ULCL

An Ultra-lightweight Cryptographic Library for Embedded Systems

George Hatzivasilis

, Apostolos Theodoridis

, Elias Gasparis

and Charalampos Manifavas

Dept. of Electronic & Computer Engineering, Technical University of Crete,

Akrotiri Campus, 73100 Chania, Crete, Greece

Dept. of Computer Science, University of Crete, Voutes Campus, 70013 Heraklion, Crete, Greece

Dept. of Informatics Engineering, Technological Educational Institute of Crete,

Estavromenos, 71500 Heraklion, Crete, Greece

Keywords: Cryptographic Library, Lightweight Cryptography, API, Embedded Systems, Security.

Abstract: The evolution of embedded systems and their applications in every daily activity, derive the development of

lightweight cryptography. Widely used crypto-libraries are too large to fit on constrained devices, like

sensor nodes. Also, such libraries provide redundant functionality as each lightweight and ultra-lightweight

application utilizes a limited and specific set of crypto-primitives and protocols. In this paper we present the

ULCL crypto-library for embedded systems. It is a compact software cryptographic library, optimized for

space and performance. The library is a collection of open source ciphers (27 overall primitives). We

implement a common lightweight API for utilizing all primitives and a user-friendly API for users that

aren’t familiar with cryptographic applications. One of the main novelties is the configurable compilation

process. A user can compile the exact set of crypto-primitives that are required to implement a lightweight

application. The library is implemented in C and measurements were made on PC, BeagleBone and MemSic

IRIS devices. ULCL occupies 4 – 516.7KB of code. We compare our library with other similar proposals

and their suitability in different types of embedded devices.

1 INTRODUCTION

OpenSSL and other well-known crypto libraries

(The OpenSSL Project, 2013), target mainstream

applications. Such libraries support high levels of

security and don’t take into consideration the special

needs of constrained and ultra-constrained devices.

Other libraries that are designed for embedded

system applications support crypto-primitives that

are optimized for space, speed or power

consumption. On the other hand, such libraries either

contain redundant functionality as they support a

wide range of cryptographic primitives, like CyaSSL

(WolfSSL Inc., 2013), or contain a small number of

primitives, like Edon (Gligoroski, 2003).

OpenSSL (The OpenSSL Project, 2013) is

designed for mainstream applications with high level

of security and high speed. It provides a complete

set of cryptographic functionality. On the other

hand, OpenSSL hasn’t embodied newer

cryptographic standards, like TLS 1.2 and DTLS,

and progressive primitives, like the eSTREAM

(ECRYPT, 2008) finalists and the SHA-3 (NIST,

2012). The code organization is burden with legacy

code and makes difficult its use by developers. For

mainstream devices, OpenSSL achieves high

en/decryption rates. It utilizes assembly code to

speed up computationally heavy operations for

several processors as well as the Intel AES-NI. For

embedded devices, the executable code’s size can be

unacceptable. The library is open source.

CyaSSL (WolfSSL Inc., 2013) targets embedded

and real-time operating system (RTOS)

environments. It is a lightweight SSL library and

supports new cryptographic standards and

progressive ciphers. CyaSSL was written with

developers in mind and provides a simple and

documented API with easy-to-use abstraction layers

for OS and custom I/O. It also supports an OpenSSL

compatible API for broader use and acceptance.

CyaSSL is the leading SSL library for embedded,

real-time, mobile and enterprise systems. It achieves

high performance while keeping small code size and

low memory usage per connection. The library is

licensed under the GPLv2 and a commercial license.

247

Hatzivasilis G., Theodoridis A., Gasparis E. and Manifavas C..

ULCL - An Ultra-lightweight Cryptographic Library for Embedded Systems.

DOI: 10.5220/0004900602470254

In Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems (MeSeCCS-2014), pages

247-254

ISBN: 978-989-758-000-0

 2014 SCITEPRESS (Science and Technology Publications, Lda.)

ULCL is appropriate for lightweight and ultra-

lightweight applications where specific

cryptographic primitives are required. It provides

basic cryptographic functionality and supports

progressive ciphers. The APIs achieve low overhead

and comparable overall performance while remain

easy-to-use even by developers that aren’t familiar

with cryptography. The size of the executable code

is the smallest possible as the compilation is

adjusted to the application scenario. The library is

open source.

