CLEA-256-based text and image encryption algorithm for security in IOD networks

Abstract

Drones are resource-constrained devices that monitor areas that are not easily reachable by humans. A network of drone(s) and a Ground Control Station (GCS) are called an Internet of Drones (IoD) network. A vast amount of data communication happens between a drone and a GCS. Since previous works have not tested lightweight encryption algorithms on experimental IoD networks which use resource-constrained processing computers, RP 3B+ boards are used as processing computers for the proposed setup. The proposed setup consists of one experimental drone with an RP 3B+ board as the processing computer (which acts like a client) and a GCS (which acts like a server). Moreover, since previous works have not explored the consequences of using the same encryption algorithm for text + image, a lightweight encryption algorithm named Customized Lightweight Encryption Algorithm (CLEA)-256 has been designed, which can be used for encryption and decryption of text files and images. The algorithm implementations have been done using Python, and communications between the drone and the GCS have been done using a phone hotspot. A drone experiment is performed for an IoD network, in which the drone captures text data like sensor data, GPS data, etc., as well as generates a panorama. The drone encrypts the text file and panorama and sends them through a zip file to the GCS. GCS decrypts the encrypted data. Security analysis, as well as performance analysis, has been shown for the CLEA-256 algorithm for aerial data as well as some standard images. Results show that the CLEA-256 algorithm provides good security and performance features and it outperforms the traditional LEA-256 algorithm as well as some recently published work for aerial data as well as some standard images.

Keywords:

• Decrypt
• drone
• encrypt
• GCS
• LEA-256
• panorama
• performance
• round keys
• security
• text

View correction statement:

Correction

1. Introduction

Unmanned Aerial Vehicles (UAVs), which are also known as drones, can be categorized into two based on their operating methods: automated and manual (by a pilot). For the two operating modes of flight, a communication link between Ground Control Station (GCS) and UAV is necessary. In the automated operating mode of flight, UAV is navigated through Global Positioning System (GPS) data. In manual flight operating mode, the drone is controlled by a pilot through virtual cockpit control, or Line of Sight (LoS) (Shoufan et al., 2018). Based on the drone-based applications, drones can be categorized into two: civilian drones and military drones (Wang et al., 2019). Civilian drones have got benefits in various applications like search and rescue operations (Saif, Dimyati, Noordin, Alsamhi, et al., 2021), agriculture (Moskvitch, 2015), environmental monitoring (Alsamhi et al., 2019), monitoring of areas affected by natural disasters, recovery operations (Saif, Dimyati, Noordin, Shah, et al., 2021), monitoring of traffic and construction sites (Alsamhi et al., 2021), etc. Military drones have got benefits in applications like tactical reconnaissance, surveillance, combat missions, etc. (Armour & Ross, 2017).

UAVs or Drones have been used in various aspects of technology in the last several decades. Initially, UAVs were used only for military applications, research, and education. But later on, drones have been used for various other applications like telecommunication, agriculture, medicines, food delivery, etc. Many applications and software have been designed to make the drones user-friendly and interface the drones with other devices, to enhance their performance. Many researchers have also worked towards the automation of drones, i.e. drones are programmed to get data, analyze data, take decisions, etc. (Al Habsi et al., 2015). According to the flight type, drones can be classified as Fixed wing drones, Rotor Wing drones, Co-axial drones, Tilt-Rotor drones, and Multi-rotor drones (Kim et al., 2015). A typical drone system consists of the following components: a flight controller, multiple rotors, a remote controller, and a wireless receiver. The flight controller (FC) receives input signals from the remote controller through the wireless receiver, and the FC controls the orientation, speed, altitude, and other parametrs of the drone based on the pilot’s convenience (Son et al., 2015). A network of drone(s) and a GCS is called an Internet of Drones (IoD) network.

Raspberry Pi (RP) is a multi-purpose credit card-sized computer. It has different features like High-Definition Multimedia Interface (HDMI) port, Universal Serial Bus (USB) slots, ethernet port, General Purpose Input/Output (GPIO) pins, etc. NOOBS and Raspbian are the popular operating systems used by RPs. Since RP is lightweight and has good computational capabilities, it is a good candidate for the payload of a drone (Vemi & Panchev, 2015). RPs are used for different applications like Tablets, supercomputers, etc. (Naik & Sudarshan, 2019; Prasanna et al., 2017). Different RP models have been released over time. All these models have Advanced RISC Machine (ARM) CPU and on-chip Graphics Processing Unit (GPU) integrated (Maharaja & Ansari, 2019). RP 3B+ is a microcomputer (which has the size of that of a credit card) with a clock speed of 1.4 GHz, a 64-bit quad-core processor, and a RAM of just 1 GB. It has four USB slots and 40 GPIO pins. It also has other features like Local Area Network (LAN) and Wi-Fi connectivity, Display Serial Interface, Camera Serial Interface, HDMI slot, etc. (Nath, 2020).

A vast amount of data are being transmitted and processed, in this era. As a result, malicious software and attackers try to intercept the data during the transmission. Hence, there is a need to keep sensitive and valuable data secure during transmission. Cryptography is a technique that can be used for this purpose. Cryptography is a method of keeping data and communication secure by utilizing codes so that only the intended users can read and process it. There are three major aspects of cryptography: encryption, decryption, and cryptographic key. Encryption is a process of converting information in a readable form (i.e. plain text) to information in an unreadable form (i.e. ciphertext). Decryption is a process of converting information in an unreadable form back to information in a readable form. The key is a parameter in a cryptographic algorithm that plays a major role in determining the output of the cryptographic algorithm (Chandra et al., 2014; Mota et al., 2017). Based on the type of cryptographic keys, cryptography can be categorized into two types: symmetric-key cryptography and asymmetric-key cryptography (Chandra et al., 2014). Attempts have been made to keep the data storage and data communications secure by using strong encryption algorithms. Attempts have also been made for the detection of malware (O. A. Alzubi et al., 2023), design of intrusion detection systems, etc., for safe data transmissions. However, in implementations of encryption algorithms with many rounds of operations, many computations are not practically possible on devices due to various performance metrics like memory, power consumption, etc. of the devices. Hence, strong and lightweight encryption algorithms should be implemented for resource-constrained devices. A significant performance of lightweight encryption algorithms can be achieved over traditional encryption algorithms by using limited block sizes, a lesser number of rounds, simple rounds, reduced key schedules, etc. (Kousalya & Kumar, 2019). Some of the lightweight encryption algorithms which have already been implemented are Hummingbird, PRESENT, RECTANGLE, SIMON, SPECK, PUFFIN, KLEIN, LED, Piccolo, PRINTcipher, Lightweight Encryption Algorithm (LEA), etc. The authors have hence worked on developing strong and lightweight encryption algorithms for resource-constrained devices like IoT, by providing a good amount of security with negligible compromise in the performance of the algorithms (O. A. Alzubi et al., 2020; Rani et al., 2020).

1.1. Motivation

In an IoD network consisting of two devices (i.e. a drone and a GCS), the drone transmits different types of sensitive data in the form of text, image(s), etc. to the GCS. This type of sensitive data transmission and storage is vulnerable to different types of attacks by adversaries. Hence, it is necessary to provide IoD networks with strong cryptographic protocols which can safeguard such storage and communications. Since drones are resource-constrained devices, and since lightweight experimental drones can be supported with just short-time-lasting charged batteries, there is a necessity for faster execution of the data preparation process and cryptographic protocols of the IoD network, during a drone experiment. Hence, it is necessary to ensure that the IoD network is supported with lightweight cryptographic protocols as well. Hence, a lightweight encryption algorithm named Customized LEA (CLEA)-256 has been proposed for an IoD network.

