Master of Science Mohsin Khan will Friday July 3rd, 2026, at 12:15 hold his Thesis Defense for the PhD degree in Science. The title of the thesis is:
« Securing Resource-constrained IoT Through Systematic Evaluation of Lightweight Cryptography and Decentralized Capability-based Access Control in Multi-tier Distributed Infrastructures »
Resource-constrained IoT devices are increasingly deployed in safety-critical domains such as healthcare, industrial automation, and critical infrastructure, where they operate within complex, heterogeneous, and latency-sensitive distributed environments. Despite strict computational and energy limits, these devices must participate securely in dynamic infrastructures spanning endpoints, edge, fog, and cloud layers. However, the field lacks consolidated guidance. The lightweight cryptographic algorithms remain scattered across the literature, inconsistently benchmarked, and rarely evaluated on relevant embedded hardware, while existing access-control systems remain largely centralized and not suitable for distributed IoT deployments. Addressing these challenges requires both efficient device-level cryptographic solutions and scalable, verifiable trust mechanisms that operate coherently across heterogeneous nodes.
This thesis delivers two interconnected contributions to IoT security. First, it establishes a comprehensive evaluation framework for lightweight cryptography, built through systematic surveys and empirical benchmarking on AVR and ARM platforms. The surveys are structured around architectural design, hardware and software implementation performance, and cryptanalytic analysis. The benchmarking framework captures precise measurements of execution time, memory usage, and energy consumption on representative embedded hardware. A novel E-RANK metric is introduced to consolidate these measurements into a single composite efficiency score, enabling principled selection of lightweight cryptographic primitives for resource-constrained IoT devices.
Second, the thesis introduces BlockCap, a decentralized authentication and authorization system developed for hierarchical IoT environments. BlockCap integrates a capability-based access-control model with a permissioned blockchain operating under QBFT consensus, enabling synchronized capability management, immutable auditability, and scalable trust propagation across edge, fog, and cloud layers, while ensuring lightweight participation for resource-constrained endpoint devices.
The two contributions collectively establish a novel security foundation for distributed IoT infrastructures, spanning from the selection and validation of lightweight cryptographic primitives at individual devices to the enforcement of dynamic, auditable trust relationships across the distributed IoT infrastructure. The thesis demonstrates that secure safety-critical IoT environments can be both lightweight and decentralized.
1st Opponent: Professor Luís Antunes, University of Porto, Portugal
2nd Opponent: Professor Nils Gruschka, Department of Informatics, University of Oslo, Norway
Internal member and leader of the committee: Associate Professor, Vi Tran Ngoc Nha, Department of Informatics, UiT, Norway
The defence and trial lecture will be streamed from these following links at Panopto:
Defence (12:15 - 16:00)
Trial Lecture (10:15 - 11:15)
The abstract of the thesis is available at Munin Here.