We apply OpenSSL, CyaSSL and ULCL on

BeagleBone (BeagleBoard.org Foundation, 2011)

devices with the default compilation options. All

libraries are implemented in C and fair

measurements were made. BeagleBone is a low-cost

credit-card-sized embedded device that runs Ubuntu

and connects with the Internet. It embodies an

AM3359 ARM Cortex-A8 single core CPU running

at 500-720 MHz.

2 RELATED WORK

Edon (Gligoroski, 2003) is an ultra-lightweight

library for embedded systems. It is implemented in

C and occupies about 5KB of memory. Edon uses

quasigroups to build cryptographic primitives and

develop a block cipher, a stream cipher, a hash

function and a pseudorandom number generator.

The CACE Networking and Cryptography

library (NaCl) (Bernstein, 2009) is an easy-to-use

high-speed high-security public-domain library for

network communication and cryptographic

applications. The library provides a high level API –

called crypto-box – for implementing public-key

authenticated encryption. The user realizes the

whole process as a single step and doesn’t consider

the internal parameters and communication steps

between the participants. NaCl performs speed tests

at compilation time and selects the best crypto-

primitives for each device. A user can also use low-

level APIs to apply specific primitives. Versions of

the library are supported in C, C++ and Python. In

C, the code occupies 17.36 – 27.96KB of memory

(Hutter and Schwabe, 2013)

In section 3, we describe the Ultra-Lightweight

Crypto-Library (ULCL) for embedded systems, the

main concepts and the measurements on real

devices. In section 4, we compare our proposal with

other libraries. In section 5, we conclude.

3 ULCL

We implement the ULCL for the cryptographic

technologies of the node layer. The library provides

‘built in’ cryptographic functionalities for embedded

systems that make use of a specific set of

cryptographic primitives and protocols. It utilizes

open source ciphers’ implementations, two

lightweight APIs and a configurable compilation

process.

Only block/stream ciphers and hash functions are

included. The library provides basic cryptographic

functionality for constrained and ultra-constrained

devices. It targets on application environments

where asymmetric cryptography can’t be applied. As

asymmetric cryptography is much more resource

demanding than symmetric one, these applications

depend on dependable authentic key distribution

mechanisms (Chen and Chao, 2011). Such

mechanisms are lightweight key management

solutions that utilize only symmetric cryptography.

We consider two types of embedded devices.

The BeagleBone (BeagleBoard.org Foundation,

2011) is a constrained device with 500 MHz

processing power, 256 MB memory and Ubuntu

Linux operating system. We perform the basic

measurements of ULCL, Edonm NaCl, CyaSSL and

OpenSSL on such devices. The Memsic IRIS

(Memsic Inc., 2010) is an ultra-constrained

embedded device with 8MHz processing power,

8KB memory and Contiki operating system.

CyaSSL and OpenSSL don’t fit on such devices. We

apply our library on IRIS as a proof of concept that

ULCL is appropriate for ultra-constrained devices

and applications. The measurements that are

reported in subsection 3.1 were performed on a PC

with Intel core 2 duo e8400 (3GHz), 2GB of RAM

and Linux operating system.

3.1 Open Source Cipher

Implementations

ULCL utilizes open source implementations of

known ciphers. It is a collection of lightweight or

compact implementations of standard block/stream

ciphers and message authentication code (MAC)

primitives. In (Manifavas et al., 2013), all these

primitives are evaluated and the best of them are

proposed for different types of embedded devices.

