Abstract
Security is one of the major concerns in many Wireless Sensor Network (WSN) applications. A number of cryptographic algorithms have been developed to provide security services in WSNs. However, selecting an energy-efficient and lightweight cipher is a challenging task due to resource constrained nature of sensor nodes. Systematic evaluation of cryptographic algorithms is, therefore, necessary to provide a good understanding of the trade-off between security performance and operational cost. In this paper, we have examined five block ciphers: Skipjack, Corrected Block Tiny Encryption Algorithm (XXTEA), RC5, Advanced Encryption Standard (AES), and Chaotic-Map and Genetic-Operations based Encryption Algorithm (CGEA). The performance of these ciphers is evaluated on Arduino Pro and Mica2 sensor motes. Then the memory usage, operation time, and computational cost are compared. Finally, some recommendations are provided on evaluated block ciphers and implementation platforms.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
- Block ciphers
- Memory-and-energy-efficiency
- Operational cost
- Performance evaluation
- Wireless sensor networks
1 Introduction
Wireless Sensor Networks consist of a large number of low-cost sensor nodes (SNs) which are randomly deployed in hostile environments [7]. These battery-powered SNs have low memory, weak processors, and limited communication capabilities. Therefore, to achieve energy efficiency in WSNs, a number of secure and lightweight block ciphers are proposed in the past few years. However, the experimental results show that many of these ciphers have poor performance compared to conventional ciphers [11]. Thus, performance evaluation is important to provide a benchmark of different cryptographic schemes.
The implementation of security policies has to maintain a trade-off between cost and performance. For example, many WSN applications require complex cryptographic algorithms to provide an enhanced level of security. However, the cost increases as powerful SNs are required to implement the crypto-system. Therefore, it is necessary to clearly understand the relationship between implementation cost and effectiveness. Table 1 presents a comparative view of costs, and hardware specifications of a number of commonly used sensor motes. The table shows that EZ430-RF2500 and Arduino Pro motes are less costly but they also have less memory. Hence, performance evaluation of cryptographic schemes on low-cost SNs is necessary to examine the feasibility of cost-effective platforms.
This paper presents an experimental evaluation of cryptographic algorithms mainly based on actual sensor hardware. A number of block ciphers are implemented in Mica2 and Arduino Pro mote platforms in order to compare the memory efficiency, computational cost, and operation time. Finally, based on the experimental results, some critical insights are provided that will be useful to choose the best cryptographic algorithm and implementation platform.
The rest of the paper is organized as follows: Sect. 2 describes the related works. Section 3 presents an overview of evaluated block ciphers in WSNs. Section 4 details the implementation platforms. Performance evaluation and analysis are presented in Sect. 5. Section 6 discusses and concludes the paper.
2 Related Work
Law et al. present a systematic evaluation framework that considers security properties and memory-and-energy-efficiency of the block ciphers for WSNs [16]. The authors recommend to use Rijndael cipher for security and energy efficiency, whereas MISTY1 is suggested for storage and energy efficiency.
A comparative performance analysis of RC6, AES, and Scalable Encryption Algorithm (SEA) shows that SEA requires less memory compared to AES and RC6 ciphers, whereas AES and RC6 achieve best performance in terms of execution time and bandwidth usage respectively [10].
Zhang et al. derived and compared computational energy cost of symmetric key ciphers with respect to different block and payload size [21]. Furthermore, the authors recommend the Byte-oriented Substitution-Permutation Network (BSPN) cipher to ensure security and energy efficiency in WSNs.
The effects of symmetric block ciphers on WSN performance and behaviour are analyzed to identify critical network parameters by [1]. AES, RC5, and Skipjack ciphers are implemented on MicaZ and TelosB motes as well as important trade-offs are provided both qualitatively and quantitatively.
Eisenbarth et al. implemented 12 block ciphers on an ATMEL AVR ATtiny45 8-bit microcontroller to achieve comparable results [13]. Lightweight implementation of the ciphers with a footprint of less than 256 bytes RAM and 4 kB code size for encryption and decryption has been performed to provide a good understanding of the cost versus performance trade-off.
Trad et al. measured and compared the memory efficiency, operation time, and energy consumption of AES, RC5, and RC6 algorithms in Mica2 sensor motes [18]. The experimental outcomes show that RC5 is the most suitable block cipher in terms of time and energy-efficiency.
