Introduction

The IoT is a novel idea within the field of information and communication technology [1,2,3]. It is a modern technology that enables any entity (human, animal, or thing) to send and receive data through communication networks, including the internet or intranet [4, 5]. Despite the numerous benefits of IoT, it also brings forth several challenges, including new security and privacy concerns. One major issue is the confidentiality, authenticity, and integrity of IoT devices' data collected, transmitted, and processed [6,7,8]. As a result, IoT environments are highly susceptible to various security attacks, which can compromise their security and create insecure IoT ecosystems. Many IoT devices lack secure configuration, which poses a potential threat to their users [9]. These devices can reveal their identity in various communication channels, such as URLs, requests, and responses to and from their servers, including their brand [10]. Furthermore, it has been demonstrated that IoT devices can be targeted by DDoS attacks. Even mobile devices can be exploited by configuring them as wireless access points to intercept traffic and collect metadata transmitted by IoT devices to infer information [11]. Cryptography has long been a fundamental element of network and internet security, particularly for safeguarding sensitive data and information from unauthorized access. Cryptography is used in traditional networks to enable secure communication and data exchange [12,13,14].

IoT services are classified into 3 domains: low-level, data-related, and application. Each domain has distinct security risks and therefore requires different security technologies. However, all IoT devices must address the "Big 3" security concerns, namely confidentiality, integrity, and authentication, in addition to authorization and non-repudiation. The security challenges for each IoT service domain are listed in Table 1 for reference.

Table 1 Attacks in IoT domains
Full size table

The new conditions of the environment and the different characteristics of the devices make IoT security particularly important, and various architectures are being developed for it. In many environments, user data is encrypted using various algorithms to ensure security against unauthorized access [15, 16]. However, since encryption techniques often create complexity and significant overhead, solutions for encryption in IoT require low execution time and better performance, in addition to ensuring security and minimizing negative effects on the available services and performance in the IoT environment. Based on this, this research proposes an improved combination encryption solution based on the blowfish and elliptic curves encryption (ECC) algorithms. The following are the main benefits of using the suggested solution in the IoT:

  • Low memory requirement

  • Relatively low execution time

  • High throughput of the method

  • The use of the ECC algorithm is the core of the solution, whose important advantages are low complexity and the need for low energy consumption.

The article's layout is designed to give a summary of the background research in the section that follows. In Sect. "Methods", the suggested remedy is provided; in Sect. "Evaluation", it is ultimately assessed and examined.

Related works

In [17], a method to maintain the security of information based on authentication with the help of a digital signature and also breaking the file into smaller parts is presented. Tests based on different numbers of transmission packets for the proposed method show that this method has a good performance criterion for different packets in terms of criteria such as energy consumption and accuracy due to the use of random encryption. Also, based on the proposed method, while authenticating the users, the confidentiality service and the accuracy of the information have been properly considered in the proposed method. The paper [18] states that security must be considered and established in the IoT infrastructure and all its layers. IoT security can be divided into 4 layers: application, transmission, network, and perception. In this article, the 2 concepts of IoT and IoT security were stated, and the important discussion of security in IoT is divided into 4 parts, privacy, authentication, trust, and access control. Each of these challenges and the solutions provided have been reviewed and categorized.

The purpose of the article [19] is to transfer data securely using AES encryption. Transferring data securely between 2 working devices is challenging. There are a number of encryption algorithms, such as DES, RSA, and AES. This article provides a secure data transfer mechanism where AES encryption is used to increase security. MATLAB software has been used to implement the proposed model, and criteria such as execution time and execution speed have been used to analyze the performance of this method. In [20], the authors introduce a lightweight algorithm that aims to enhance the security of computing environments. The algorithm utilizes a 16-byte block encryption technique, incorporating Feistel network and permutation architecture to increase the complexity of the encryption process. The algorithm is adjustable, as it can be implemented with varying private key lengths and number of rounds. The results of the evaluation demonstrate that the implementation time of the algorithm is low.

