Sie sind auf Seite 1von 4

Analyzing Energy and Time Overhead of Security

Mechanisms in Wireless Sensor Networks

P. Trakadas, T. Zahariadis, H.C. Leligou, S. Voliotis, K. Papadopoulos


Dept. of Electrical Engineering, TEI of Chalkis
Psahna, Chalkis, Greece,
Phone:+30-2228099550, E-mail: e-mail: trakadasp@yahoo.gr, {zahariad, leligou, svoliotis, cpap}@teihal.gr

Keywords: Sensor networks, security, energy consumption overhead

network structure (number of nodes, transmission range,


Abstract - The primary requirements of a successful Wireless required bandwidth, use of cluster nodes, etc). Thus, the
Sensor Network security architecture are confidentiality, decision of the proper algorithm is a difficult, multi-
integrity and authentication. Most of these security objectives variable problem.
can be addressed using appropriate hash functions and In the next sections we present an overview of the
cryptography schemes. By applying these mechanisms, the simulated and experimental results for different hardware
energy consumption increases, shortening the sensor node platforms obtained when adopting a variety of hashing
lifetime. On the other hand, the selection of a highly secure functions and cryptographic algorithms, including
encryption algorithm might lead to unacceptable symmetric-key and public-key cryptography solutions.
computational time, taking into account the constrained Finally, we evaluate the algorithms performance and
processor power of the sensor nodes. This paper presents an applicability on different application areas and network
overview of the results published in the literature regarding requirements.
time and energy consumption overhead of hashing and
encryption mechanisms in Wireless Sensor Networks. The
evaluation of these results helps on the selection of the 2. SYMMETRIC-KEY CRYPTOGRAPHY
appropriate algorithms, depending on the application. ALGORITHMS AND HASHING FUNCTIONS