For block ciphers, it supports AES (Erdelsky,

2002), DES/3DES (CIFS Library, 2010), PRESENT

(Klose, 2007), LED (Guo et al., 2011),

KATAN/KTANTAN (Canniere et al., 2009), Clefia

(SONY, 2008), Camellia (NTT, 2013), XTEA

PECCS2014-InternationalConferenceonPervasiveandEmbeddedComputingandCommunicationSystems

248

(Wheeler and Needham, 1997) and XXTEA

(Wheeler and Needham, 1998). AES and Camellia

are designed for mainstream applications with high

level of security and throughput. Their space

requirements are high for ultra-constrained devices

and are included only for more powerful embedded

devices. DES, 3DES and Clefia are designed for

lightweight cryptography on embedded systems and

support high and moderate level of security, lower

throughput and consume less computational

resources. They are appropriate for constrained

devices. PRESENT, XTEA and XXTEA are

designed for ultra-constrained devices with even

lower level of security and throughput and are

efficient in power-energy-memory. LED, KATAN

and KTANTAN are mainly implemented in ultra-

constrained hardware and their performance in

software is low. We include them for higher

compatibility in heterogeneous systems where nodes

may use hardware-accelerated cryptography.

All block ciphers operate in ECB, CBC and CTR

modes of operation (Dworkin, 2001). Furthermore,

the library supports all known padding schemes:

zeroPadding, PKCS5, PKCS7, ISO_10126-2,

ISO_7816-4 and X9.23.

Table 1, summarizes the block ciphers’ features.

The ciphers are executed in ECB node of operation

with zero padding. Figure 1, illustrates the relevant

features of the ciphers with 128-bit key.

Table 1: Block ciphers in ECB mode of operation with

zero padding.

Cipher Key

(bits)

Block

(bits)

Code

(KB)

RAM

(KB)

Throughput

(MBps)

AES 128 128 25 10.25 56.35

AES 192 128 25 10.33 50.25

AES 256 128 25 10.41 69.82

3DES 64 64 12 10.02 20.15

3DES 128 64 12 10.07 20.25

3DES 192 64 12 10.11 20.21

Camellia 128 128 33 10.08 68.31

Camellia 192 128 33 10.13 55.57

Camellia 256 128 33 10.18 55.17

Clefia 128 128 6.9 10.08 4.65

Clefia 192 128 6.9 10.13 3.83

Clefia 256 128 6.9 10.17 3.29

XTEA 128 64 2.7 10.06 26.07

PRESENT 80 64 2.6 14.46 0.44

PRESENT 128 64 2.6 14.50 0.44

Figure 1: ULCL block ciphers with 128-bit key.

For stream ciphers, ULCL supports ARC4

(CyASSL, 2013) and the eSTREAM project

(ECRYPT, 2008) finalists Salsa20 (Bernstein,

2005), Rabbit (Boesgaard et al., 2005), HC128 (Wu,

2005), SOSEMANUK (Berbain et al., 2005), Grain

(Hell, M., Johansson, T. & Meier, W., 2005),

Trivium (Canniere and Preneel, 2005) and MICKEY

v2 (Babbage and Dodd, 2005). RC4 is the most

widely used stream cipher. It achieves high

throughput but it is considered insecure for new

applications. The finalists Salsa20, Rabbit, HC128

and SOSEMANUK are designed for software. They

achieve higher throughput and are considered secure

against all attacks faster than the exhaustive search.

Salsa20 and Rabbit are the most attractive for

constrained devices. HC128 utilizes two large tables

to perform en/decryption. Due to its table-driven

approach it is very fast but requires much memory.

The finalists Grain, Trivium and MICKEY v2 are

designed

for hardware but perform reasonable in

Table 2: Stream ciphers.

Cipher Key / IV

(bits)

Code

(KB)

RAM

(KB)

Throughput

(MBps)

HC128 128/ 128 7.9 16.58 517.60

Rabbit 128 / 64 3.1 8.41 264.29

Salsa20 128 / 64 3.1 8.27 155.10

Salsa20 256 / 64 3.1 8.35 154.97

SOSEMA

NUK

128 / 128 15 9.07 300.50

SOSEMA

NUK

256 / 128 15 9.14 299.03

Grain 80 / 64 2.7 16.26 64.24

Grain-128 128 / 96 3 24.4 91.39

MICKEY

80 / 80 3.2 8.22 2.85

Trivium 80 / 80 6.9 8.25 180.43

ARC4 40 / 0 1.22 8.55 165.69

ULCL-AnUltra-lightweightCryptographicLibraryforEmbeddedSystems

249

ARC4 2048 / 0 1.22 9.78 164.50

software. They were also cryptanalyzed and found

secure. Table 2 and Figure 2, summarizes the stream

ciphers’ features.