However, the authors acknowledge that one potential issue with solutions based on private keys is that the cryptographic keys must be exchanged, which poses a threat to the security and confidentiality of the system. In [21], multiple encryption techniques were employed to ensure IoT and fog computing storage space security. The researchers developed an encryption system utilizing the AES algorithm and an asynchronous key transfer system for secure data and information exchange. Additionally, they implemented an elliptical bend encryption technique to exchange information between the user and the server. The evaluation results indicate that the solution achieved a relatively favorable execution time during the process of sending and receiving data, despite the small volume of data evaluated in the study. A 2-step encryption solution is described in [22] as a means to ensure the security of stored data. The solution divides the main data into 2 parts, each encrypted by a common key generated based on the chaos theory model. This approach has the added benefit of reducing the time required for encryption and decryption operations while increasing overall security. In [23], several symmetric encryption algorithms were evaluated in terms of efficiency, focusing on execution time parameters and memory consumption. The investigation results showed that the DES and blowfish algorithms were more efficient than other options in terms of both encryption and decryption time as well as memory consumption. Authors in [24] and [25] are reviews that explore the most important encryption solutions for use in IoT and fog computing environments. The results of these reviews highlight the need for algorithms and solutions to balance security and service quality parameters to minimize the negative impact of encryption techniques on the services provided in IoT environments.

Methods

The proposed method is a comprehensive security framework incorporating various encryption-based protection techniques. This concept combines symmetric and asymmetric encryption with an improved digital signature system that protects data integrity by using the SHA-256 hashing method. Overall, this proposed approach is designed to be highly effective at providing robust security for computing environments. The essential criterion that should be considered in the implementation of solutions based on cryptographic algorithms is the computational speed of algorithms, and the proportionality between speed and performance, asymmetric algorithms (public key) computationally require more time for the key generation process and cases [26]. Their speed is therefore comparatively slower than that of symmetric key techniques like blowfish; Therefore, it is a good idea to encrypt the primary message for transmission using a symmetric key approach that has faster processing. Accordingly, the improved blowfish algorithm has been used to encrypt the original data in this solution. Figure 1 shows the general outline of the solution.

Fig. 1
figure 1

Structure of the proposed method

Full size image

First, the original data is hashed using the SHA-256 algorithm to ensure data integrity. Afterward, the Elliptic Curves (EC) encryption algorithm is utilized to create a digital signature and protect the SHA-256 code and private key. EC is chosen due to its high-security features and small key size, which reduces the execution time of the algorithm. Finally, the improved blowfish algorithm, a symmetric algorithm with a fast execution time, encrypts the original data. Each step's specifics are further elaborated on below.

Digital signature

In this paper, a hash function has been used along with a digital signature to ensure data integrity. This suggested solution uses hash functions to first summarize the message before signing the message digest because the original digital signature model is susceptible to attacks and makes it possible for an attacker to fabricate a digital signature by changing the verification process and disrupting the network [27, 28]. Therefore, with this solution, the attacker can only create a forged digital signature that does not match the contents related to the output of the message digest function, and the attacker cannot tamper with the message contents. Thus, the use of digital signatures can be a powerful tool for securing the IoT environment. The suggested solution's flowchart, which uses hash codes and digital signatures, is shown in Fig. 2. This diagram outlines the various steps involved in ensuring data integrity using the SHA-256 hashing function and digital signatures. By following this flowchart, users can effectively protect their data and ensure that it has not been tampered with or altered in any way.

Fig. 2
figure 2

Digital signature flowchart

Full size image

Data encryption module

The main objective of this study is to present a secure encryption solution that is efficient and has a low execution time. To achieve this goal, the data encryption module employs an enhanced version of the blowfish algorithm. The algorithm has a key length that can vary from 32 to 448 bits and requires a large number of subkeys. These subkeys must be generated before the encryption or decryption of any data can take place. The blowfish algorithm is significantly faster and requires less memory than other common encryption algorithms [29]. It uses 4 S-Boxes, each with 256 inputs that are 32 bits in length. The selection process is repeated for the remaining inputs, where the first and second byte of a 32-bit input are used to select inputs in the first and second S-Boxes, respectively [30, 31]. The decryption process is similar to encryption but uses the subkeys in reverse order.

Since the F function, which includes the adder and rotation operations, is the main operation of encryption in all rounds of the blowfish algorithm and is performed in the form of a module, it takes up the most execution time of this algorithm. Therefore, this research aims to reduce the execution time of the Blowfish algorithm by modifying the F module. The F module's general process in the traditional blowfish method is depicted in Fig. 3.