In addition to conventional cryptographic algorithms, several lightweight block ciphers such as HIGHT [15], Simple Lightweight Encryption Scheme [8], and Lightweight Security Protocol [5] are implemented on Mica2 motes. These algorithms are energy-efficient and provide a good level of security in WSNs.
This work implements a number of block ciphers on two different hardware platforms and investigates the security performance and operational cost. The experimental results show the effectiveness of the evaluated block ciphers.
3 Overview of Implemented Block Ciphers
Skipjack, XXTEA, RC5, AES, and CGEA ciphers are described in this section. Table 2 lists the parameters adopted for each block cipher in our experiments.
Skipjack uses an 80-bit key over 64-bit data blocks. It implements an unbalanced Feistel network with 32 rounds. Biiham et al. presented an attack against 31 of 32 rounds using impossible differential cryptanalysis [3]. Moreover, short key length makes Skipjack vulnerable to exhaustive key search attack.
XXTEA has 64-bit block length and 128-bit key length. It implements an unbalanced Fiestel network with variable number of rounds (6–32 full cycles). The last reported attack against the full-round XXTEA presents a chosen plaintext attack based on differential cryptanalysis using 259 queries [20].
RC5 is a flexible block cipher with variable parameters: block size (32, 64, or 128-bits), key size (0–2040-bits), and number of rounds (0–255). It is a widely used block cipher in WSNs. However, 12-round RC5 with 64-bit blocks is vulnerable to a differential attack using 244 chosen plaintext [4].
AES is an iterative block cipher based on a substitution-permutation network and has 128 bits fixed block size. It operates on a 4 × 4 array of bytes. AES running on 10, 12, and 14 rounds for 128, 192, and 256-bits key respectively is vulnerable [9].
CGEA is a lightweight block cipher that uses chaotic map to generate pseudorandom bit sequence [6]. The 256-bit blocks of the sequence is used as key to encrypt or decrypt 128-bit data blocks. The algorithm implements XOR, mutation, and crossover operations on plaintext to generate the ciphertext. Instead of using rounds, it performs crossover operation for each byte of data in plaintext.
4 Implementation Environmnet
4.1 Hardware Specification
Arduino Pro is a microcontroller board based on ATmega168/328 [2]. In experiments, USB powered Arduino Pro (328) motes used with following configurations: Operating voltage—3.3 V, Clock speed—8 MHz, RAM—2 kB, FLASH—32 kB, EEPROM—1 kB, Radio unit—nrf24L01, and Data rate—19.2 kbps.
Mica2 is a low-power sensor mote based on ATmega128L processor [12]. USB powered Mica2 motes used in experiments with following configurations: Operating voltage—3.3 V, Clock speed—8 MHz, RAM—4 kB, Flash—128 kB, EEPROM—512 kB, Radio unit—CC1000, and Data rate—19.2 kbps (Fig. 1).
Experimental setup: a USB powered Mica2 mote, b USB powered Arduino Pro mote with programmer board, c Battery powered Arduino Pro mote
4.2 Software Specification
The source code of each block cipher is written in Arduino IDE to compile and upload on Arduino Pro motes. In our experiments, two built-in library functions (microsecondsToClockCycles(), and Serial.print()) are used to obtain and print CPU cycles and encryption time.
A high-level component-based programming language (nesC) [14] is used to implement the ciphers on Mica2 motes. The LocalTime.get(), and prinf() functions are used to get the execution time, whereas the CPU cycles are obtained by using the ATEMU [17].
Finally, the avr-size and avr-objdump utilities are used to measure the memory usage on Arduino Pro and Mica2 motes respectively. These two utilities display the header information of object files. The information includes the size of RAM and ROM in terms of text, data, and bss section.
5 Performance Evaluation and Analysis
This section presents a comparative performance analysis of optimized Skipjack, XXTEA, RC5, AES, and CGEA block ciphers implemented on Mica2 and Arduino Pro motes. To make the comparison, three crucial parameters have been selected: memory consumption, computational cost, and operation time.