Figure 2: ULCL stream ciphers.

Table 3: MACs.

Hash Digest

(bits)

Code

(KB)

RAM

(KB)

Throughput

(MBps)

Blake 224 17 2.47 94.86

Blake 256 17 2.48 95.66

Blake 384 17 2.53 36.63

Blake 512 17 2.57 36.91

Groestl 224 29 2.46 29.62

Groestl 256 29 2.47 29.82

Groestl 384 29 2.83 20.08

Groestl 512 29 2.87 20.13

JH 224 7.7 2.32 17.26

JH 256 7.7 2.33 17.26

JH 384 7.7 2.38 17.27

JH 512 7.7 2.42 17.25

Keccak 224 68.1 2.54 62.12

Keccak 256 68.1 2.55 62.71

Keccak 384 68.1 2.6 52.57

Keccak 512 68.1 2.65 36.80

Skein 256 52.4 2.39 61.51

Skein 512 52.4 2.48 61.35

Skein 1024 52.4 2.67 46.37

MD5 128 3.3 2.15 308.64

SHA-1 160 6 2.17 167.85

SHA256 256 3.7 2.22 95.44

SHA512 512 17 2.41 42.82

For MACs, ULCL supports MD5 (CyASSL, 2013),

SHA-1 (CyASSL, 2013), SHA-2 (CyASSL, 2013),

SHA-3 (Keccak) (Bertoni et al., 2008) and the other

SHA-3 contest’s (NIST, 2012) finalists Blake

(Aumasson et al., 2008), JH (Wu, 2008), Groestl

(Gauravaram et al., 2008) and Skein (Ferguson et

al., 2008). MD5 and SHA-2 are the most known

MACs for mainstream applications. MD5 isn’t

collision resistant, thus less secure, but is very fast.

SHA-2 is still secure and the SHA-3 contest targeted

to establish an alternative standard. The SHA-3

functions are newer progressive MACs that adopt

different design features than SHA-2.

Table 3 and

Figure 3, summarizes the MACs’ features.

Figure 3: ULCL MACs.

3.2 Lightweight APIs

For every crypto-primitive type (block cipher,

stream cipher, MAC), we implement a common API

for utilizing all the different primitives with their

parameters. The API was designed with developers

in mind and is easy-to-use. There are common

functions in each category for initialization and

processing. All size values are measured in bytes.

The common API for the block ciphers is:

ulcl_block_ctx *ulcl_block_init (char

*cipher, byte *key, int key_size):

Initializes the block cipher (cipher) and the

encryption key (key). The function returns a cipher

data structure.

int ulcl_block_destroy (ulcl_block_ctx

*ctx): Frees the allocated memory. The function

returns an error code.

byte *ulcl_block_encrypt (ulcl_

block_ctx *ctx, byte *plaintext, int

pl_size, char *mode, char *padding):

Encrypts a plaintext (plaintext) with the block cipher

(ctx) and the mode of operation (mode) and padding

(padding). The function returns the ciphertext.

byte *ulcl_block_decrypt (ulcl_

block_ctx *ctx, byte *ciphertext, int

cp_size):

Similar with ‘ulcl_block_encrypt’. The

function decrypts a ciphertext and returns the

plaintext.

The common API for the stream ciphers is:

PECCS2014-InternationalConferenceonPervasiveandEmbeddedComputingandCommunicationSystems

250

ulcl_stream_ctx *ulcl_stream_init (char

*cipher, byte *key, int key_size, byte

*iv, int iv_size):

Initializes the stream

cipher (cipher) and the encryption key (key) and the

IV (iv). The function returns a cipher data structure.

int ulcl_stream_destroy (ulcl_

stream_ctx *ctx): Frees the allocated memory.

The function returns an error code.

byte *ulcl_stream_encrypt (ulcl

_stream_ctx *ctx, byte *plaintext, int

pl_size):

Encrypts a plaintext (plaintext) with

the stream cipher (ctx). The function returns the

ciphertext.

byte *ulcl_stream_decrypt (ulcl

_stream_ctx *ctx, byte *ciphertext, int

cp_size)

: Similar with ‘ulcl_stream_encrypt’. The

function decrypts a ciphertext and returns the

plaintext.

