**7. Lightweight cryptographic techniques in SDN-IoT for 5G network**

The major constraint of IoT devices is it has limited resources in terms of processing power, storage and memory. This must be a primary reason when lightweight cryptographic (LWC) techniques came into the picture. This technique works in tight memory and resource constraints environments and has low computational complexity. Resources can be the size of the chip, cost of the IoT device, total speed, and power consumption. The size of the chip used in smart IoT devices must be small, so the encryption algorithm code size should be small enough to fit into these chips. The overall cost of the IoT devices should not increase much after using an encryption algorithm. The programming languages used to code the algorithm should be energy efficient, require less run time and memory [4]. LWC techniques are used for extremely low resource constraints devices which are communicating in IoT networks. LWC is one of the subbranch of cryptographic techniques. The battery technology is increasing relatively slowly and most of the encryption algorithm takes huge energy, so there is a trade-off between energy consumption and security.

5G mobile communication architecture is divided into three sections [2]—radio access network (RAN), core network, and application network. RAN in the infrastructure layer of the SDN-IoT network connects devices with one another to the control layer. In comparison with the hardware architecture, using software architecture reduces the equipment, development cost and improves flexibility. RAN can be modified to C-RAN which is a cloud/centralized RAN that works using software programming in 5G network. The security operations then moved to the cloud and

### *Lightweight Cryptographic Techniques in 5G Software-Defined Internet of Things Networking DOI: http://dx.doi.org/10.5772/intechopen.102984*

implemented using software programs. This makes the cryptographic designer focuses more on the security aspects of the algorithm than the hardware efficiency which measures in GE. In this context, AES-256 is a great solution against quantum computing. There are a few algorithms discussed below, such as AES-256, SNOW-V, DES, Piccolo, Hash Algorithm, Espresso, which are potential for 5G security perspectives in the software platform. It is recommended to use in the cloud environment and is suitable for SDN-IoT architecture.

The security concern of SDN-IoT architecture comes into three layers as mentioned above. The first layer is an infrastructure layer, in IoT architecture, the infrastructure layer is equivalent to the sensing layer and in comparison to SDN architecture, this layer is equivalent to the data layer. All the LWC algorithms suitable for strict memory constraint IoT devices are used in this plane. The second layer is the control layer, which controls the overall system's architecture and the third layer is the service layer or application layer. Below we discuss all three layers and the potential LWC algorithms for each layer.

### **7.1 Control layer/infrastructure layer**

SDN-IoT control layer is responsible for controlling the whole structure and traffic monitoring in a centralized manner, for that any malicious action can be detected from the control plane easily and for immediately taking an action. Multiple controllers connected by east/westbound interfaces with one another to maintain the connection. These interfaces are suffered from a lack of security support protocols and are easily vulnerable by the attacker. Identity-based cryptography (IBC) and elliptic curve cryptography (ECC) [5] are the two security solutions for this problem. Other cryptographic algorithms used in the control layer are Hash algorithms [6], AES [7], PRESENT [8], DES [9], etc.


future concept of SDN-IoT security architecture. All the hash algorithms from the SHA family standardize by the National Institute of Standard and Technology (NIST). The total number of iterations taken by SHA algorithms is 80 which leads to a power-hungry situation. This in terns leads to a requirement of using the BLAKE2 hashing algorithm which uses eight rounds to generate a message digest of 256-bit. Also, the time and space requirement of the BLAKE2 algorithm is much better than SHA in digital signature-based authentication schemes. All the security threats can handle by SHA-2 algorithms up to today. SHA-3 will be used in the near future if any such situations are beyond the capability of SHA-2.


differential cryptanalysis attacks. One of the variants of DES is 3DES also used in the control layer for encryption purposes.