1.2. Contributions

The major contributions of this research work are as follows:-

• Initially, a CLEA-256-based round keys generation algorithm was designed, which would be based on the Elliptic Curve Cryptography (ECC) secret key generated for each session.

• Then a lightweight encryption algorithm named CLEA-256 was designed, which would be applicable for encryption and decryption of both text files and images.

• An experiment of IoD network was performed, in which both the drone and the GCS were supported with RP 3B+ as the processing computers. Encryption and decryption for the generated text file (sensor data, GPS data, etc.) and the generated panorama were performed.

• Security, as well as performance analysis, was performed for the designed CLEA-256 algorithm for the data generated during the IoD experiment.

• Security as well as performance analysis of another aerial panorama, and two other standard images were performed to check the reliability of the developed algorithm.

1.3. Structure of the paper

The rest of the paper is organized into the following sections: Section 2 gives background about the traditional algorithms LEA and ECC. Section 3 describes the existing work related to encryption algorithms. Section 4 explains the proposed methodology, its flow, and the setup used. Section 5 explains the results obtained in terms of security as well as performance. Finally, Section 6 concludes the paper.

2. Prerequisites

Before getting into the Methodology section, it is necessary to discuss some basic algorithms which are used to build up the designed algorithm. The designed scheme uses Customized ECC for Authenticated Key Agreement (AKA) and customized Lightweight Encryption Algorithm (LEA) for encryption and decryption.

2.1. ECC

ECC has been used increasingly for the past few decades now. ECC is a public key cryptographic protocol that can be used for the implementation of digital signatures and key agreements, as well as encryption and decryption. ECC algorithm provides high security and efficiency even for small key sizes. Over a finite field Fp, where p > 3 and p is a prime, the standard equation of an elliptic curve is given by Equation 1. NIST has defined several ECC curves over very large primes, such as secp192r1, secp224r1, secp256r1, secp384r1, and secp521r1. ECC has been used for several applications like bitcoin, Secure Shell (SSH), Transport Layer Security (TLS), etc. (Bos et al., 2014).

(1) $y^2=x^3+\mathit{ax}+\mathit{b}$(1)

2.2. LEA

LEA is a symmetric lightweight block cipher encryption algorithm that takes an input of 128 bits block and generates an output of 128 bits block. There are three versions of the LEA algorithm based on the size of the keys used: LEA-128 (128 bits key), LEA-192 (192 bits key), and LEA-256 (256 bits key). LEA-128 consists of 24 rounds, LEA-192 consists of 28 rounds, and LEA-256 consists of 32 rounds during encryption and decryption. The key scheduling (sub-keys generation) operation starts with the usage of eight round keys for all three variants of the LEA algorithm. The operations used by the LEA algorithm are bitwise XOR operations, left and right bit rotation operations, and additions and subtractions modulo $2^{32}$ operations. The LEA algorithm is better than the Advanced Encryption Standard (AES) and HIGHT lightweight algorithm, as LEA uses only one round function (Lee et al., 2014).

3. Related work

Some authors designed and implemented encryption schemes for the encryption and decryption of text messages and secure communication of text messages. Gagana et al. (2019), proposed an ECC-based text encryption mechanism in Wireless Sensor Networks (WSN). The system architecture consisted of two Multi-Sequence Positioning (MSP) 430 sensors. The mechanism consisted of three modules: Key Agreement and Key Exchange Module, Encryption Module, and Decryption Module. Key Agreement and Key Exchange Module were implemented using the ECC algorithm. AES-128 algorithm was used in encryption and decryption modules. The simulations of the proposed method were performed with Contiki OS being installed. The mechanism could securely and efficiently transfer different real-time data like temperature data, gyroscope data, etc. Junejo and Komninos (2020), designed a lightweight attribute-based message encryption algorithm using concepts of ECC for fog-enabled Cyber-Physical Systems (CPS). Two experiments were performed for the scheme. The first experiment was performed on an RP 3B+ board. The second experiment was performed on a Desktop with 8 GB RAM and virtual machine Ubuntu R16.04. Experiments were performed for 1 KB and 1 MB messages. For RP 3B+, the highest recorded message encryption speed was 5120 characters/second, and the highest recorded message decryption speed was 29,527.14 characters/second. Fadhil et al (Fadhil et al., 2021), developed a secure AES-based lightweight encryption algorithm suitable for Internet of Things (IoT) devices, called LAES (lightweight AES). LAES used a 1D chaotic logistic map for the generation of an S box. The LAES differed from the traditional AES by the fact that LAES used initial permutation instead of shift rows and dynamic shift rows instead of mixed column operations. The network model of LAES consisted of three entities: Sensors, RP 3B, and a server. Alicea et al (Alicea et al., 2022), developed a lightweight text encryption algorithm named Mypher. The algorithm was a 64-bit block cipher that used an 80-bit key. The algorithm was a hybrid of three traditional lightweight encryption algorithms: PRINCE, TWINE, and PRESENT. The algorithm was implemented for 1000 eight-character strings on three different devices: RP 3B+, RP 4B, and Intel core i7-based laptop. Results for the Mypher algorithm showed that for all three devices, the decryption times were more than the encryption times.

Some authors had designed and implemented text file encryption schemes. Sihotang et al (Sihotang et al., 2020), proposed a method to encrypt and decrypt text file data using RSA cryptosystem. Kumari et al (Kumari & Kapoor, 2020), designed an ECC-based secure text encryption scheme for Intranet. The checksum calculation operation was performed during encryption, and the Checksum comparison operation was performed during decryption. During encryption and decryption, the operations were performed by dividing the data into chunks. Integrity check was done using MD5 algorithm, and encryption/decryption was done using RC5 and ECC algorithms.

Several authors worked on the design and implementation of secure and efficient image encryption algorithms. (J. A. Alzubi et al., 2019). proposed a novel image encryption algorithm with a steganography technique. The algorithm was implemented using MATLAB programming language. ElKamchouchi et al (ElKamchouchi et al., 2020), developed an image encryption algorithm based on DNA confusion and hybrid chaotic map diffusion. Simulations of the proposed algorithm were performed on grayscale images (resolution: 200 × 200) like Lena, Circuit, and Cameraman. The computer used for the algorithm’s implementation consisted of 8 GB RAM and an Intel Core i7 Duo processor. (M. Khan et al., 2020), proposed an encryption algorithm suitable for images, based on the Fibonacci series and multiple chaotic iterative maps. The implementation of the algorithm was done on a 64-bit based Windows 10 system using MATLAB 2017a. The algorithm was tested on standard color images like Lena, Splash, Airplane, etc. (Taqi & Hameed, 2020), devised a beta chaotic map-based encryption algorithm for color images. (Ferdush et al., 2021), designed a chaotic lightweight image encryption algorithm. The proposed algorithm was based on Arnold’s Chaotic map and Logistic chaotic map. The experiments were performed on a computer with a core i7 2.9 GHz processor and 16 GB RAM, and the experiments were performed on color images. (Alghafis et al., 2021), proposed an encryption algorithm for color images, which was based on nonlinear components for confusion, and a chaotic nonlinear dynamic system. (L. S. Khan et al., 2022), designed an efficient and secure encryption algorithm for images, based on commutative Chebyshev polynomial. 5 color images of sizes 256 × 256 were considered for performance evaluation of the algorithm. The authors claimed that due to the simplicity of the algorithm, the algorithm could also be used in IoT and IoD. (Wafik et al., 2022), proposed a DNA encoding and chaos map-based image encryption algorithm for cloud computing. The experiments were performed on a CPU of 4 GB RAM and a CPU of 2.6 GHz. The experiments were performed on various types of color images of resolution 256 × 256. (Sarosh et al., 2022), devised an efficient image encryption scheme suitable for healthcare applications. The proposed scheme used DNA encryption and hybrid 3D chaotic maps. The experiments were performed using MATLAB 2017a on Windows 10 OS. The test images were resized to 256 × 256 resolution for all experiments. (Huang et al., 2022), proposed an image encryption algorithm based on dual hash functions and dual chaos systems. Experiments were performed on 13 images (gray and RGB) of resolution 512 × 512. Several authors also designed secure and efficient image encryption algorithms for resource-constrained devices like RPs. (Kiran et al., 2022), proposed a chaos-based lightweight image encryption mechanism for microcomputers. The network model consisted of a RP 3 board and a server. (Guillén-Fernández et al., 2022), proposed an encryption scheme for images, based on synchronized chaotic systems connected over the MQTT protocol. The network model consisted of a broker which was RP 1. The physical implementation of the scheme consisted of four RPs (Broker, Publisher, Subscriber, and Hacker). The secure transmission of an image was performed once the complete physical system was synchronized. (J. A. Alzubi et al., 2022), proposed a homomorphic encryption algorithm using deep neural networks for medical data. The algorithm was implemented using Python 3.6.5. (Alawida et al., 2023), designed an encryption algorithm for images based on a DNA state machine for IoD networks. DNA XOR operations were used both in key scheduling and image encryption operations of the algorithm. The proposed DNA-Finite State Machine (DNA-FSM) algorithm used DNA XOR and left-rotation operations. The experimental setup used DJI Mavic Air 2 Drone, and the computing device used a RAM of 16 GB. The experiments were performed on two types of images: Standard images (e.g. Lena), and surveillance-based images (e.g. Beach, City, and Desert).