Fig. 3
figure 3

Blowfish’s F function module

Full size image

The optimization of an algorithm's execution time is intended to reduce its time complexity. As seen in Fig. 3, the value of function F in the standard blowfish is calculated using Eq. (1).

$$F(XL)\hspace{0.17em}=\hspace{0.17em}(S1, a\hspace{0.17em}+\hspace{0.17em}S2, b mod 232) XOR S3, c\hspace{0.17em}+\hspace{0.17em}(S4, d mod 232)$$
(1)

Without compromising the security of the Blowfish algorithm, function F can be modified using Eq. (2):

$$F{\prime}(XL)\hspace{0.17em}=\hspace{0.17em}((S1, a\hspace{0.17em}+\hspace{0.17em}S2, b mod 232) (S3, c\hspace{0.17em}+\hspace{0.17em}S4, d mod 232))$$
(2)

Implementing this modification makes it possible to execute the 2 addition operations, (S1, a + S2,b mod 232) and (S3,c + S4,d mod 232) simultaneously. The amount of time needed to complete multiple operations can be decreased to only one operation with the use of parallelization. Since this technique has 16 rounds, each encryption and decryption process is completed 16 times faster. However, it should be noted that the security of the blowfish algorithm is based on the strength of its keys [32]. The modification made to the algorithm to perform the 2 addition operations in parallel does not have any negative impact on the security of the algorithm. Figure 4 also shows how this modification is done.

Fig. 4
figure 4

Improved F-function module

Full size image

Additionally, Fig. 5 shows the encryption process's pseudocode for the updated blowfish technique, which makes use of the enhanced F function.

Fig. 5
figure 5

The enhanced Blowfish method served as the basis for the encryption process's pseudocode

Full size image

In the first step, the 64-bit input is divided into 2 equal 32-bit parts (left and right). The next step is to use the XOR operator, which is performed on the first part of the 32-bit block (L) and the first representation of P. Then the obtained 32-bit data is transferred to the F function so that after performing the corresponding operation, the resulting data is XORed again with the right 32-bit block (L) (which was the result of dividing the 64-bit block). The encryption process using the improved blowfish algorithm involves performing an initial key setup phase followed by multiple rounds of encryption and decryption using the modified F function. During each round, the 64-bit data is divided into 2 32-bit blocks, L and R, subjected to various operations, including XOR, modular addition, and S-Box substitution. After each round, L and R are swapped before the next round is applied. To decrypt the data, the same process is followed in reverse, using the keys in reverse order.

Secure symmetric key

As mentioned, to solve the problems of private key transmission in the blowfish algorithm, asymmetric encryption based on elliptic curves is used in this research. Elliptic curve cryptography (ECC) is a type of public key cryptography that utilizes elliptic curves in finite fields [33, 34]. One of the important capabilities of this algorithm is providing security through the use of a 164-bit key, and it has a higher efficiency compared to previous methods due to less energy consumption. Compared to other asymmetric encryption methods, it has the highest level of confidentiality, low power consumption, and requires less memory in the system [35]. One of the most important features of this encryption is to perform operations on finite fields. Cryptography based on elliptic curves involves solving the discrete elliptic curve logarithm problem, known as an NP-hard problem. An elliptic curve is described by an equation in Fig. 6:

Fig. 6
figure 6

Elliptical curves

Full size image
$$y2\hspace{0.17em}+\hspace{0.17em}xy\hspace{0.17em}=\hspace{0.17em}x3\hspace{0.17em}+\hspace{0.17em}ax\hspace{0.17em}+\hspace{0.17em}b$$

The main feature of an elliptic curve is that in order to find the third point that lies on the curve, a rule can be defined to add 2 points to obtain the third point that lies on the curve. The points on an elliptic curve and the addition law on those points form a finite Abelian group. For the addition operation for 2 points to be well defined, to define an elliptic curve, a special point at infinity (denoted as O) is added to the curve, which is not on the curve itself but is treated as a point. This point serves as the additive identity element, which means that any point added to O will result in the same point. The number of points on an elliptic curve is called its order, which includes the point at infinity [8].