The common API for the MACs is:

ulcl_hash_state *ulcl_hash_init (char

*hash_func, int hash_size): Initializes the

hash function (hash_func) and returns a hash

function structure.

int ulcl_hash_destroy (ulcl_ hash_state

*state): Frees the allocated memory. The

function returns an error code.

byte *ulcl_get_hash (ulcl_hash_state

*state, byte *msg, int msg_size):

Processes the message (msg) with the hash function

(state). The function returns the digest.

Moreover, we implement a second API for

developers that aren’t familiar with cryptography.

The developers don’t deal with selecting crypto-

primitives and their parameters. When this simple

API is compiled, ULCL performs a test program to

figure out the system’s capabilities in memory and

processing capabilities. According to this test,

ULCL invokes internally the most appropriate

primitives for this device. The API is suitable for

cryptographic applications in homogeneous systems.

Also, it is appropriate for educational purposes in

computer security. All the function arguments are

strings and contain hexadecimal numbers in string

form.

The simple API for the block ciphers is:

char *ulcl_block_encrypt_simple (char

*data, char *key)

: Encrypts a plaintext (data)

with the key (key) and returns the ciphertext.

char *ulcl_block_decrypt_simple (char

*data, char *key) )

: Decrypts a ciphertext

(data) with the key (key) and returns the plaintext.

The simple API for the stream ciphers is:

char *ulcl_stream_encrypt_simple (char

*data, char *key, char *iv): Encrypts a

plaintext (data) with the key (key) and the IV (iv)

and returns the ciphertext.

char *ulcl_stream_decrypt_simple (char

*data, char *key, char *iv):

Decrypts a

ciphertext (data) with the key (key) and the IV (iv)

and returns the plaintext.

The simple API for the MACs is:

char *ulcl_hash_simple(char *data):

Processes the message (data) and returns the digest.

From the supported primitives, PRESENT,

Clefia, XTEA, Rabbit, Salsa20, Grain, ARC4, MD5

and SHA-2 are the most compact (

Figure 4).

Figure 4: The most compact cryptographic primitives.

3DES, MICKEY v2, Trivium, JH and Skein require

the least RAM (Figure 5).

Figure 5: The cryptographic primitives that require the

least RAM.

ULCL-AnUltra-lightweightCryptographicLibraryforEmbeddedSystems

251

Figure 6: The fastest cryptographic primitives.

AES, Camellia, HC128, SOSEMANUK, MD5,

SHA-1, SHA-2 and Blake are the fastest (

Figure 6).

3.3 Configurable Compilation

Our main novelty is the configurable compilation

process. A user can define an exact set of crypto-

primitives that are compiled without compiling the

whole library. Thus, the executable code that runs on

the embedded device is small. For example a user

can compile only a compact AES implementation

and use it through the common API for block

ciphers. As embedded devices run a specific set of

protocols and crypto-primitives, our configurable

implementation of lightweight primitives is a good

candidate library.

The block ciphers API occupies 5.22 – 23.5KB

of ROM memory. The overhead is high as we

implement the modes of operation and the padding

schemes except from the API for en/decryption. The

stream ciphers API occupies 1.74 – 7.4KB and the

hash functions API occupies 1.75 – 7.4KB. The total

API overhead is about 1.74 – 38.3KB and the library

occupies 4 – 516.7KB.

Figure 7: Segmented compilation.

Figure 7, illustrates the segmented compilation

process. Each box represents a different compilation

option. For example, a user can compile the whole

library, the block ciphers or specific crypto-

primitives.

3.4 Other Features

ULCL is open source and well-documented. The

library contains a series of examples and test files.

The examples demonstrate the compilation process

capabilities and the utilization of the APIs. A user

can execute command line tests for each compiled

primitive. Furthermore, a benchmark suite is

provided for measuring the library’s features in the

application setting. The APIs performs extensive

error checking and reports relative error codes. The

correct functionality of the whole library is

validated. Each crypto-primitive is verified through

the manufacturer’s test vectors and common tests

with well-known libraries, like OpenSSL.