(Souror et al., 2022), devised a stream cipher-based encryption algorithm called SCKHA. SCKHA was based on binary hash bit mapping, and it used a variable key length. SCKHA was implemented using C# programming language on Windows 10 Home with 16 GB RAM and an Intel Core i7 processor. The algorithm was experimented on different types of data like text, docs, pdf, images, audio, etc.

3.1. Lessons learned

The authors worked well on designing strong encryption algorithms for encrypting and decrypting different data types like text, images, pdfs, audio, videos, etc., without significantly compromising the performance of the encryption algorithms. Different authors used different setups to test their algorithms. The algorithms were tested on devices with significantly good computational capabilities like a computer with 16 GB RAM with a core i7 processor on one side, and on the other side, algorithms were also tested on resource-constrained devices like RP 3B+ which has a RAM of just 1 GB, and on drones. However, the authors have not explored the consequences of using the same encryption algorithm for different types of data like text files, images, etc. (with no modification or slight modification for image encryption and decryption with respect to that of text) on the same resource-constrained device like RP 3B+ or a drone. Moreover, from the literature review, it was observed that the use of text + image encryption algorithm for an experimental IoD network which uses only RPs with RAM of just 1 GB as processing computers for drone(s) and GCS is an area to explore.

4. Materials and methods

A part of the research work resulted in a conference paper on AKA based on ECC using trigonometric concepts and timestamps (Samanth et al., 2022). Each session generates a new ECC-based secret key, and the subsequent communications happen using the corresponding session secret key as input. For the designed encryption algorithm, the traditional LEA-256 algorithm has been modified and has been named CLEA-256.

Following modifications have been made for the CLEA-256 round keys generation algorithm with respect to the traditional LEA-256 round keys generation algorithm:-

• Instead of using a manual hexadecimal key as input as in LEA-256, CLEA-256 uses the generated ECC secret key (unpredictable) as input for the generation of round keys.

• Instead of using constant session constants as in LEA-256, CLEA-256 uses session constants dependent on the x-coordinate of an ECC secret key for a session.

• Instead of using a 256-bit temporary value dependent on the manually entered hexadecimal key as in LEA-256, CLEA-256 uses a list of 32-bit sub-lists dependent on the y-coordinate of an ECC secret key for a session.

• Instead of using only addition modulo $2^{32}$ operation as the middle operator for every step of every iteration as in LEA-256, CLEA-256 uses six different modulo $2^{32}$ operators as middle operators for every iteration. This would keep the round keys generation algorithm both efficient and robust.

• Instead of using two left bit rotations (fixed bit rotation values) operation for every step of every iteration as in LEA-256, CLEA-256 uses a single customized bit rotation (alternate left and right bit rotations for every step) value for every step of every iteration and each bit rotation value depends on the ECC secret key for each session.

Following modifications have been made for the CLEA-256 encryption/decryption algorithm with respect to that of LEA-256 encryption/decryption algorithm:-

• Instead of dividing the binary input into binary strings of 128 bits each as in LEA-256, CLEA-256 uses a binary NumPy array as input with sub-arrays of 128 bits.

• Instead of using bit rotation operations, xor operations, and addition/subtraction modulo $2^{32}$ operations for every iteration as in LEA-256, CLEA-256 uses only 1 xor operation for every iteration.

• Permutation operation (during encryption) and an inverse permutation operation (during decryption) have been introduced in the CLEA-256 algorithm.

All the implementations have been done using Python. The setup consists of an IoD network with two devices (i.e. a hexacopter drone and a GCS). An RP 3B+ based drone is used as the client. The drone uses Pixhawk Cube Orange as the flight controller with Ardupilot firmware flashed in it. The drone has got other parts too like propellers, GPS, wireless receiver, battery for power supply, etc. The FC is connected to the client RP 3B+, so that different text data like GPS, sensors data, etc., are redirected from the FC to RP 3B +. Another RP 3B+ board powered by a power bank is used as the GCS. Figure 1 shows the image of the setup that is used for performing drone experiments (RP 3B+ based drone acting like a client, and another RP 3B+ board acting like a server or GCS). All communications between the client and the server have been done using a phone hotspot. Figure 2 shows the block diagram corresponding to the proposed methodology.

Figure 1. Setup for performing drone experiments.

Figure 2. Block diagram corresponding to the proposed methodology.

After the setup is ready, the following steps will be executed for the experiment:

1. The server code will be triggered.

2. Once the drone has reached a desirable height, the client code is triggered.

3. The dronekit package is used to collect different text data from the FC, GPS, etc. The code is slightly modified to save the text data to a text file of client RP 3B + .

4. After capturing the text data, and once the drone reaches a desirable height to capture at least moderate-quality images, the camera module will be triggered.

5. The drone hovers at a position that is stable enough to capture a moderate-quality image, yaws and moves towards the right to take a new position, and hovers again at its new position to capture another image. The process continues till seven images have been captured. The seven images are stored in the client RP 3B+ board.

6. The seven images are stitched together to generate a panorama, using an existing image stitching algorithm (Dave, 2021).

7. The text file (containing sensor data, GPS data, etc.) and Panorama are stored in the client RP 3B+ board, which marks the end of the data preparation process.

8. The proposed AKA algorithm (Samanth et al., 2022) is triggered in the server and the client, and the common secret key is generated in the client and the server.

9. The sub-keys generation processes using the proposed CLEA-256 sub-keys generation algorithm are triggered in the client and the server to generate 32 round keys for the encryption and decryption processes, respectively.

10. At the client, the 32 round keys and the plain data (text file and panorama) are fed as inputs to the proposed CLEA-256 encryption algorithm to generate an encrypted text file and an encrypted panorama.

11. The client sends the encrypted data to the server through a zip file.

12. The server extracts the zip file, obtains the encrypted data, and feeds it as well as the 32-bit round keys as inputs to the proposed CLEA-256 decryption algorithm and decrypts the encrypted data. The server finally contains the plain text file and the plain panorama.