Fixed curve selection

A huge prime number p is chosen, and a finite field GF(p) is created using a set of integers fewer than p in order to construct elliptic curve cryptography. As a result, by removing the term xy from Eq. (3) and the condition 4a3 + 27b2 ≠ 0, the elliptic curve will be equal to:

$$y2\hspace{0.17em}=\hspace{0.17em}x3\hspace{0.17em}+\hspace{0.17em}ax2\hspace{0.17em}+\hspace{0.17em}b$$
(3)

In order to encrypt based on elliptic curves, first, a random number like k is selected in the range [1,n-1]; it should be noted that this range belongs to the field, and the random number in this range is assumed as the private key will be next, the public key R is calculated as R = Fk, F is a point on the ellipse curve. In this case, the calculation of k according to points Q and F has exponential time complexity. To enhance security, a fixed curve and point are selected such that the order of the fixed point F is a large prime number. This value is determined using Schoff's algorithm based on the order of the curve. Using elliptic curve cryptography provides smaller public keys and signatures compared to asymmetric algorithms such as RSA while maintaining the same level of security. This is because if the fixed-point order of F is an n-bit prime number, calculating k from kF and F requires approximately 2(n/2) operations.

Encrypt using ECC

Suppose 3 users, Alice, Bob, Cathy, and David, have agreed on an elliptic curve (non-confidential) and a fixed curve point (non-confidential) f. To send a message to Bob, Alice must first obtain Bob's public key. Once she has it, she can encrypt the message using Bob's public key and send the ciphertext to Bob. In elliptic curve cryptography, Bob's public key is a curve point Bp on the same curve Alice and Bob agreed upon. Bob has also chosen a secret integer Bk, and his public key is calculated as Bp = BkF, where F is the fixed point on the curve. To encrypt the message, Alice generates a random number, r, and calculates the point R = rF on the curve. She then calculates the ciphertext C = M + rBp, where M is the plaintext message. She sends the pair (R, C) to Bob as the ciphertext. Bob can then use his secret key Bk to recover the plaintext message. He calculates the point S = rBp = rBkF and subtracts it from C to obtain M = C—S = M + rBp—rBkF. In this case, Alice first calculates AkBp and uses its result as a key for encryption. Bob can also determine the same number by calculating BkAp. Because:

$${B}_{k}{A}_{p}= {B}_{k} . \left({A}_{k}F\right)= {A}_{k} . \left({B}_{k}F\right)= {A}_{k}{B}_{p}$$
(4)

The method's security relies on the presumption that the computation of k in relation to F and kF will be exceedingly challenging.

Due to the fact that the operation in this method is based on the field; as a result, the use of scaled multiplication algorithms can greatly help to improve the efficiency of encryption based on elliptic curves. Accordingly, the general steps of the method will be as follows:

  • Step 1: The MD-5 hash algorithm is used to create a hash code for the original material before it is encrypted. This is done to enhance the digital signature's effectiveness and verify the data's integrity.

  • Step 2: Utilizing the data's digital signature and encrypted private key, the hash code is created in the preceding phase.

  • Step 3: Elliptic curve encryption is used to encrypt the blowfish algorithm's private key.

  • Step 4: Prior to transmitting the data, the intended information is encrypted using a symmetric encryption algorithm (Blowfish). In fact, at this stage, the symmetric key is used for the encryption operation and to generate the encrypted data string from the original data. Then the encrypted data is sent along with the encrypted strings in the previous step.

  • Step 5: Applying the reverse process on the receiver side; In this case, the received information is decrypted using the private key.

  • Step 6: The blowfish algorithm's private key is used to decode the original data. Then, the review and validation process is performed with the help of the hashing function (digital signature).

Evaluation

The implementation of the proposed solution has been done in the Eclipse software environment and through the use of the Java development kit version 7. In the Java development kit, encryption functions are possible with the help of 2 main libraries, JCA and JCE. JCA functions are fully integrated with the core Java APIs and are able to provide most of the basic cryptographic capabilities. JCE is also used to provide advanced encryption operations. Also, the hardware used has an Intel Core2 Duo processor with a frequency of 2.5 GHz. All evaluations have been performed in the Windows 7 environment. In order to evaluate, the proposed method with AES, 3DES, DES, RSA, PRESENT, and ECDH cryptographic algorithms [19, 20] in artificial criteria, including execution time, throughput, and the amount of memory consumed, have been compared. At first, the solutions with a small data size (50 KB) were evaluated in order to be able to see and check how they work when the data size is small. Then with a data size of 1024 KB (1 MB) and 2048 kilobytes (2 MB), the solutions have been compared and evaluated.