4 DISCUSSION

ULCL’s ordinary compilation occupies the least

code size as it offers only basic cryptographic

functionality. By default OpenSSL installs the full

library while CyaSSL installs only a core set of it.

CyaSSL can occupy about 90% less code size than

OpenSSL. The code footprint is a significant factor

for the applications that we study. ULCL’s size is

suitable for lightweight and ultra-lightweight

applications and CyaSSL’s size is suitable for

lightweight ones. OpenSSL produce high footprint,

which is over 1MB.

Figure 8, illustrates the code size

of the examined libraries.

Figure 8: The code size of the examined libraries.

In comparison with Edon, ULCL supports a variety

of known standard or lightweight ciphers, whose

security properties are well-studied, while keeping

PECCS2014-InternationalConferenceonPervasiveandEmbeddedComputingandCommunicationSystems

252

an easy-to-use API. For the user-friendly API and

the internal selection of the best primitives, ULCL

uses a similar testing procedure at compilation time

as NaCl.

5 CONCLUSIONS

We implement the compact crypto-library ULCL for

constrained and ultra-constrained devices. The

library embodies open source implementations of

known ciphers and provides a variety of basic

crypto-primitives. Totally, 27 cryptographic

primitives are supported as well as 6 padding

schemes and 3 modes of operation for the block

ciphers. The user can configure the compilation

process and compile the exact set of primitives that

are necessary, without redundant functionality.

ULCL requires 4 – 516.7KB of code. For each

cryptographic primitive type (block/stream ciphers

and hash functions), there is a common API for all

the relevant primitives and an API for users that

aren’t familiar with cryptography. ULCL is well-

documented, with several example and test

programs, and its correct operation is validated.

ACKNOWLEDGEMENTS

This work was funded by the General Secretarial

Research and Technology (G.S.R.T.), Hellas under

the Artemis JU research program nSHIELD (new

embedded Systems arcHItecturE for multi-Layer

Dependable solutions) project. Call: ARTEMIS-

2010-1, Grand Agreement No: 269317.

REFERENCES

Aumasson, J.-P. et al., 2008. Blake implementation. SHA-

3 contest. Available at: http://131002.net/blake/ .

Babbage, S. & Dodd, M., 2005. MICHEY v2

implementation. eSTREAM project. Available at:

http://www.ecrypt.eu.org/stream/e2-mickey.html .

BeagleBoard.org Foundation, 2011. BeagleBone manual.

Available at: http://beagleboard.org/bone .

Berbain, C. et al., 2005. SOSEMANUK implementation.

eSTREAM project. Available at: http://

www.ecrypt.eu.org/stream/e2-sosemanuk.html .

Bernstein, D. J., 2009. Cryptography in NaCl. Networking

and Cryptography library, (Mc 152). Available at:

http://cr.yp.to/highspeed/naclcrypto-20090310.pdf .

Bernstein, D. J., 2005. Salsa20 implementation.

eSTREAM project. Available at: http://

www.ecrypt.eu.org/stream/e2-salsa20.html .

Bernstein, D. J., Lange, T. & Schwabe, P., 2012. The

security impact of a new cryptographic library.

Progress in Cryptology– LATINCRYPT 2012,

Springer Berlin Heidelberg, LNCS, 7533, pp.159–176.

Available at: http://link.springer.com/

chapter/10.1007/978-3-642-33481-8_9 .

Bertoni, G. et al., 2008. SHA-3 (Keccak) implementation.

SHA-3 contest. Available at: http://

keccak.noekeon.org/ .

Boesgaard, M. et al., 2005. Rabbit implementation.

eSTREAM project. Available at: http://

www.ecrypt.eu.org/stream/e2-rabbit.html .

Canniere, C. de, Dunkelman, O. & Knezevic, M., 2009.

ULCL-AnUltra-lightweightCryptographicLibraryforEmbeddedSystems

253

KATAN/KTANTAN implementation. Available at:

http://www.cs.technion.ac.il/~orrd/KATAN/ .