Figure 3 shows some images of a drone experiment which was performed in an automobile workshop of MIT, Manipal.

Figure 3. Images of a drone experiment.

4.1. Different parts of CLEA-256 algorithm

The subsection elaborates on different parts of the CLEA-256 algorithm like bit-rotation values generation, round keys (sub-keys) generation algorithm, block encryption algorithm, block decryption algorithm, permutation array generation algorithm, and inverse permutation array generation algorithm.

The proposed CLEA-256 sub-keys (round keys) generation function uses six bit-rotation values (s1, s2, s3, s4, s5, and s6). A tuple of six values is generated as shown in Algorithm 1. As it can be seen from Algorithm 1, the first few digits and the last few digits of the x and y coordinates of the generated ECC secret key point are extracted, modulo 32 operations are performed, and a tuple of 6 bit-rotation values is returned. In Algorithm 1, str(x) stands for conversion of an integer x to string, int(x) stands for conversion of a string x to an integer, and a[b] stands for list comprehension operation where an element with index value b is fetched from the list a.

Table

Algorithm 1: Algorithm to return 6-bit rotation values from the ECC secret key

Input: ecc point Output: s1, s2, s3, s4, s5, s6 1 x = ecc point’s x-coordinate 2 y = ecc point’s y-coordinate 3 s1 = $\mathit{int}(\mathit{str}(\mathit{x})[0:1])\mathrm{mod}32$ 4 s2 = $\mathit{int}(\mathit{str}(\mathit{x})[-2:])\mathrm{mod}32$ 5 s3 = $\mathit{int}(\mathit{str}(\mathit{y})[0:1])\mathrm{mod}32$ 6 s4 = $\mathit{int}(\mathit{str}(\mathit{y})[-2:])\mathrm{mod}32$ 7 s5 = $\mathit{int}(\mathit{str}(\mathit{x})[2:3])\mathrm{mod}32$ 8 s6 = $\mathit{int}(\mathit{str}(\mathit{y})[2:3])\mathrm{mod}32$

Algorithm 2 shows CLEA-256 round keys generation function. In the Algorithm 2, LEA_RK stands for a list of 32 round keys of 192 bits each, 256bin() stands for the 256-bit binary equivalent of a number, sc stands for session constants, T stands for the temporary list, 32bin() stands for the 32-bit binary equivalent of a number, lbr(a,b) stands for left bit rotation of “a” by “b” bits, rbr(a,b) stands for right bit rotation of “a” by “b” bits, stands for addition modulo $2^{32}$, stands for subtraction modulo $2^{32}$, stands for multiplication modulo $2^{32}$, stands for logical XOR operation modulo $2^{32}$, stands for logical OR operation modulo $2^{32}$, stands for logical AND operation modulo $2^{32}$, and $|$ stands for concatenation operation.

Table

Algorithm 2: CLEA-256 round keys generation algorithm

Input: ecc point Output: LEA_RK 1 x = ecc point’s x coordinate 2 y = ecc point’s y coordinate 3 pb1 = 256bin(x) 4 pb2 = 256bin(y) 5 sc = [pb1[0:31], pb1[32:63], pb1[64:95], pb1[96:127], pb1[128:159], pb1[160:191], pb1[192:223], pb1[224:255]] 6 T =[pb2[0:31], pb2[32:63], pb2[64:95], pb2[96:127], pb2[128:159], pb2[160:191], pb2[192:223], pb2[224:255]] 7 (s1, s2, s3, s4, s5, s6) = Return value from Algorithm 1 8 for $\mathit{i}=0$ to $31$ do 9 T[$(6\ast \mathit{i})\mathrm{\%}8$] = 32bin(lbr(int(T[$(6\ast \mathit{i})\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s1)) 10 T[$(6\ast \mathit{i}+1)\mathrm{\%}8$] = 32bin(rbr(int(T[$(6\ast \mathit{i}+1)\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s2)) 11 T[$(6\ast \mathit{i}+2)\mathrm{\%}8$] = 32bin(lbr(int(T[$(6\ast \mathit{i}+2)\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s3)) 12 T[$(6\ast \mathit{i}+3)\mathrm{\%}8$] = 32bin(rbr(int(T[$(6\ast \mathit{i}+3)\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s4)) 13 T[$(6\ast \mathit{i}+4)\mathrm{\%}8$] = 32bin(lbr(int(T[$(6\ast \mathit{i}+4)\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s5)) 14 T[$(6\ast \mathit{i}+5)\mathrm{\%}8$] = 32bin(rbr(int(T[$(6\ast \mathit{i}+5)\mathrm{\%}8$]) int(sc[$\mathit{i}\mathrm{\%}8$]),s6)) 15 LEA_RK[i] = T[$(6\ast \mathit{i})\mathrm{\%}8$]|T[$(6\ast \mathit{i}+1)\mathrm{\%}8$]|T[$(6\ast \mathit{i}+2)\mathrm{\%}8$]|T[$(6\ast \mathit{i}+3)\mathrm{\%}8$]|T[$(6\ast \mathit{i}+4)\mathrm{\%}8$]|T[$(6\ast \mathit{i}+5)\mathrm{\%}8$] end

Algorithm 3 shows the function which encrypts a NumPy array which consists of sub arrays of 128 bits each. In the algorithm, PT_arr stands for a plaintext array block which consists of sub arrays of 128 bits each, and CT_arr stands for the returned ciphertext array block which consists of sub arrays of 128 bits each. LEA_RK_arr stands for a NumPy array which consists of 32 subarrays of 128 bits each. Each sub-array is generated by extracting the first 128 bits of each round key which is generated from Algorithm 2.

Algorithm 4 shows the function which decrypts a NumPy array which consists of sub arrays of 128 bits each. DT_arr stands for returned deciphered array block which consists of sub arrays of 128 bits each. In Algorithms 3 and 4, ⊕ stands for bitwise XOR operation.

Table

Algorithm 3: Algorithm to encrypt a NumPy array having sub arrays of 128 bits each

Input: PT_arr,LEA_RK_arr Output: CT_arr 1 CT_arr = PT_arr ⊕ LEA_RK_arr[0] 2 for $\mathit{i}=1$ to $31$ do 3 CT_arr = CT_arr ⊕ LEA_RK_arr[i] 4 end

Table

Algorithm 4: Algorithm to decrypt a NumPy array having sub arrays of 128 bits each

Input: CT_arr,LEA_RK_arr Output: DT_arr 1 DT_arr = CT_arr ⊕ LEA_RK_arr[31] 2 for $\mathit{i}=1$ to $31$ do 3 DT_arr = DT_arr ⊕ LEA_RK_arr[31-i] 4 end

Algorithm 5 shows the function which generates a permutation array corresponding to a plaintext array. In the algorithm, PT_arr stands for plaintext array which consists of ASCII values of the characters of the plaintext, LEA_RK_arr stands for a NumPy array of 32 sub arrays of 128 bits each, bin(a) stands for binary equivalent of a number or a NumPy array with whole numbers, rms stands for Root Mean Square value, mrms stands for modified rms value, rev(a) stands for reverse of an integer, len(a) stands for length of “a” which could be of any data type, a=sizeequal(b) equation indicates that size of “a” is made equal to that of “b” by performing necessary operations (e.g. if size of “a” is already equal to that of “b,” then “a” is left as it is; if size of “a” is lesser than that of “b,” then “a” is repeated necessary number of times considering the remainder too if any; and if size of “a” is greater than that of “b,” then only the number of elements present in “b” is considered in “a”), prm_bin_arr stands for binary equivalent of the permuted array, roll(a,b) indicates that an array “a” is rotated by “b” units towards right, and resize(a,(b,c)) indicates that an array “a” has been resized to a new size of (b,c) where “b” is the number of sub arrays and “c” is number of elements in each sub array.