The results presented in the literature are either based on


1. INTRODUCTION
simulation tests, or on measurements performed on real
sensor nodes with different processors and RF modules.
Nowadays, Wireless Sensor Networks (WSN) have
In an early publication [5], the authors estimated that the
become a major research domain in the communications
energy per bit consumed by MIPS R4400 (used by
community. In WSNs, security plays an important role
Sensoria Corporation) and MC68328 “DragonBall”
since most of the applications that this type of networks
(Rockwell Science Corporation) processors for performing
target are closely related to critical infrastructure such as
AES encryption/decryption operations are 9 nJ/bit and 101
surveillance, medical data, homeland security, etc. There
nJ/bit, respectively, while for SHA-1 hashing function the
are numerous papers in the literature [1] – [4] presenting
same processors consume 7.2 nJ/bit and 41 nJ/bit,
the security requirements of WSNs. By all security
respectively. In the same paper, the energy consumption of
requirements mentioned in these papers, confidentiality,
Sensoria Corporation RF subsystem (WINS NG) has been
integrity and authentication are recognized as the most
estimated as 0.021 mJ/bit for transmission at 10kbps, while
important ones. These requirements can be fulfilled by
in reception mode, the energy consumption was estimated
applying the proper cryptographic algorithms and hashing
equal to 0.014nJ/bit, leading to the conclusion that
functions.
transmission energy consumption rate is about three orders
On the other hand, energy limitation is the greatest of magnitude greater than the energy consumption rates for
constraint to WSN operation, directly affecting availability, encryption and hashing operations. Also, in [6], results for
which can also be seen as a security requirement. It is a number of encryption and hashing mechanisms (RC4,
important to mention that satisfying these security RC5, IDEA, MD5, SHA-1) for five different embedded
requirements does not come at no cost. When processors are presented, covering the range from low-end
implementing security mechanisms within a WSN, there is to high-end applications (Atmega 103, Atmega 128,
a direct impact on the lifetime of WSN. The extra power M16C/10, SA-1110, PXA250). Several useful results are
consumed by sensor nodes for security purposes is related mentioned in this work, including the time needed to
to the processing required to execute security functions execute the operations, as well as the related clock cycles
(e.g. encryption, decryption, hashing, signature and the normalized overhead for all algorithms, platforms
verification), the energy required for the overhead data and data sizes.
transmission and the energy required to store security
On the other hand, in [7], the authors present simulation
parameters in a secure manner (e.g. cryptographic key
results for specific hardware implementations of the AES
storage).
and SHA-1, optimized for ultra-low power applications
When designing a WSN, one has to take into account (Table 1). Apart from energy consumption (based on the
several factors, including the sensor lifetime, the security TinySec protocol), the comparison of 128-bits AES and
level (highly related to the specific application), the
SHA-1 is also based on the encryption and authentication characteristic data for the Mica2dot platform results. It is
functions with respect to their footprint, speed and power. interesting to note that the power required to transmit 1 bit
is equivalent to about 2090 clock cycles of execution on
the microcontroller alone and, as a conclusion, the energy
cost of computation is smaller compared to data
MAC Encryption
Encryption &
transmission.
MAC
AES SHA-1 AES SHA-1 AES SHA-1
Energy (nJ) 76.42 43.32 50.95 43.32 127.36 86.64
Field Value
Power (µW) 23.85 26.74 23.85 26.74 23.85 26.74
Effective data rate 12.4 kbps
Time (ms) 3.20 1.62 2.14 1.62 5.34 3.24
Energy to transmit 59.2 µJ/byte
Energy/bit
0.33 0.19 0.22 0.19 0.55 0.37 Energy to receive 28.6 µJ/byte
(nJ)
ATmega128L active mode 13.8 mW
ATmega128L power down mode .0075 mW
Table 1. Energy consumption and execution times for AES ATmega128L MIPS/Watt 289 MIPS/W
and SHA-1 implementations
Table 2. Characteristic data for the Mica2dot sensor platform at
3V, 4MHz, 915 MHz transceiver, transmit power 3 mW (5 dBm).
In [11], the authors present results for the average energy
consumed for AES-128 and SHA-1 operations on a
Mica2dot sensor node for data array inputs ranging from Additionally, Table 3 compares the energy consumed by
64 to 1024 bytes. The specific values are: 1.62/2.49 µJ/bit RSA-1024 and ECC-160 for generating and verifying
for encryption/decryption and 5.9 µJ/bit for SHA-1. signatures and the energy cost of key exchanges excluding
Finally, in [8] – [9], the authors study the behaviour of authentication and certificate verification. While the cost of
wireless sensor nodes performing cryptographic operations RSA verification is small, it is overshadowed by the more
and present the results of an experimental evaluation using expensive sign operation, both of which are required for
real sensor hardware. Specifically, the hardware platform authentication. In comparison, ECDSA signatures are
used was BTnodes developed by ETH Zurich, running the significantly cheaper than RSA signatures, while ECDSA
NutOS operating system software. In order to evaluate the verifications are within reasonable range of RSA
performance of the cryptographic algorithms on the verification. To put these numbers into perspective, one
described sensor nodes, they executed several RSA-1024 sign operation is equivalent to transmitting
measurements, including hashing/encrypting data arrays of 5,132 bytes, compared to 385 bytes for an ECDSA-160
different size, hashing/encrypting when the sensor node RF sign operation.
subsystem is enabled, as well as when it is in idle mode, in
receiving mode and in disabled mode. The results reveal
that for the data array of 1024bytes, hashing takes about Algorithm Signature Key Exchange
43ms with MD5 and 129ms with SHA-1. Encrypting with Sign Verify Client Server
AES takes 1.67s. Another useful result is that the [mJ] [mJ] [mJ] [mJ]
computation times increase linearly with the amount of RSA-1024 304 11.9 15.4 304
data being processed. ECDSA-160 22.82 45.09 22.3 22.3

Table 3. Energy cost of digital signature and key exchange


3. PUBLIC-KEY CRYPTOGRAPHY computations
ALGORITHMS

Public-key cryptography has been considered for a long


Furthermore, in [12], the authors measured the time needed
time to be computationally too expensive for sensor nodes.
by several hardware platforms (MICA2dot, MICA2,
However, public-key algorithms turned out to be very
beneficial for issues such as key distribution, MICAz and TelosB) to perform the handshake server side
authentication, etc. Although RSA, which is one of the step of the secure SSL/TLS communication, as shown in
most widely used public-key algorithm, might practically Table 4.
be unaffordable for such power constraint devices, elliptic
curve cryptography is an attractive solution for such
environments, because it provides the same level of Sensor node RSA-1024 ECC-160
security while requiring much shorter keys and MICA2DOT 22sec 1.6sec
consequently less memory, bandwidth and computational MICA2/MICAz 12sec 0.87sec
consumption [13]. More precisely, ECC with 160-bit keys TelosB 5.7sec 0.5sec
(ECC-160) is equivalent in security strength to RSA with
1024-bit keys (RSA-1024).
Table 4: Time values for RSA-1024 and ECC-160.
In the sequence we focus on the evaluation of the
Elliptic Curve Diffie-Hellman (ECDH) algorithm for key
exchange and the Elliptic Curve Digital Signature
Algorithm (ECDSA) for generation and verification of
ECC-based signatures. In [11], the authors conducted
experiments on the Mica2dot sensor node. Table 2 presents
Signature Key Exchange