5.1 Memory Consumption
Memory consumption is a significant performance metric that can be used to select encryption algorithms with less memory overhead. Table 3 shows the amount of memory consumed by each block cipher on Mica2 and Arduino Pro platforms. It can be seen that Skipjack and AES-256 require more memory compared to other algorithms. The memory requirement of AES-128 is slightly lower compared to AES-256 whereas RC5 is the lightest among all algorithms.
Critical observations—Both Skipjack and AES uses a big S-box of 256-bytes, and as a result the algorithms occupy a significant amount of memory. XXTEA, RC5, and CGEA require less memory for execution and is, therefore, suitable for memory constrained SNs like Arduino Pro. One important observation is that the implementation of AES-256 on Arduino Pro mote shows a message regarding low available memory. Therefore, cryptographic algorithms that use excessive memory may experience stability problem on Arduino Pro platform.
5.2 Computational Cost
The energy efficiency of an algorithm can be calculated from its computational complexity. Assuming the energy consumption per CPU cycle is fixed, the amount of consumed energy per byte can be computed by measuring the number of CPU cycles required to process one byte of plaintext. However, Table 4 shows the total number of CPU cycles required by each algorithm to encrypt 32 bytes data. It can be seen that Skipjack is the most energy efficient block cipher, whereas the performance of AES-256 is worst among all algorithms. It is also noted that AES-128 performs two times better than AES-256.
Critical Observations—The key size and number of rounds play a significant role in computational complexity. The implementation of AES-128 block cipher reduces more than half of computational cost required by AES-256 due to small size of key and less number of rounds. It is also noted that RC5 consumes more CPU cycles compared to AES-128 in spite of having the same size key. The reason is that RC5 executes 14 rounds, whereas AES-128 uses 10 rounds only.
5.3 Operation Cost
Operation speed indicates time efficiency and is defined in terms of encryption time and communication time. Encryption time is the amount of time spent to encrypt the plaintext, whereas the time required to encrypt and successfully send the ciphertext is defined as communication time. Figure 2 shows the execution time required to encrypt 32 bytes data. It can be seen that Skipjack is more than 7 and 6 times faster compared to AES and CGEA ciphers respectively. In addition, AES-128 cipher reduces more than half of AES-256 encryption time. The same results are obtained for communication time experiment as shown in Fig. 3.
Encryption time
Communication time
Critical observations—Skipjack algorithm is most efficient since it generates the shortest expanded key among all block ciphers. Similarly, the use of 128-bits key in AES-128 shows better performance compared to AES-256 cipher. XXTEA also requires low encryption time since the cipher is structured with simple XOR and shift operations. The longer word size (32-bit) leads to longer execution times for both key setup and encryption phases in RC5. The CGEA block cipher also takes significant amount of encryption time to perform crossover operations by repeatedly swapping the values at different memory locations.
6 Discussion and Conclusions
According to the experimental results, RC5 is the most memory efficient block cipher. XXTEA and CGEA are also potential candidates for memory constrained SNs like Arduino Pro. On the other hand, Skipjack shows best performance in terms of operation time and computational cost. XXTEA and AES-128 ciphers also consume low energy. However, from a security perspective, Skipjack is a high risk algorithm because of shorter key length. Similarly, XXTEA and RC5 are vulnerable to a number of security attacks such as timing attack, and chosen plaintext attack. Moreover, 128-bits key is not secure against quantum attack. The quantum computing systems are able to break 128-bits key with time 264 [19]. However, AES-256 and CGEA would still be secure against exhaustive search due to 256-bits key length. Therefore, we recommend to use AES-256 or CGEA block ciphers when security is a priority. RC5, XXTEA, and AES-128 ciphers can be used for the applications that require minimum level security.
This paper presents a comparative performance analysis of Skipjack, XXTEA, RC5, AES, and CGEA block ciphers. It is noted that Arduino Pro requires slightly more execution and communication time compared to Mica2 which is negligible. Therefore, it will be cost-effective to use Arduino Pro for common WSN applications such as environmental monitoring instead of time critical and high-memory-demand applications. Our future works will evaluate the performance of stream ciphers and compare the results with block ciphers.