Table

Algorithm 5: Function to generate a Permuted binary array corresponding to a plaintext array

Input: PT_arr, LEA_RK_arr Output: prm_bin_arr, mrms 1 PT_arr_bin = bin(PT_arr) 2 rms = rms(PT_arr) 3 rms_int = integer component of rms 4 rms_dec = decimal component of rms 5 m_timestamp = rev(timestamp) 6 m_rms = rms_int ⊕ rms_dec ⊕ m_timestamp 7 m_rms = $\mathit{m}\mathrm{\_rm}{s}^{\mathit{len}(\mathit{m}\mathrm{\_rms})}$ 8 m_rms_bin = bin(m_rms) 9 m_rms_arr_bin = array(m_rms_bin) 10 m_rms_arr_bin_final = sizeequal(PT_arr_bin) 11 LEA_RK_arr_final = sizeequal(PT_arr_bin) 12 prm_bin_arr = PT_arr_bin ⊕ m_rms_arr_bin_final ⊕ LEA_RK_arr_final 13 prm_bin_arr = roll(prm_bin_arr, $\mathit{m}\mathrm{\_rms}\mathrm{mod}\mathit{len}(\mathit{PT}\mathrm{\_arr\_bin})$) 14 prm_bin_arr = resize(prm_bin_arr,(prm_bin_arr/128, 128))

The inverse permutation algorithm is similar to that of the permutation algorithm. But, decrypted binary array, modified rms value generated in the Permutation algorithm, and LEA_RK_arr are used as inputs in the algorithm instead. Moreover, in the Inverse Permutation algorithm, only the line numbers 8 to 13 will be present. At the end of the inverse permutation function, i.e. the 13^th line, the resultant binary array is left rotated by the same units as that which was used for the right rotation in the permutation function.

4.2. Encryption and decryption of text file and panorama

The subsection explains how the text file (containing sensor data, GPS data, etc.) and the panorama are encrypted at the drone, sent through a zip file to the GCS, and how the encrypted text file and encrypted image are decrypted at the GCS.

The following steps are executed for the encryption of the text file and the panorama in the drone:-

1. LEA_RK_arr is generated from the value obtained from Algorithm 2 using the ECC secret key as input.

2. The plaintext from the plaintext file is extracted. The number of characters in the plaintext is made a multiple of 16 if it is not the case already, by padding a necessary number of spaces, to form a new plaintext.

3. Based on the result obtained in step 2, the corresponding NumPy array is generated which contains the ASCII decimal equivalents of the characters of the new plaintext obtained in step 2.

4. The result obtained in step 3 is fed as one of the inputs to Algorithm 5.

5. The algorithm 5 generates a tuple of two values (i.e. a permuted binary array containing sub arrays of 128 bits each and a modified RMS value corresponding to the plaintext).

6. The binary array obtained in step 5 and the binary array obtained in step 1 are fed as inputs to Algorithm 3.

7. The return value obtained in step 6 is made one-dimensional.

8. The 8-bit binary values of the array obtained in step 7 are grouped, and the corresponding character equivalents are calculated to generate a ciphertext, and the ciphertext is stored as bytes in a text file.

9. The panorama is resized to a new resolution, i.e. 2000 × 500 for a better view.

10. The image is converted into a three-dimensional NumPy array from step 9, and the 3D array contains all the different pixel values of the image.

11. The array obtained in step 10, is made 1D, and is fed as one of the inputs to Algorithm 5.

12. The algorithm 5 generates a tuple of two values (i.e. a permuted binary array containing sub-arrays of 128 bits each and a modified RMS value corresponding to the image obtained in step 9).

13. The permuted binary array obtained in step 12 is used as one of the inputs to Algorithm 3.

14. The result obtained in step 13 is reversed.

15. For the resultant binary array obtained in step 14, 8 bits are grouped at a time, and their decimal equivalents are calculated which represent the pixel values.

16. The array obtained in step 15 is resized according to the size of the image obtained in step 9, converted to an encrypted panorama.

17. The modified RMS values corresponding to the permutation arrays generated in steps 5 and 12 are stored as tuple in a text file.

18. The text file generated in step 17, along with the encrypted text file and encrypted panorama, are sent through a zip file to the server.

The following steps are executed for the decryption of the encrypted text file and the encrypted panorama, in the GCS:-

1. LEA_RK_arr is generated from the value obtained from Algorithm 2 using the ECC secret key as input.

2. The zip file is extracted, and the encrypted text file, the encrypted panorama, and the text file containing a tuple of modified RMS values are obtained.

3. From step 2, the modified RMS value corresponding to plaintext (say mrms_text) and the modified RMS value corresponding to the original panorama (say mrms_image) are obtained.

4. The contents of the encrypted text file obtained in step 2 are decoded, which would contain a ciphertext whose number of characters would be a multiple of 16.

5. Based on the ciphertext obtained in step 4, the corresponding NumPy array, which consists of decimal equivalents of the characters from step 4, is generated.

6. The binary equivalent of the result obtained from step 5 is generated.

7. The resultant binary equivalent obtained in step 6 is resized as a new array that consists of sub-arrays of 128 bits each.

8. The binary array obtained in step 7 is fed as one of the inputs to Algorithm 4, and a decrypted binary array is obtained, and the resultant is made one-dimensional.

9. The binary array obtained in step 8 is given as input to the inverse permutation function.

10. Based on the result obtained from step 9, 8 bits are grouped each at a time, their corresponding decimal equivalents are calculated, and their corresponding ASCII characters are calculated, which eventually generates the deciphered text.

11. The deciphered text obtained in step 10 is stored in a text file.

12. Based on the encrypted panorama obtained in step 2, the image is converted into a 3D NumPy array which contains pixel values of the encrypted panorama. The result is made 1D, and the binary equivalent is calculated.

13. The binary array obtained in step 12 is reversed.

14. The array obtained in step 13 is resized, and the new array contains sub-arrays of 128 bits each.

15. The array obtained in step 14 is fed as one of the inputs to Algorithm 4.

16. The result of step 15 is made one-dimensional, which consists of deciphered binary bits.

17. The result of step 16 is fed as one of the inputs to the Inverse Permutation function.

18. Based on the result obtained for step 17, every group of 8 bits is converted into its corresponding decimal equivalent which represents each pixel value.

19. The new array obtained in step 18 is resized based on the size of the encrypted panorama, and the resultant array is converted to the deciphered panorama.

Algorithms 1 to 4 have got constant time complexities, i.e. $\mathcal{O}$(1), where $\mathcal{O}$() stands for big O notation. The time complexity of Algorithm 5 depends on the size of the input. Hence, the time complexity of the Algorithm 5 during text encryption is $\mathcal{O}$(nt) where “nt” is the number of characters in the plain text after appending a necessary number of spaces. Also, the time complexity of the Algorithm 5 during image encryption is $\mathcal{O}$(ni) where “ni” is the number of pixels in the plain image.

