In the Internet of Things (IoT) ecosystem, data communication is performed between machines without human intervention, where both the communication protocol and the transmitted data require robust protection mechanisms. Data modification and theft represent major threats that compromise the reliability and trustworthiness of IoT systems.
In this study, we design an efficient data protection mechanism based on AES-GCM (Advanced Encryption Standard with Galois/Counter Mode), ensuring data integrity and confidentiality with minimal computational overhead, making it suitable for resource-constrained IoT devices.
Performance evaluation was conducted by measuring encryption time and memory consumption across three AES key lengths (128, 192, and 256 bits) and five payload sizes (256 to 32,768 bytes) on ESP32 hardware.
The experimental results demonstrate that encryption time scales linearly from 1.126 ms for 256-byte payloads to 29.584 ms for 32 KB payloads, representing less than 3% processing overhead for typical IoT transmission intervals. Furthermore, key length has minimal impact on performance (less than 3% variation), enabling the use of AES-256 for stronger security without compromising real-time responsiveness in resource-constrained IoT applications.