Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

eFPE: Design, Implementation, and Evaluation of a Lightweight Format-Preserving Encryption Algorithm for Embedded Systems

Nishant Vasantkumar Hegde, Suneesh Bare, K B Ramesh, Aamir Ibrahim

TL;DR

This work introduces eFPE, a lightweight format-preserving encryption scheme optimized for resource-constrained embedded systems. It combines an 8-round balanced Feistel network with a novel AES-inspired PRF to directly encrypt even-length decimal strings without padding, aiming for IND-CCA2 security. The authors implement and validate eFPE on an LPC2148 MCU, achieving a total firmware footprint of 4.73 kB ROM and 1.34 kB RAM, with the core module occupying 3.55 kB ROM and 116 B RAM. The study positions eFPE as a practical, low-footprint solution for secure numeric data in terminals, medical sensors, and industrial IoT, and outlines future work on expanding data types, hardware acceleration, and deeper energy and security analyses.

Abstract

Resource-constrained embedded systems demand secure yet lightweight data protection, particularly when data formats must be preserved. This paper introduces eFPE (Enhanced Format-Preserving Encryption), an 8-round Feistel cipher featuring a "novel lightweight Pseudorandom Function (PRF)" specifically designed for this domain. The PRF, architected with an efficient two-iteration structure of AES-inspired operations (byte-substitution, keyed XOR, and byte-rotation), underpins eFPE's ability to directly encrypt even-length decimal strings without padding or complex conversions, while aiming for IND-CCA2 security under standard assumptions. Implemented and evaluated on an ARM7TDMI LPC2148 microcontroller using Keil μVision 4, eFPE demonstrates the efficacy of its targeted design: a total firmware Read-Only Memory (ROM) footprint of 4.73 kB and Random Access Memory (RAM) usage of 1.34 kB. The core eFPE algorithm module itself is notably compact, requiring only 3.55 kB ROM and 116 B RAM. These characteristics make eFPE a distinct and highly suitable solution for applications like financial terminals, medical sensors, and industrial IoT devices where data format integrity, minimal resource footprint, and low operational latency are paramount.

eFPE: Design, Implementation, and Evaluation of a Lightweight Format-Preserving Encryption Algorithm for Embedded Systems

TL;DR

This work introduces eFPE, a lightweight format-preserving encryption scheme optimized for resource-constrained embedded systems. It combines an 8-round balanced Feistel network with a novel AES-inspired PRF to directly encrypt even-length decimal strings without padding, aiming for IND-CCA2 security. The authors implement and validate eFPE on an LPC2148 MCU, achieving a total firmware footprint of 4.73 kB ROM and 1.34 kB RAM, with the core module occupying 3.55 kB ROM and 116 B RAM. The study positions eFPE as a practical, low-footprint solution for secure numeric data in terminals, medical sensors, and industrial IoT, and outlines future work on expanding data types, hardware acceleration, and deeper energy and security analyses.

Abstract

Resource-constrained embedded systems demand secure yet lightweight data protection, particularly when data formats must be preserved. This paper introduces eFPE (Enhanced Format-Preserving Encryption), an 8-round Feistel cipher featuring a "novel lightweight Pseudorandom Function (PRF)" specifically designed for this domain. The PRF, architected with an efficient two-iteration structure of AES-inspired operations (byte-substitution, keyed XOR, and byte-rotation), underpins eFPE's ability to directly encrypt even-length decimal strings without padding or complex conversions, while aiming for IND-CCA2 security under standard assumptions. Implemented and evaluated on an ARM7TDMI LPC2148 microcontroller using Keil μVision 4, eFPE demonstrates the efficacy of its targeted design: a total firmware Read-Only Memory (ROM) footprint of 4.73 kB and Random Access Memory (RAM) usage of 1.34 kB. The core eFPE algorithm module itself is notably compact, requiring only 3.55 kB ROM and 116 B RAM. These characteristics make eFPE a distinct and highly suitable solution for applications like financial terminals, medical sensors, and industrial IoT devices where data format integrity, minimal resource footprint, and low operational latency are paramount.

Paper Structure

This paper contains 21 sections, 3 equations, 3 figures, 5 tables.

Table of Contents

  1. Introduction
  2. eFPE Algorithm Design
  3. Round Function (F)
  4. Key Schedule
  5. Encryption and Decryption Process Summary
  6. Security Analysis
  7. Theoretical Security Model
  8. Resistance to Common Cryptanalytic Attacks
  9. Security versus Block Size
  10. Implementation and Experimental Setup
  11. Hardware and Development Environment
  12. Validation and Evaluation Methodology
  13. System Prototype Operation
  14. Performance Evaluation of eFPE
  15. Memory Footprint Analysis
  16. ...and 6 more sections

Figures (3)

  • Figure 1: The data flow of a single round ($i$) in the eFPE Feistel network. The right half ($R_{i-1}$) and the round key ($K_i$) are processed by the lightweight PRF (F). The result is XORed with the left half ($L_{i-1}$) to produce the new right half ($R_i$), while the original right half is swapped to become the new left half ($L_i$).
  • Figure 2: System architecture of the eFPE prototype. The diagram shows the hardware components and the internal software structure of the firmware running on the LPC2148 MCU. The 'Total System Firmware' comprises the Application Logic, Hardware Drivers, and the core cryptographic module, providing crucial context for the performance analysis in Section V.
  • Figure 3: Memory footprint comparison of the Total System Firmware versus the eFPE Core only. The stacked bars show the breakdown of RAM (darker orange/lower segment) and ROM (lighter orange/upper segment). The chart visually emphasizes the minimal resource consumption of the core algorithm relative to the full system's overhead, particularly the very small RAM requirement.