During text encryption, the step just before grouping the binary bits involves converting a binary array with sub-arrays to a one-dimensional binary array. The resultant one-dimensional binary array has got a size of 8 times the length of plain text (with a necessary number of appended spaces). Similarly, during text decryption, a binary array with sub-arrays is converted into a 1-dimensional array just before using the inverse permutation function. During text encryption and text decryption, the time complexities of the one-dimensional binary array conversions significantly dominate the time complexities of the other corresponding operations. Hence, the time complexity of text encryption and text decryption each using CLEA-256 algorithm is $\mathcal{O}$(8*nt). During image encryption, the time complexity depends on the number of pixels being encrypted, and since there is the absence of a 1-dimensional array conversion operation in image encryption, unlike that during text encryption, the time complexity of image encryption using CLEA-256 algorithm is $\mathcal{O}$(ni). The time complexity of image decryption too depends on the number of pixels being decrypted. However, due to the presence of a one-dimensional binary array conversion operation during image decryption, the time complexity of image decryption is $\mathcal{O}$(8*ni).

Therefore, the total time complexity during encryption of text file and panorama using CLEA-256 algorithm = $\mathcal{O}$(8*nt) + $\mathcal{O}$(ni). The total time complexity during the decryption of encrypted text file and encrypted panorama using CLEA-256 algorithm = $\mathcal{O}$(8*nt) + $\mathcal{O}$(8*ni) = $\mathcal{O}$(8*(nt+ni)). Therefore, the total time complexity of the CLEA-256 algorithm is equal to the sum of the time complexity during encryption and decryption = ($\mathcal{O}$(8*nt) + $\mathcal{O}$(ni)) + ($\mathcal{O}$(8*nt) + $\mathcal{O}$(8*ni)) = $\mathcal{O}$(16*nt) + $\mathcal{O}$(9*ni).

5. Experimental results and discussion

The section is divided into five subsections: The Subsection 5.1 shows the analysis for data preparation, encryption, and decryption of a text file, and a panorama which are generated through a drone experiment performed in the Automobile workshop of MIT, Manipal (let’s name the experiment as automobile drone experiment). The Subsection 5.2 shows image encryption and decryption analysis for another aerial image generated by a drone. The Subsections 5.3 and 5.4 show analysis for image encryption and image decryption of standard images (i.e. 512 × 512 RGB Lena image and 512 × 512 RGB Baboon image, respectively). The Subsection 5.5 gives insights about the obtained results. In the first four subsections (i.e 5.1, 5.2, 5.3 and 5.4), implementations have been done for the LEA-256 algorithm as well, to compare CLEA-256 with LEA-256.

The analysis uses 12 metrics for text and image encryption and decryption. Four metrics are used for performance analysis, and eight are used for security analysis. The four performance metrics explained in section 5 are text encryption time, text decryption time, image encryption time, and image decryption time. The eight security metrics explained in section 5 are again classified into two as follows: The two text encryption security metrics are confusion and diffusion. The six image encryption security metrics are Net Pixel Change Rate (NPCR), Correlation Coefficient (CC), Unified Averaged Changing Intensity (UACI), Mean Square Error (MSE), Peak Signal-to-Noise Ratio (PSNR), and Information Entropy. Below are the explanations of the eight security metrics:

1. Confusion: Confusion is a property of an encryption algorithm in which a 1-bit change of a key will result in a significant change in the characters of the ciphertext.

2. Diffusion: Diffusion is a property of an encryption algorithm in which, when just 1 character of plaintext is changed by just 1 unit, there will be a significant change in the characters of the ciphertext.

3. NPCR and UACI: NPCR and UACI are the metrics in which, when there is a 1-pixel change of the plain image by just one unit, then the pixels of the cipher image should significantly change. The ideal values of NPCR and UACI are above 99.5% and 33.4%, respectively (L. S. Khan et al., 2022).

4. Correlation Coefficient: The metric signifies how correlated the cipher image’s adjacent pixels are, in all three directions (i.e. row-wise, column-wise, and diagonally). The ideal value of the metric is 0 (L. S. Khan et al., 2022).

5. Information Entropy: The metric signifies the uniformity in the distribution of pixel values for the encrypted image. The metric’s ideal value is 8 (L. S. Khan et al., 2022).

6. MSE and PSNR: The metrics signify the magnitude of difference between the encrypted image and the corresponding plain image in terms of their corresponding pixels. The more the MSE value and the lesser the PSNR value, the better is the encryption algorithm (L. S. Khan et al., 2022).

5.1. Results and analysis for data preparation by drone experiment which was performed in automobile workshop of MIT, manipal

Figure 4 represents a part of the plaintext logs captured during the automobile drone experiment. The plaintext has got a size of 9,052 characters. The modified plaintext has got a size of 9,056 characters. The collage of seven images captured by the RP camera and their corresponding panorama is shown in Figures 5(a,b) respectively. The ECC secret key and the modified RMS tuple values are shown in Figure 6a. The part of encrypted text using the CLEA-256 algorithm during the automobile drone experiment is shown in Figure 6b by using inputs as shown in Figure 6a. The encrypted panorama is shown in Figure 6c corresponding to the panorama shown in Figure 5b, based on the inputs shown in Figure 6a.

Figure 4. Part of the plaintext logs stored in client RP 3B+.

Figure 5. Images captured and stitched by RP camera during automobile drone experiment.

Figure 6. Key, and the encrypted data using CLEA-256 algorithm during automobile drone experiment.

Figure 7 represents the image of change in the ECC secret key, some part of the corresponding ciphertext, and proof of confusion property. When Figure 7 is compared with Figure 6a, it can be observed that when the last digit of the x-coordinate of the ECC secret key is changed from 5 to 4, the new ciphertext has significantly changed with respect to previous ciphertext, hence resulting in a confusion of 99.58% using CLEA-256 algorithm. For just one character change of the plaintext by just 1 unit (the text “connected” changed to “conoected”) as shown in Figure 8a, there has been a significant change in the resultant ciphertext as shown in Figure 8b, hence resulting in a diffusion of 99.69% using CLEA-256 algorithm.

Figure 7. Changed ECC secret key point, part of corresponding ciphertext, and proof of confusion property respectively using CLEA-256 algorithm.

Figure 8. Proof of diffusion property using CLEA-256 algorithm.

The key which is used for LEA-256 algorithm implementation is 0×0f1e2d3c4b5a69788796a5b4c3d2e1f0f0e1d2c3b4a5968778695a4b3c2d1e0f. Table 1 compares the CLEA-256 algorithm with the LEA-256 algorithm in terms of different computation times involved for the two algorithms. It can be observed from the table that the round keys generation time of the CLEA-256 algorithm is slightly lesser than that of the LEA-256 algorithm. Moreover, the CLEA-256 algorithm significantly outperforms LEA-256 in terms of data encryption and data decryption times. The equation used by Limbasiya et al. (2021) for energy consumption of RP 3B+ is represented by Equation 2(2) $E_{\mathrm{C}}=P_{\mathrm{CPU}}\ast T_{\mathrm{COMP}}$(2) . In Equation 2, E_C represents the energy consumption, P_CPU represents the maximum CPU power, and T_COMP represents the computation time.

