicker reply times to generic emergencies, keep souls, health care, and others. Therefore, it will enhance the goodness of individuals' lifetime by presenting services via smart cities. Hence, utilize resources more expeditiously and keep the money while presenting outstanding services [10].
Generally, security problems in all scopes of IoT applications are considered as the first important huge challenges [11]. Furthermore, in IoT environment, every individual equipment and sensor that are established, deployed, and synchronized may be suffering from attackers at any position [12]. In many IoT applications, data of node sensor are extremely critical and have to be encrypted. Current encryption procedures are associated with a large complexity of arithmetical processes to provide a high level of security. This arithmetic complexity, of course, results in consuming extra time and power. On the other hand, the sensors are suffering from limitations of storage space and power, which affect the transmission efficiency. One powerful solution to achieve high security with the abovementioned limitations is the use of lightweight encryption technology. Recently, Panagiotou et al. [3] encouraged using stream ciphers as lightweight cryptography techniques for sensitive data in IoT devices.
Various suggested procedures have been implemented lightweight encryption schemes for IoT. Yao et al. [13] offered a lightweight encryption procedure for securing information transport according to attribute-based encryption and Elliptic Curve Decisional Diffie Hellman. Furthermore, they suggested procedure-resisted resource-limited equipment in IoT security troubles and assisted to enhance performance efficiency. Salami et al. [14] handled resource-limited equipment in a smart house of its security troubles by suggesting a lightweight encryption procedure according to identity-based (public key management) that do not require certificate for securing sending information between householder and smart things in the house. Baskar et al. [15] explained WSN concept and their components and properties and focused on WSN, where it was apt to attack. In addition, they suggested lightweight encryption procedure by employing chaos map to provide key by utilizing Field Programmable Gate Array. Yang et al. [16] suggested secure data administration of patients utilizing keyword search and lightweight encryption procedure with Diffie Hellman of health data of patients in health care scope. Recently, Panagiotou et al. [3] introduced a symmetric cryptography, based on the Advanced Encryption Standard (AES), for both encryption and decryption of texts, images and electronic data applications in IoT devices. Hammi et al. [17] proposed a lightweight elliptic curve cryptography-based authentication scheme for IoT. They adopted one-time-password as an authentication scheme in which a new password is generated for each authentication session and the reuse of a password is not possible. More recently, Kponyo et al. [18] have proposed a lightweight and host-based DoS anomaly detection and defense mechanism for resourceconstrained IoT devices. Their approach was dedicated to address DoS attacks on IoT devices.
The objective of this study is to suggest a lightweight stream cipher algorithm, with low power consumption, for securing the information that exchanged between cloudlevel (Google Cloud) as backend real-time database and IoT sensors.

Stream Cipher and Chacha
From 1990 to 2020, a huge evolution occurs in the scope of data storing, telecommunication, and Internet. These modern evolutions need robust security, according to robust cryptography procedure [19]. Cryptography is a procedure for safe communication in the presence of adversaries [20]. Cryptography procedures are mostly categorized into two forms: The first is a block cipher that indicates the procedure of the cipher by splitting each original data into sequential blocks and every block is encrypted by utilizing identical key [21,22]. The second form is a stream cipher that indicates the procedure of the cipher by utilizing XOR function between the original data and key random series for getting the cipher data [23].
This paper concentrates only on the stream cipher due to its suitability in scopes like its equipment and mobile communications, etc. These scopes have huge resource utilization and restricted dealings with bandwidth, energy and effectively processing than block ciphers.
ChaCha20 is stream cipher utilized counter mode for symmetric encryption, ChaCha20 is implemented by Google. The total size of the input of the ChaCha20 is 512 bits, as shown in Fig. 1. These bits act as seeds, each one has 32 bits, which consist of [24]: • 256 bit act as the total size of the key (k1… k8). • 192 bit act as the total size of the nonce (n1, n2) and constants [c1 … c4]. • 64 bit act as the total size of the block message counter (b1, b2).
Hence, for encryption original data utilizing Cha-Cha20, three lightweight procedures are used for mixing the input of the ChaCha20 to create a series of 512 bits which are symbolizing the keystream by XOR operation with the original data. The first lightweight procedure is an addition (adding of two 32 bits), the second lightweight procedure is Exclusive-OR (XORing of the two 32 bits) and the third lightweight procedure is rotation, which is in charge of rotation of 32 bits by e bit y ≪ e and e acts as a constant number. The three lightweight procedures are summarized into dual function. The Quarter Round Function (QRF) represents the core of dual function, introduced to update the state matrix in each round. QRF is applied first on the columns and then on the diagonals of the state matrix as shown in Fig. 2 [25]: Input values for QRF are four 32-bits and the outputs are modifying since 32-bit based on the three lightweight procedures as shown in Fig. 3.
The last process in ChaCha20 is applying an addition operation between the last modified matrix and the first seed of input ChaCha20 [26].

Five Basic Tests
The performance of randomness characteristic of the keystream generator is evaluated by utilizing the five basic tests (benchmark tests) as illustrated in Table 1 [28,29]. This test examines just the output sequences of keystream generator, which is known as an empirical test [30].