Canniere, C. De & Preneel, B., 2005. TRIVIUM

implementation. eSTREAM project. Available at:

http://www.ecrypt.eu.org/stream/e2-trivium.html .

Chen, C.-Y. & Chao, H.-C., 2011. A survey of key

distribution in wireless sensor networks. In J. & S.

Wiley, ed. Security and Communication Networks.

Wiley Online Library, p. n/a–n/a. Available at:

http://doi.wiley.com/10.1002/sec.354 .

CIFS Library, 2010. DES & 3DES implementation.

Available at: http://www.ubiqx.org/proj/

libcifs/source/Auth/ .

CyASSL, 2013. MD5, SHA1, SHA256, SHA512, ARC4

implementatons. Available at: http://www.yassl.com/

yaSSL/Products-cyassl.html .

Dworkin, M., 2001. Recommendation for block cipher

modes of operation, NIST special publication,

Available at: http://csrc.nist.gov/publications/

nistpubs/800-38a/sp800-38a.pdf .

ECRYPT, 2008, eSTREAM project. Available at:

http://www.ecrypt.eu.org/stream/.

Erdelsky, P.J., 2002. AES implementation. Available at:

http://www.efgh.com/software/rijndael.htm .

Ferguson, N. et al., 2008. Skein implementation. SHA-3

contest. Available at: http://www.skein-hash.info/ .

Gauravaram, P. et al., 2008. Groestl implementation.

SHA-3 contest. Available at: http://www.groestl.info/ .

Gligoroski, D., 2003. Edon-library of reconfigurable

cryptographic primitives suitable for embedded

systems. In Workshop on cryptographic hardware and

embedded systems. Available at:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.

1.1.13.7586&rep=rep1&type=pdf .

Guo, J. et al., 2011. LED implementation. Available at:

http://sites.google.com/site/ledblockcipher/home-1 .

Hell, M., Johansson, T. & Meier, W., 2005. Grain

implementation. eSTREAM project. Available at:

http://www.ecrypt.eu.org/stream/e2-grain.html .

Hutter, M. & Schwabe, P., 2013. NaCl on 8-bit AVR

Microcontrollers. IACR Cryptology ePrint Archive2.

Available at: http://eprint.iacr.org/2013/375.pdf.

Klose, D., 2007. PRESENT implementation. Available at:

http://www.lightweightcrypto.org/implementations.ph

p .

Manifavas, C. et al., 2013. Lightweight Cryptography for

Embedded Systems - A Comparative Analysis. 6

International Workshop on Autonomous and

Spontaneous Security – SETOP2013, Springer, LNCS,

8247, pp.1–18.

Memsic Inc., 2010. Memsic Isis manual. Available at:

http://www.memsic.com/userfiles/files/User-

Manuals/iris-oem-edition-hardware-ref-manual-7430-

0549-02.pdf .

NIST, 2012. SHA-3 contest. Available at:

http://csrc.nist.gov/groups/ST/hash/sha-

3/Round3/submissions_rnd3.html .

NTT - Secure Platform Laboratories - Information

Security Project, 2013. Camellia implementation.

Available at: https://info.isl.ntt.co.jp/crypt/

eng/camellia/ .

SONY, 2008. Clefia implementation. Available at:

http://www.sony.net/Products/cryptography/clefia/ .

The OpenSSL Project, 2013. Openssl, Available at:

http://www.openssl.org .

Wheeler, D. & Needham, R., 1997. XTEA

implementation. Available at: http://en.wikipedia.org/

wiki/XTEA .

Wheeler, D. & Needham, R., 1998. XXTEA

implementation. Available at: http://en.wikipedia.org/

wiki/XXTEA .

WolfSSL Inc., 2013. CyaSSL embedded SSL library.

Available at: http://yassl.com/yaSSL/Products-

cyassl.html .

Wu, H., 2005. HC-128 implementation. eSTREAM

project. Available at: http://www.ecrypt.eu.org/

stream/e2-hc128.html .

Wu, H., 2008. JH implementation. SHA-3 contest.

Available at: http://www3.ntu.edu.sg/home/

wuhj/research/jh/ .

PECCS2014-InternationalConferenceonPervasiveandEmbeddedComputingandCommunicationSystems

254