Evaluation criteria

A set of criteria is required to gauge the efficacy of the solution, and the effectiveness of the solution may then be assessed in accordance with these criteria. For this purpose, the following criteria have been selected.

Execution time: It is equal to the time required to perform encryption operations. The execution time is computed using the following relationship:

$$Execution time = Encrypt Start time-end time$$
(5)

In the above relation, the execution time is done through a System timestamp, which is actually a timer in the Java language, so that it will start with the start of the encryption operation and will stop at the end of it. Subtracting these 2 times from each other actually determines the time of implementing the solution.

Throughput: It is equal to the number of tasks that have been processed and encrypted per unit of time. Also, in order to calculate the throughput of solutions, the following relationship is used.

$$Throughtput = \frac{DataSize}{ExecutionTime}$$
(6)

In the above relationship, throughput is obtained by dividing the evaluated data size by the required execution time calculated through the previous relationship.

Results and discussion

The first evaluation is based on the data size of 50 kilobytes, as seen in Fig. 7. The execution time compared to RSA, AES, DES, 3DES, and PRESENT algorithms is 800, 550, 300, 400, and 800 respectively. The milliseconds have decreased, which means that encryption operations have been performed in less time. This sum results from a decrease in execution time brought about by the development and use of the blowfish algorithm for primary data encryption. Blowfish is one of the fastest cryptography methods, considering that it is in the category of fragment codes. Also, through the change made in the F function section, its speed and efficiency have increased. Considering that EC asymmetric algorithm is used in the proposed solution only for key encryption and hash code summary, as a result, it did not have much effect on the execution time.

Fig. 7
figure 7

Execution time—milliseconds (data size: 50 KB)

Full size image

In Fig. 8, the solutions are compared in terms of throughput in the data size of 50 KB. As demonstrated in this assessment, the proposed method exhibits higher throughput than alternative solutions. Accordingly, compared to RSA, AES, 3DES, DES, and ECDH algorithms, the optimality rate has reached 100%. Given that the implementation time for this solution was very low in the evaluation, it was expected to achieve this level of throughput.

Fig. 8
figure 8

Throughput—kilobytes per second (data size: 50 kilobytes)

Full size image

Due to the size of the encrypted data being potentially effective during the execution of the operation, in the second experiment, the data size was increased to 1 megabyte (1024 kilobytes) to compare the efficiency of the algorithms at this volume of data. As can be seen in Fig. 9, the proposed solution has performed better than other algorithms. The execution time has been significantly reduced, with reductions of 240, 240, 130, 80, and 330 ms compared to the DES, 3DES, AES, PRESENT, and ECDH algorithms, which indicates that the proposed solution works faster than these 3 solutions. Also, compared to the RSA asymmetric algorithm, the execution time has been reduced by more than 731 ms, indicating the solution's faster implementation.

Fig. 9
figure 9

Execution time—milliseconds (data size: 1024 KB)

Full size image

Figure 10 also shows the throughput rate of the solutions, which due to the lower execution time, it was predictable that the throughput rate would be higher. Accordingly, the throughput is more than 16% on average compared to AES, 3DES, and DES. It has also reached more than 50% compared to the RSA asymmetric algorithm. In the presented solution, the most execution time is related to the encryption of the main data, which is done by the algorithm. As a result of parallelization and improvement of this part of the solution, it has greatly contributed to reducing the execution time and, consequently, increasing the throughput.

Fig. 10
figure 10

Throughput—kilobytes/second (data size: 1024 kilobytes)

Full size image

Finally, in the last test, the desired algorithms were evaluated with a data volume of 2048 kilobytes (2 megabytes), which Figs. 11 and 12 clearly show that the proposed solution is more optimal. As can be seen, as the amount of data increases, it affects the duration of encryption and causes more time to be needed. However, in this evaluation, the proposed solution was able to complete the operation in less time than DES, 3Des, and RSA algorithms. Accordingly, the execution time compared to the 2 symmetric algorithms 3DES and DES is reduced between 470 and 320 ms, respectively, and on the other hand, the throughput is much more optimized, which can be seen in (11) and (12). In the case of the asymmetric RSA algorithm, the execution time has decreased by more than 670 ms. However, in this experiment, compared to the symmetric AES algorithm, no optimization has been achieved, and considering that the proposed solution offers other capabilities, such as digital signature and hashing, compared to the standard AES algorithm, this amount of increase in execution time can be invisible and will not have much impact on the efficiency of the IoT infrastructure.