National Institute of Standards and Technology Benchmark Tests
National Institute of Standards and Technology (NIST) Benchmark Tests encompass standardized tests which are utilized to check the randomness of generating binary series of the keystream generator [31,32]. If the generated binary series pass NIST Benchmark Tests, then that series has randomness, whereas when the generated binary series fail in NIST Benchmark Tests, the series is non-random [33]. All NIST Benchmark Tests check the randomness according to parameters (n, m, M) as shown in Table 2 [34]. Only NIST Benchmark Tests (bold green color) that do not exceed the bit length of the suggested keystream generator will be utilized in this paper (512 bits needed for ChaCha20 and super ChaCha). Table 1 Benchmarked five tests equations and information [30] Five benchmark tests equations Information on five benchmark tests (S j + S +k )Mod2

Suggested Super ChaCha
The fundamentals of the ChaCha20 have been studied to build a new keystream generator for producing keys, taking into consideration the increasing of security level and decreasing the complicated stages. The producing keys will be used for encryption IoT data. We denote the new approach as Super ChaCha Lightweight Stream Cipher, described in Algorithm 1, which consists of 10 rounds ultimately summarized into: • The rotation procedure (16, 12, 8, and 7) in ChaCha20 is modified from a fixed constant to a variable constant based on random value (y0, y1, y2, and y3), respectively, in each round, as shown in Algorithm 2. • The order of application of the QRF (for updating inputs) has been changed in the columns from followed by diagonals form to zigzag form and then by alternate form as shown in Figs. 4 and 5. This new order of updating process results in more diffusion of inputs and thereby increasing the complexity against attacks.
For encryption IoT data sensor, an XOR operation is applied between the 512 bits of keystream, which is generated from Algorithm 1 and IoT sensor.
Step3: round =round+1 Step4: until round less than or equal to 10 Step5: store the update matrix x in keystream matrix as key End

Implementation of the Proposed Super ChaCha Keystream Cipher
For implementation purposes, the pulse heart rate and body temperature of persons (IoT data sensor) are used as inputs, which will be encrypted based on the keystream of the proposed Super ChaCha (described in Algorithm 1). The outputs extracted by the Super ChaCha model are keys with a less complicated procedure and a good robustness keystream, proved by effectively surpasses the five benchmark tests as illustrated in Table 3 and NIST benchmark tests as illustrated in Table 4. Figure 6 shows the model of exchanging the encrypted messages between Super ChaCha keystream is compared with standard ChaCha version (8), (12), and (20) according to time consuming in microseconds and complexity against attacks by applying on 512 bits, as shown in Table 5. The modification presented in this study is applied to the three versions of ChaCha as shown in Table 6. The comparison reveals the superiority of Super ChaCha over the standard ChaCha of versions 8 and 12, where the complexity against attacks has significantly increased with very little increase in time, ranging from 1 to 2 microsecond. The increase in complexity, shown by the proposed algorithm, is due to using a new order of updating process, which results in more diffusion of inputs. For the standard ChaCha20, the proposed modification does not result in a clear improvement in the complexity toward attacks.
Each suggested procedure on NodeMCU ESP8266 is executed according to various data lengths. Several performance metrics are measured:

Memory Usage
The needed space for compiling NodeMCU ESP8266 with Wi-Fi library was 2 KB. The executed Super ChaCha stream cipher needs only an extra 4-7 KB of space.

Throughput
Throughput had been taken, in accordance with encryption procedure, described in Figs. 2 and 3 for standard ChaCha20 and in Algorithms 1 and 2 for super ChaCha approach. The total time of converting original data to   (Table 6) results in a very little decrease in throughput. It is expected that the increase in security level (illustrated in Tables 5 and 6) will lead to a decrease in throughput. It is worth noting that the significant improvement in security results in a very slight decrease in throughput.

Power Consumption
The power consumption, of the suggested procedures executing on NodeMCU for the first installation, is computed by the following concepts: • Running Procedure in microseconds: It acts the entire time in microseconds that are needed for performing the suggested procedure • Cycles of procedure: It acts the value of running a procedure in microseconds * 80, due to the CPU clock performs at a frequency of the eighty MHz (eighty times each microsecond). • As previously discussed in NodeMCU properties, the voltage is 3.3 and the current is 0.08 A. • Clock Cycles: It is equal to the division of 1 by frequency that is referring to 80 × 10 −6 .
The measure of power consumption has been calculated in microjoules by the product of the voltage, current, cycles of procedure, and Clock Cycles as presented in Tables 9 and 10. The results show very small increase in energy consumption associated with using Super ChaCha (keeping in mind the very slight increase in time consuming for Super ChaCha, which does not exceed 3 ms). In short, the clear enhancement in security causes a very small increase in energy consumption.

Conclusions
ChaCha stream cipher had come in different versions based on number of rounds. So far, no fully successful attack on ChaCha12 and ChaCha20 has been published in the literature, but there are several successful attacks on ChaCha 6, 7, and 8. In the present study, a new stream cipher is suggested, which represents a modification of ChaCha cipher (denoted as super ChaCha). The modification focuses on rotation procedure which is modified from a fixed constant to a variable constant based on random value. Also, the inputs of the cipher are changing in the columns from followed by diagonals form to zigzag form and then by alternate form. The randomness of the super ChaCha cipher successfully passed the five benchmark tests and NIST test. A comparison of super ChaCha with the standard versions of ChaCha (8,12,20) has been implemented based on several parameters, including time, complexity, memory, throughput, and power consumption. Results reveal that the complexity level is significantly increased with very slight increase in time, memory, power consumption, and slight decrease in throughput. Regarding the security level, super ChaCha requires 2 512 probable keys to break by brute-force attack, as compared to 2 248 probable keys for ChaCha8. We believe that the super ChaCha cipher is suitable for security of IoT devices which required high security but suffering from low energy and limited storage space.

Conflict of interest
The author(s) declare that they have no competing interests.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.