.MICA2DOT
Generation Verification Client Server
RSA-1024 363.50mWs 14.19mWs 18.48mWs 363.50mWs
22.03sec 0.86sec 1.12sec 22.03sec
ECC-160 27.23mWs 53.96mWs 26.73mWs 26.73mWs
1.65sec 3.27sec 1.62sec 1.62sec
Signature Key Exchange
MICA2/MIC Generation Verification Client Server
Az RSA-1024 359.87mWs 14.05mWs 18.30mWs 359.87mWs
12.04sec 0.47sec 0.61sec 12.04sec
ECC-160 26.96mWs 53.42mWs 26.46mWs 26.46mWs
0.89sec 1.77sec 0.88sec 0.88sec
Signature Key Exchange
Generation Verification Client Server
TelosB

RSA-1024 68.97mWs 2.70mWs 3.51mWs 68.77mWs


5.66sec 0.22sec 0.29sec 5.66sec
ECC-160 6.26mWs 12.41mWs 6.15mWs 6.15mWs
0.52sec 1.02sec 0.51sec 0.51sec

Table 5: Estimated time and power consumption for signature generation/verification and key exchange for the client and server side

Making use of the results presented in [11]-[12], the


authors in [10] estimated the real influence of public key Type of Power Power per bit
cryptography to the lifetime of a sensor node in wireless Transmission [mW] [µWs/bit]
sensor networks. The sensor nodes used for the results of RX 22.2/28.8 0.578/0.750
this paper are: MICA2DOT, MICA2, MICAz (based on the TX -20dBm 15.9/25.8 0.414/0.672
ATmega128L microcontroller from ATMEL) and TelosB TX -5dBm 26.7/41.4 0.696/1.078
(based on the MSP430F1611 microcontroller from Texas TX 0dBm 31.2/49.5 0.812/1.290
Instruments). More specifically, the authors estimated the TX +5dBm 44.6/76.2 1.160/1.984
power consumption and time needed for the above TX +10dBm 80.1/- 2.086/-
operations/algorithms for signature generation/verification
and key exchange for server and client side, as shown in Table 7: Transmission power consumption for CC1000
Table 5.
In addition, the same paper presents results for the
transmission power consumption. MICA2 and
Combining all the aforementioned results, the lifetime of
MICA2DOT use 433MHz or 868MHz radio chip CC1000
the sensor nodes can be estimated as shown in Table 8 (for
and MICAz and TelosB use ZigBee 2.4 GHz radio chip
RSA-1024) and 9 (for ECC 160). Please note that the
CC2420. The two radio types differ in performance.
results included in this table have been produced taking
ZigBee devices transmit data with 250kbit/s data rate with
only into account the energy consumed for the described
maximum power of 0 dBm and CC1000 chips allows data
operations (handshake, signature verification and
rates up to 76.8kbit/s with maximum power of 10dBm
transmission/reception).
(@433MHz) or 5dBm (@868MHz). The MICA nodes that
use the CC1000 chip use Manchester encoding, reducing
the maximum transmission rate to 38.4kbit/s. The data in
the following Table 6 show that the higher power Node Duty cycle Lifetime
consumption of CC2420 is compensated by the lower cost [%] [hrs]
of per bit transmission. The same figures for CC1000 Every 30 MICA2DOT 73.4333 100.91
module operating at 433MHz and 868MHz are included in seconds MICA2/MICAz 4.01333 155.73
table 7. TelosB 18.8666 828.18
Every 60 MICA2DOT 36.7166 201.82
seconds MICA2/MICAz 20.0666 311.46
TelosB 9.4333 1656.37
Type of Power Power per bit
Every 600 MICA2DOT 3.6716 2018.19
Transmission [mW] [µWs/bit]
seconds MICA2/MICAz 2.0066 3114.62
RX 56.4 0.226
TelosB 0.9433 16563.66
TX -25dBm 25.5 0.102
Every 3600 MICA2DOT 0.6119 12109.82
TX -15dBm 29.7 0.119
seconds MICA2/MICAz 0.3344 18687.72
TX -10dBm 33.0 0.132
TelosB 0.1572 99381.98
TX -5dBm 42.0 0.168
TX 0dBm 52.2 0.209
Table 8: Lifetime estimation of sensor platforms RSA-1024
signature generation
Table 6: Transmission power consumption results for CC2420
RF modules
Node Duty cycle Lifetime REFERENCES
[%] [hrs]
Every 5 MICA2DOT 33.0000 224.55 [1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E.
seconds MICA2/MICAz 17.8000 351.12 Cayirci, “A survey on sensor networks”, IEEE
TelosB 10.4000 1502.40 Communications Magazine, 40(8):102–114, August 2002.
Every 30 MICA2DOT 5.5000 1347.27 [2] D. Djenouri, L. Khelladi, N. Badache, “A Survey of
seconds MICA2/MICAz 2.9666 2106.74
security issues in Mobile Ad Hoc and sensor Networks”,
TelosB 1.7333 9014.42
IEEE Communications Surveys, 4th Quarter, 2005, vol. 7,
Every 300 MICA2DOT 0.5500 13472.73
seconds MICA2/MICAz 0.2966 21067.41 pp. 2-28.
TelosB 0.1733 90144.23 [3] Chris Karlof, David Wagner, “Secure Routing in Wireless
