RESUMO
The IoT has become an integral part of the technological ecosystem that we all depend on. The increase in the number of IoT devices has also brought with it security concerns. Lightweight cryptography (LWC) has evolved to be a promising solution to improve the privacy and confidentiality aspect of IoT devices. The challenge is to choose the right algorithm from a plethora of choices. This work aims to compare three different LWC algorithms: AES-128, SPECK, and ASCON. The comparison is made by measuring various criteria such as execution time, memory utilization, latency, throughput, and security robustness of the algorithms in IoT boards with constrained computational capabilities and power. These metrics are crucial to determine the suitability and help in making informed decisions on choosing the right cryptographic algorithms to strike a balance between security and performance. Through the evaluation it is observed that SPECK exhibits better performance in resource-constrained IoT devices.
RESUMO
We present the 'NoSQL Injection Dataset for MongoDB, a comprehensive collection of data obtained from diverse projects focusing on NoSQL attacks on MongoDB databases. In the present era, we can classify databases into three main types: structured, semi-structured, and unstructured. While structured databases have played a prominent role in the past, unstructured databases like MongoDB are currently experiencing remarkable growth. Consequently, the vulnerabilities associated with these databases are also increasing. Hence, we have gathered a comprehensive dataset comprising 400 NoSQL injection commands. These commands are segregated into two categories: 221 malicious commands and 179 benign commands. The dataset was meticulously curated by combining both manually authored commands and those acquired through web scraping from reputable sources. The collected dataset serves as a valuable resource for studying and analysing NoSQL injection vulnerabilities, offering insights into potential security threats and aiding in the development of robust protection mechanisms against such attacks. The dataset includes a blend of complex and simple commands that have been enhanced. The dataset is well-suited for machine learning and data analysis, especially for security enthusiasts. The security professionals can use this dataset to train or fine tune the AI-models or LLMs in order to achieve higher attack detection accuracy. The security enthusiasts can also augment this dataset to generate more NoSQL commands and create robust security tools.