Table 1. Computation times comparison between CLEA-256 and LEA-256, during automobile drone experiment

Computation Times	CLEA-256	LEA-256
Round Keys Generation Time (ms)	2.97	3.5
Text Encryption Time (seconds)	0.0157	1.07
Text Decryption Time (seconds)	0.0142	1.07
Panorama Encryption Time (seconds)	5.7071	431.81
Panorama Decryption Time (seconds)	6.0062	381.241

(2) $E_{\mathrm{C}}=P_{\mathrm{CPU}}\ast T_{\mathrm{COMP}}$(2)

P_CPU is assumed to be 12.5W. Considering Equation 2(2) $E_{\mathrm{C}}=P_{\mathrm{CPU}}\ast T_{\mathrm{COMP}}$(2) and computation times tabulated in Table 1, the energy consumption by RP 3B+ for different computations through the CLEA-256 algorithm and LEA-256 algorithm have been tabulated in Table 2. It is evident from the table that energy consumption is significantly lesser for the CLEA-256 algorithm with respect to that of the LEA-256 algorithm. The marginal improvement in the energy consumption during round keys generation by CLEA-256 with respect to that through LEA-256, and the significant improvement in energy consumption during encryption and decryption through CLEA-256 algorithm with respect to that through LEA-256 algorithm, has led to optimized use of battery for drone and power bank for the GCS. Table 3 compares the CLEA-256 algorithm with the LEA-256 algorithm in terms of different image encryption security metrics for panorama generated during the automobile drone experiment. In this table, CC (R,C,D) represents the correlation coefficient row-wise, column-wise, and diagonally, respectively. It can be observed from Table 3 that CLEA-256 outperforms LEA-256 algorithms in terms of all six image encryption security metrics (NPCR and UACI are significant).

Table 2. Energy consumption comparison between CLEA-256 and LEA-256, during automobile drone experiment

Energy Consumption during:-	CLEA-256	LEA-256
Round Keys Generation	37.125 mJ	43.75 mJ
Text Encryption	196.25 mJ	13.375 J
Text Decryption	177.5 mJ	13.375 J
Panorama Encryption	71.3387 J	5397.625 J
Panorama Decryption	75.0775 J	4765.5125 J

Table 3. Panorama encryption security metrics comparison between CLEA-256 and LEA-256

Panorama Encryption Security metrics	CLEA-256	LEA-256
NPCR(%)	99.6114	0.000533
UACI(%)	33.4711	0.00008901
CC (R,C,D)	(0.00149, 0.000152, 0.0583)	(0.00109, 0.2133, −0.06139)
Information Entropy	7.999911	7.99968
MSE	8169.264	8176.877
PSNR	9.00897	9.0049

When the number of characters used for encryption and decryption is different from one algorithm to another, it is necessary to compare the encryption and decryption speeds of the algorithms which have been tabulated in Tables 4 and 5 respectively. In Table 4, the maximum text encryption speed for (Junejo & Komninos, 2020) is 1 KB message encryption in 0.2 s (i.e. speed = 5120 characters/second). In Table 5, the maximum text decryption speed for (Junejo & Komninos, 2020) is 1 KB message decryption in 0.035 s (i.e. speed = 29257.14 characters/second). In Tables 4 and 5, the text encryption speed and text decryption speed for (Alicea et al., 2022) are calculated, respectively, based on the time required for encryption and decryption, respectively, of 8,000 characters on RP 3B +. Table 4 compares the text encryption speed of the CLEA-256 algorithm with the LEA-256 algorithm and some other recently published text encryption algorithms. It is evident from the table that the text encryption speed of CLEA-256 is significantly more than that of the other compared algorithms. Table 5 compares the text decryption speed of the CLEA-256 algorithm with the LEA-256 algorithm and some other recently published text encryption algorithms. It is evident from the table that the text decryption speed of CLEA-256 is significantly more than that of the other compared algorithms.

Table 4. Text encryption speeds comparison

Algorithm	Text encryption speed (characters/second)
CLEA-256	576815.286
LEA-256	8463.55
(Junejo & Komninos, 2020)	5120
(Alicea et al., 2022) Mypher	1917.922
(Alicea et al., 2022) Twine	1925.469
(Alicea et al., 2022) PRINCE	50.966
(Alicea et al., 2022) PRESENT	1381.654

Table 5. Text decryption speeds comparison

Algorithm	Text decryption speed (characters/second)
CLEA-256	637746.478
LEA-256	8463.55
(Junejo & Komninos, 2020)	29257.14
(Alicea et al., 2022) Mypher	1502.85
(Alicea et al., 2022) Twine	1241.88
(Alicea et al., 2022) PRINCE	50.88
(Alicea et al., 2022) PRESENT	1382.267

5.2. Results and analysis for an aerial image which represents a field plot

In the subsection, the analysis is done for another panorama generated by a drone at a very low altitude. The panorama represents a field plot. The aerial panorama of the field plot is shown in Figure 9a. The ECC secret key used, and its corresponding modified RMS value for the panorama is shown in Figure 9b. Figure 9c shows the encrypted panorama corresponding to the panorama shown in Figure 9c.

Figure 9. Analysis of the results for field plot aerial panorama encryption.

Table 6 represents the comparison between the CLEA-256 algorithm and the LEA-256 algorithm for the image encryption security metrics corresponding to the field plot panorama. It can be observed from the table that the CLEA-256 algorithm outperforms the LEA-256 algorithm in terms of the six image encryption security metrics (significantly for NPCR and UACI).

Table 6. Field plot panorama encryption security metrics comparison between CLEA-256 and LEA-256

Field plot panorama Encryption Security metrics	CLEA-256	LEA-256
NPCR(%)	99.6089	0.0005
UACI(%)	33.493	0.0002
CC (R,C,D)	(−0.00010928, 0.00008121, 0.02308)	(−0.000872, 0.1297, −.0457)
Information Entropy	7.999938	7.9998
MSE	10049.604	10056.83
PSNR	8.1093	8.10619

Table 7 shows the comparison of CLEA-256 with an algorithm published in (Alawida et al., 2023), in terms of image encryption security metrics. In the table, MMCC stands for the Correlation Coefficient value with minimum magnitude. It is evident from the table that except for the average NPCR value, the CLEA-256 algorithm outperforms (Alawida et al., 2023) in terms of other image encryption security metrics.

Table 7. Image encryption metrics comparison for aerial images

Image Encryption Metrics	CLEA-256	(Alawida et al., 2023)
Average NPCR (%)	99.6101	99.636
Average UACI (%)	33.482	33.45
Average Information Entropy	7.9999245	7.99852
MMCC	0.00008121	0.0001

5.3. Results and analysis for Lena image

This subsection shows image encryption analysis for an RGB Lena image of resolution 512 × 512. Figure 10a represents a Lena image, and Figure 10b represents the encrypted Lena image.

Figure 10. Analysis of the results for encryption of Lena image.

Table 8 represents the comparison of the CLEA-256 algorithm with other recently published image encryption algorithms in terms of image encryption security metrics. From the table, it is evident that the CLEA-256 algorithm outperforms the other recently published algorithms and LEA-256 algorithm in terms of PSNR and MSE, outperforms five algorithms in terms of Information Entropy, outperforms the other compared algorithms in terms of CC, outperforms four other algorithms in terms of NPCR, and outperforms only two other algorithms in terms of UACI.

Table 8. Image encryption security metrics comparison for Lena image

Image encryption security metrics	CLEA-256	LEA-256	(Guillén-Fernández et al., 2022)	(M. Khan et al., 2020)	(Huang et al., 2022)	(Taqi & Hameed, 2020)	(Alghafis et al., 2021)
NPCR(%)	99.6073	0.00203	99.5961	99.61	99.6061	99.6062	99.6
UACI(%)	33.4548	0.00099	33.3834	33.78	33.5098	33.4731	33.7
CC (R,C,D)	(−0.00006026, −0.002165, 0.01898)	(0.00113, 0.00873, −0.03893)	(0.008, −0.0013, −0.0113)	(0.0012, 0.0007, 0.0028)	NA	(−0.0001, 0.0002, −0.0001)	(−0.0015, 0.0010, −0.02)
Information Entropy	7.99977	7.99976	7.9997	7.999	7.9998	7.9993	7.9996
MSE	8944.73	8937.7371	NA	NA	NA	8940.0221	5504.6
PSNR (dB)	8.6151	8.6185	NA	NA	NA	8.6761	10.7235

5.4. Results and analysis for Baboon image

This subsection shows image encryption analysis for an RGB Baboon image with a resolution of 512 × 512. Figure 11a represents a Baboon image, and Figure 11b represents the encrypted Baboon image.