Every 600 MICA2DOT 0.2750 26945.45 Sensor Networks: Attacks and Countermeasures”,
seconds MICA2/MICAz 0.1483 42134.48 Proceedings of the IEEE International Workshop on
TelosB 0.0866 180288.46 Sensor Network Protocols and Applications, pp. 113-127,
May 2003.
[4] J. P. Walters, Z. Liang, W. Shi, V. Chaudhary, “Wireless
Table 9: Lifetime estimation of sensor platforms for ECC-160
signature generation Sensor Network Security: A Survey”, Chapter 17, Security
in Distributed, Grid and Pervasive Computing, 2006
Auerbach Publications, CRC Press.
4. CONCLUSION [5] D. Karman et al., “Constraints and Approaches for
Distributed Sensor Network Security”, NAI Labs Technical
The target of our work was to investigate the cost of Report #00-010, September 2000.
implementing hashing functions and cryptography [6] P. Ganesan, et al., “Analyzing and Modeling Encryption
algorithms in sensor nodes, in terms of time and energy Overhead for Sensor Network Nodes”, Proceedings of the
overhead problems. 2nd ACM international conference on Wireless sensor
It was shown that the computational and transmission networks and applications PP.: 151 - 159, 2003.
energy required for the operation of a security function is [7] J-P. Kaps and B. Sunar, “Energy Comparison of AES and
mainly related to three factors: the processor and RF SHA-1 for Ubiquitous Computing”, Lecture Notes in
subsystem power consumption, the processor clock Computer Science, Emerging Directions in Embedded and
frequency and the number of clock cycles needed by the Ubiquitous Computing, Springer Berlin / Heidelberg.
processor to compute the security function, where the latest
[8] M. Passing and F. Dressler., “Experimental Performance
depends heavily on the security function selection and the
Evaluation of Cryptographic Algorithms on Sensor
software implementation. Another crucial parameter that
should be taken into account when choosing the security Nodes”, IEEE International Conference on Mobile Adhoc
scheme to adopt is the sensor lifetime, i.e. the decision is a and Sensor Systems (MASS), 2006 Oct. 2006 Page(s):882
clear trade-off between security level and lifetime. In other – 887.
words, in cases that a lifetime equal to some days is [9] M. Passing and F. Dressler., “Practical Evaluation of the
adequate (which can be the case for the homeland security Performance Impact of Security Mechanisms in Sensor
scenario), the implementation of ECC-160 (or even RSA- Networks”, 31st IEEE Conference on Local Computer
1024) is affordable, taking also into account the security Networks, Nov. 2006 Page(s):623 – 629.
level provided by this scheme. On the other hand, in [10] K. Piotrowski, P. Langendoerfer, S. Peter, “How Public
scenarios such as vehicular and traffic information and Key Cryptography influences wireless sensor node
control, where the requirement for the sensor nodes lifetime”, Proceedings of the fourth ACM workshop on
lifetime is quite higher but the security level is lower, the
Security of ad hoc and sensor networks, Pages: 169 – 176,
selection of AES seems a viable solution.
2006.
Finally, it is important to mention that the table showing
[11] Arvinderpal S. Wander, Nils Gura, Hans Eberle, Vipul
the lifetime values of the sensor nodes takes into account
Gupta and Sheueling Chang Shantz, “Energy Analysis of
only encryption/hashing functions and not other operations
performed in a sensor node. This means that in real Public-Key Cryptography for Wireless Sensor Networks”
applications, these values are quite smaller if we consider in PERCOM '05: Proceedings of the Third IEEE
real implementation issues, like trusted routing, secure International Conference on Pervasive Computing and
service discovery and intrusion detection capabilities. Communications.
[12] Vipul Gupta, Michael Wurm, Yu Zhu, Matthew Millard,
Stephen Fung, Nils Gura, Hans Eberle and Sheueling
ACKNOWLEDGMENT Chang Shantz, “Sizzle: A Standards-based End-to-End
Security Architecture for the Embedded Internet”,
The work presented in this paper was partially supported by Pervasive and Mobile Computing (2005), pp. 425-445,
the EU-funded FP7 211998 AWISSENET project. available at www.sciencedirect.com.
[13] N. Gura et al., “”Comparing Elliptic Curve Cryptography
and RSA on 8-bit CPUs”, in CHES’ 2004, in: Lecture
Notes in Computer Science, Springer-Verlag, 2004.