Fig. 11
figure 11

Execution time—milliseconds (data size: 2048 KB)

Full size image
Fig. 12
figure 12

Throughput—kilobytes per second (data size: 2048 kilobytes)

Full size image

As seen in Fig. 12, with the increase in data size, the throughput of the solution has also increased, which is due to changes in the F function and the parallelization done in the blowfish encryption core. Its throughput may be much higher than other algorithms. In addition, due to the fact that in the proposed freezing method, data encryption is separated from key encryption; as a result, the simultaneous use of blowfish and EC has not had much effect on performance loss and execution time. Because in this case, only the private key and the hash code are encrypted by EC, and due to their very low volume, it has the least impact on the execution time. On the other hand, the main data, which is quite sizable, is encrypted using enhanced blowfish cryptography, which, due to its high efficiency, execution time, and throughput, is much higher than 3DES, DES, and RSA algorithms.

Memory consumption

They consider the amount of memory consumed by encryption algorithms also important. As a result, in this section, the amount of memory consumption of the proposed method has been evaluated and investigated in comparison with other common encryption solutions. Next, the results of the evaluation are shown in Fig. 13. In this test, the data size used for evaluation is considered equal to 50 kilobytes.

Fig. 13
figure 13

The amount of memory consumed by solutions

Full size image

As seen in Fig. 13 and Table 2, the proposed method has the lowest amount of memory consumption. The reason for this high level of efficiency is the optimization of the cryptographic core, which is improved based on the blowfish algorithm, and this has increased throughput and reduced memory consumption because, in normal conditions, the blowfish algorithm is one of the most optimal algorithms in the field of memory occupation and execution time. Also, the EC algorithm is one of the most optimal asymmetric algorithms in the field of memory consumption due to the use of a 164-bit key. This amount of low memory requirement does not cause any problem in using the proposed method in old infrastructures, but it can also be used in the smallest embedded systems.

Table 2 Memory consumption in compared methods
Full size table

Table 3 summarizes the robustness of various algorithms. Assuming the key size to be N, this is described as what is the hardness in the algorithm. These comparisons are based on the time complexity needed by a breaking attack. A row in this table illustrates the required key length for an equivalent security strength. Actual key sizes used are 128, 192, 256 for AES, and 80, 128 for Hybrid and PRESENT algorithms.

Table 3 Cryptanalysis for ECC illustrating complexity of attack algorithm
Full size table

While the proposed method employs the ECC algorithm for secure private key exchange, Table 3 presents cryptanalysis for ECC, illustrating the complexity of the attack algorithm [21].

As seen in Table 3, the time complexity of the ECC is very high, which can make this algorithm and solutions based on it safe against various attacks, including Brute-Force, Baby-Step, and Pollard’s Rho.

Conclusion

In this research, an optimal encryption solution is proposed to enhance security in the IoT computing infrastructure while improving efficiency. Since symmetric encryption forms the basis of the solution, blowfish has been enhanced; thus, the execution time has dropped and the throughput has increased as a consequence of the encryption process taking less time. On the other hand, using EC asymmetric encryption to secure the key makes the key-sending operation without security challenges related to symmetric algorithms. Also, a digital signature based on SHA-256 was employed to ensure the integrity of the data. This allows for continuous verification and confirmation of the data's completeness during the transmission and receipt. In the evaluation section, the performance of encryption compared to other common encryption algorithms (AES, DES, 3DES, and RSA) was investigated. Because the higher the speed and throughput in this part, which is the core of the operation, the overall performance of the solution will be higher in the IoT infrastructure. The evaluations conducted with various data sizes demonstrate the solution's optimality with regard to execution time, throughput, and memory usage. In the end, it should be mentioned, although it was shown during the evaluations that the proposed solution has a significant effect on improving the efficiency in addition to increasing the security in the IoT infrastructure. Due to the use of symmetric and asymmetric encryption, there are some problems related to these algorithms, the most important of which are as follows:

  • The encryption process requires larger key sizes to achieve the best level of security.

  • Since blowfish encryption requires the same key for both encryption and decryption, it is difficult to scale it to large numbers of IoT devices.