Figure 11. Analysis of the results for encryption of Baboon image.

Table 9 represents the comparison of the CLEA-256 algorithm with the LEA-256 algorithm and other recently published image encryption algorithms in terms of image encryption security metrics. From the table, it is evident that the CLEA-256 algorithm outperforms other recently published image encryption algorithms in terms of UACI, CC, Information Entropy, MSE, and PSNR. CLEA-256 algorithm lags with respect to two other algorithms.

Table 9. Image encryption security metrics comparison for Baboon image

Image encryption security metrics	CLEA-256	LEA-256	(Huang et al., 2022)	(Alghafis et al., 2021)
NPCR(%)	99.5978	0.00203	99.5979	99.61
UACI(%)	33.4837	0.00074	33.4287	33.47
CC (R,C,D)	(−0.0000498, 0.00124, 0.02829)	(−0.0015, 0.001822, 0.01227)	NA	(−0.009, −0.0184, 0.0022)
Information Entropy	7.99978	7.99973	7.9996	7.9997
MSE	8628.1916	8614.6864	NA	4705.1
PSNR (dB)	8.7716	8.7784	NA	11.4051

Based on the results obtained in the Subsections 5.3 and 5.4, Table 10 shows the comparison of the CLEA-256 algorithm with LEA-256 algorithm and another recently published image encryption algorithm by (Guillén-Fernández et al., 2022) in terms of the total time required for encryption and decryption of Lena and Baboon’s images. It can be observed from the table that the total execution time for encryption and decryption of Lena and Baboon images are significantly lesser when compared to corresponding values through the LEA-256 algorithm (Guillén-Fernández et al., 2022).

Table 10. Total execution time for image encryption and decryption times for Lena and baboon images

Algorithm	Total execution time for Encryption and decryption (seconds)
CLEA-256 (Lena)	2.80415
CLEA-256 (Baboon)	2.5048
LEA-256 (Lena)	171.78674
LEA-256 (Baboon)	172.52
(Guillén-Fernández et al., 2022)	214

5.5. Discussion

The use of permutation function for the encryption blocks in CLEA-256 provides a good amount of diffusion for the text data, and a good amount of UACI and NPCR for the encrypted images. The use of time-stamps and round keys to generate permutation arrays provides security for text files in terms of confusion, and security for images in terms of correlation coefficient, information entropy, MSE, and PSNR values. Moreover, the use of customized ECC-based AKA algorithm (Samanth et al., 2022) has also contributed to the security of the developed CLEA-256 algorithm, since the ECC secret key generated for each session is unpredictable. Due to significant change in the encrypted image for just one pixel change of the plain image by just 1 unit (as evident from the NPCR) for CLEA-256 algorithm, the attacker will have a hard time to perform a chosen plain-image attack. Due to the very low correlation values for the encrypted images (at times even in the order of ${10}^{-5}$ for atleast one direction) for one aerial image and both the standard images (Lena and Baboon), the attacker will have a hard time analyzing the contents of the data, since a plain image will have the correlation values between 0.9 and 1. Due to a good amount of information entropy provided by CLEA-256 algorithm (as high as above 7.9999) for aerial images, the pixels will almost be uniformly distributed as evident from the encrypted images shown in section 5, and hence the attacker will have a hard time analyzing the plain image contents and the locations of different pixels. CLEA-256 encryption algorithm provides significantly lesser execution times when compared to that through LEA-256 algorithm due to the use of simple XOR operations in the 32 rounds of encryption block algorithm and decryption block algorithm and due to the use of NumPy arrays for encryption as well as decryption.

6. Conclusion

Drones are resource-constrained devices, which have reduced human efforts to monitor areas and perform the intended tasks. Since RP 3B+ boards are supported with just 1 GB RAM and are physically lightweight, one RP 3B+ is used as the processing computer for the drone, and another RP 3B+ powered by a power bank is used as the GCS. Since it is necessary to keep data communications and storage secure and efficient for IoD networks, a lightweight encryption algorithm named CLEA-256 algorithm has been designed which is suitable for the encryption and decryption of text files as well as images. CLEA-256 round keys generation algorithm uses ECC secret key as input for round keys generation, ECC key-dependent bit rotation values, and uses simpler operations, unlike the traditional LEA-256 round keys generation algorithm. CLEA-256 encryption/decryption algorithm uses NumPy arrays, simple bit xor operations for 32 iterations of encryption, and decryption of 128-bit blocks inputs, and has introduced permutation and inverse permutation operations.

For the automobile drone experiment, the CLEA-256 algorithm has got a slightly lesser round keys generation time than that through the LEA-256 algorithm, which makes a significant difference for resource-constrained networks like IoD, though the improvement is marginal. The CLEA-256 algorithm provides a slightly better confusion property than that through the LEA-256 algorithm. CLEA-256 algorithm significantly outperforms LEA-256 algorithm in terms of text and image encryption and decryption times, diffusion property, and image encryption security metrics. Results show that CLEA-256 has got lesser encryption and decryption times for text files when compared to that through the LEA-256 algorithm and through some recently published work. Moreover, the significant reductions in the CLEA-256 algorithm-based encryption and decryption times with respect to that through the LEA-256 algorithm have led to optimized consumption of the power supplies used for performing the IoD experiment. To test the reliability of the designed algorithm CLEA-256, it has been tested on another aerial panorama captured by a drone, as well as on some standard images like Lena and Baboon.

CLEA-256 algorithm has a total time complexity of $\mathcal{O}$(16*nt) + $\mathcal{O}$(9*ni). The one-dimensional binary array conversion operations can be avoided, and the CLEA-256 algorithm can be improved as a part of future work. The CLEA-256 algorithm works only for those images which have a total number of pixels equal to a multiple of 16. Hence, Panoramas have been resized to a desirable resolution during the implementation of the CLEA-256 algorithm. Hence, future work can also deal with modification of the CLEA-256 algorithm to make it suitable for even those images whose total number of pixels is not a multiple of 16.

Disclaimer/Publisher’s note

The statements, opinions, and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of Cogent Engineering and/or the editor(s). Cogent Engineering and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions, or products referred to in the content.

Correction

This article was originally published with errors, which have now been corrected in the online version. Please see Correction (https://10.1080/23311916.2023.2278921).

Acknowledgments

The authors would like to express their gratitude to the Project Manas Team of Automobile Workshop, MIT, Manipal, for giving permission to conduct IoD experiments.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Data availability statement

On request, the data will be made available.

Additional information

Funding

This research did not receive any external funding.

Notes on contributors

Snehal Samanth

Snehal Samanth completed his B.Tech in Electronics and Communication in the year 2017, and M.Tech in Digital Electronics and Advanced Communication in the year 2019 from the Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, India. He is currently pursuing his PhD with the Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, India. His main research interests are in the areas of Cryptography and UAV communication.

Prema K V

Prema K V (Member, IEEE) is currently working as a Professor and Head in the Department of Computer Science and Engineering, Manipal Institute of Technology, Bengaluru, Manipal Academy of Higher Education (MAHE), Manipal, India. She has around 30 years of teaching experience and had published around 140 research papers in national/international journals/conferences. Her research interests include Soft Computing, Computer Networks, and Information Security.

Mamatha Balachandra

Mamatha Balachandra is currently a Professor in the Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, India. She has around 23 years of teaching experience and has published around 40 research papers in national/international journals/conferences. Her research interests include MANETs and IoT Security. She is also on the editorial board of some journals