References
Antonopoulos, C., Petropoulos, C., Antonopoulos, K., Triantafyllou, V., Voros, N.: The effect of symmetric block ciphers on WSN performance and behavior. IEEE WiMob, pp. 799–806. Barcelona (2012)
Arduino Inc.: Arduino Pro (n.d.). https://www.arduino.cc/en/Main/ArduinoBoardPro
Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. J. Crypt. 18(4), 291–311 (2005)
Biryukov, A., Kushilevitz, E.: Improved cryptanalysis of RC5. In: Kaisa, N. (ed) EUROCRYPT’98, LNCS. 1403, pp. 85–99. Springer, Heidelberg (1998)
Biswas, K.: Lightweight security protocol for WSNs. In: International Symposium on WoWMoM, pp. 1–2. Sydney (2014)
Biswas, K., Muthukkumarasamy, V., Singh, K.: An encryption scheme using chaotic map and genetic operations for WSNs. IEEE Sens. J. 15(11), 2801–2809 (2015)
Biswas, K., Muthukkumarasamy, V., Sithirasenan, E.: Maximal clique based clustering scheme for WSNs. IEEE ISSNIP, pp. 237–241. Melbourne (2013)
Biswas, K., Muthukkumarasamy, V., Sithirasenan, E., Singh, K.: A simple lightweight encryption scheme for WSNs. ICDCN, LNCS. 8314, pp. 499–504. Coimbatore: Springer, Heidelberg (2014)
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D., Wang, X. (ed) ASIACRYPT. LNCS. 7073, pp. 344–371. Springer, Heidelberg (2011)
Çakırolu, M., Bayilmi, C., Özcerit, T., Çetin, Ö.: Performance evaluation of scalable encryption algorithm for WSNs. J. Sci. Res. Essays 5(9), 856–861 (2010)
Cazorla, M., Marquet, K., Minier, M.: Survey and benchmark of lightweight block ciphers for WSNs. SECRYPT (2013)
Crossbow Technology.: MICA2, Wireless Measurement System (n.d.). http://www.eol. ucar.edu/isf/facilities/isa/internal/CrossBow/DataSheets/ mica2.pdf
Eisenbarth, T., Gong, Z., Güneysu, T., Heyse, S., Indesteege, S., Kerckhof, S., Oldenzeel, L. et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. AFRICACRYPT, pp. 172–187. Springer Berlin Heidelberg (2012)
Gay, D., Levis, P., Behren, R., Welsh, M., Brewer, E., Culler, D.: The nesC language: a holistic approach to networked embedded systems. ACM SIGPLAN Not. 38(5), 1–11 (2003)
Koo, W., Lee, H., Kim, Y., Lee, D.: Implementation and analysis of new lightweight cryptographic algorithm suitable for WSNs. ISA, pp. 73–76 (2008)
Law, Y., Doumen, J., Hartel, P.: Survey and benchmark of block ciphers for WSNs. ACM Trans. Sen. Netw. 2(1), 65–93 (2006)
Polley, J., Blazakis, D., Mcgee, J., Rusk, D., Baras, J.: ATEMU: a fine grained sensor network simulator. IEEE SECON, pp. 145–152 (2004)
Trad, A., Bahattab, A.A., Othman, S.B.: Performance trade-offs of encryption algorithms for WSNs. WCCAIS, pp. 1–6. Hammamet (2014)
Wu, D.: Introduction to Cryptography, Lecture Notes, Stanford University (n.d.). http://crypto.stanford.edu/~dwu4/notes/CS255LectureNotes.pdf
Yarrkov, E.: Cryptanalysis of XXTEA (n.d.). http://eprint.iacr.org/2010/254.pdf
Zhang, X., Heys, H., Li, C.: Energy efficiency of symmetric key cryptographic algorithms in WSNs. QBSC Symposium, pp. 168–172. Kingston (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Biswas, K., Muthukkumarasamy, V., Wu, XW., Singh, K. (2016). Performance Evaluation of Block Ciphers for Wireless Sensor Networks. In: Choudhary, R., Mandal, J., Auluck, N., Nagarajaram, H. (eds) Advanced Computing and Communication Technologies. Advances in Intelligent Systems and Computing, vol 452. Springer, Singapore. https://doi.org/10.1007/978-981-10-1023-1_44
Download citation
DOI: https://doi.org/10.1007/978-981-10-1023-1_44
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-1021-7
Online ISBN: 978-981-10-1023-1
eBook Packages: EngineeringEngineering (R0)