Omowa Edward - University of Nigeria, Nsukka Edward.pdf · Omowa Edward PG/M.Sc./06/41742 PG/M....
Transcript of Omowa Edward - University of Nigeria, Nsukka Edward.pdf · Omowa Edward PG/M.Sc./06/41742 PG/M....
Omowa Edward
PG/M.Sc./06/41742
PG/M. Sc/09/51723
Performance and Power Consumption Analysis of Symmetric
Encryption Algorithms in Wireless Devices
ELECTRONIC ENGINEERING
A THESIS SUBMITTED TO THE DEPARTMENT OF ELECTRONIC ENGINEERING
FACULTY OF ENGINEERING, UNIVERSITY OF NIGERIA, NSUKKA
Webmaster
Digitally Signed by Webmaster’s Name
DN : CN = Webmaster’s name O= University of Nigeria, Nsukka
OU = Innovation Centre
AUGUST, 2010
Performance and Power Consumption Analysis of Symmetric Encryption Algorithms in
Wireless Devices
By
Omowa Edward PG/M.Sc./06/41742
A PROJECT SUBMITTED IN PARTIAL FULFILLMENT OF THE
REQUIREMENTS FOR THE DEGREE OF MASTER OF
SCIENCE IN ENGINEERING
DEPARTMENT OF ELECTRONIC ENGINEERING
FACULTY OF ENGINEERING
UNIVERSITY OF NIGERIA, NSUKKA
August, 2010
APPROVAL PAGE
This is to certify that the project entitled “Performance and Power Consumption Analyses of
Symmetric Encryption Algorithms in Wireless Devices” was submitted to the department of
Electronic Engineering, University of Nigeria, Nsukka for the award of Degree of Master of
Science in Engineering (with option in Digital Electronics and Computer Specialization).
EDWARD OMOWA DATE (AUTHOR)
DR THOMAS NWODOH DATE
(SUPERVISOR)
VEN. PROF. T.C. MADUEME DATE
(HEAD OF DEPARTMENT)
EXTERNAL SUPERVISOR DATE
DECLARATION
I, Edward Omowa, declare that this project work is my own work and that to the best of my
knowledge, it contains no materials previously published , or accepted for publication for the
award of any Degree or Diploma at any institution, except where due acknowledgment is
made in the text.
EDWARD OMOWA DATE
ACKNOWLEDGEMENT
I am heartily thankful to my supervisor, Dr. T.A. Nwodoh, whose encouragement,
guidance and bright contributions from the initial stage of this work to the final had
enabled me to develop an understanding of the subject.
I would also like to express my profound appreciation to Prof. C.C. Osuagwu, Dr.
Bolu, Director, ICT Centre, University of Nigeria, and other Staff members of the
Department of Electronic Engineering, University of Nigeria, Nsukka, for their
constructive criticism and advice. My thanks also go to my colleagues, Mr. Etim Eyo
and Mr. Aneke Joseph for their encouragement.
Finally, I put forward my regards and blessings to my wife, Oluwayemisi, and my son,
Pamilerin for their encouragement, unmitigated love and understanding, and my
amiable parents for making my dream come true.
Edward Omowa.
DEDICATION
I dedicate this work to the Almighty GOD for His supremacy over the power of the devil and
his minions in matters concerning my destiny.
Abstract The importance of security in data communications and networking cannot be over-
emphasized. Security in networking is based on cryptography, the science and art of
transforming messages to make them secure and free from attacks and all sorts of
eavesdropping. Cryptography has diverse applications in network security. Encryption
algorithms are known to be computationally intensive. They consume a significant amount
of computing resources such as CPU time, memory, and battery power. A wireless device,
usually with very limited resources, especially battery power, is subject to the problem of
energy consumption due to encryption algorithms. Designing energy efficient security
protocols first requires an understanding of and data related to the energy consumption of
common encryption schemes. This paper gives an experimental analysis of performance of a
number of symmetric or private-key encryption algorithms: DES, 3DES, RC2, RC6,
Blowfish and AES. In order to design energy efficient security protocols, there is need to
critically study and understand encryption schemes within the context of performance metrics
like varying sizes of data blocks, different key sizes, battery power consumption and
encryption/decryption speeds. In this experiment, several performance metrics are collected
and analyzed: encryption time, throughput, battery power and transmission time.
TABLE OF CONTENTS
Page
Title Page: -- -- -- -- -- -- -- -- -- -- i
Approval Page: -- -- -- -- -- -- -- -- -- ii
Declaration: -- -- -- -- -- -- -- -- -- -- iii
Acknowledgement: -- -- -- -- -- -- -- -- -- iv
Dedication: -- -- -- -- -- -- -- -- -- -- v
Abstract: -- -- -- -- -- -- -- -- -- -- vi
Table of Contents: -- -- -- -- -- -- -- -- -- vii
List of Figures: -- -- -- -- -- -- -- -- -- x
List of Tables: -- -- -- -- -- -- -- -- -- -- xii
List of Acronyms: -- -- -- -- -- -- -- -- -- xiii
Chapter I
1. Introduction -- -- -- -- -- -- -- -- -- 1
1.1 Motivation: -- -- -- -- -- -- -- -- 2
1.2 Scope of Research: -- -- -- -- -- -- -- 3
1.3 Thesis Outline: -- -- -- -- -- -- -- 3
Chapter 2
2. Background and Literature Review: -- -- -- -- -- -- 4
2.1 Network Security: -- -- -- -- -- -- -- 4
2.1.1 Confidentiality: -- -- -- -- -- -- 6
2.1.2 Authentication: -- -- -- -- -- -- 6
2.1.3 Integrity: -- -- -- -- -- -- -- 6
2.1.4 Non repudiation: -- -- -- -- -- -- 6
2.1.5 Encryption in Wireless Devices: -- -- -- -- 7
2.1.6 Energy Consumption of Encryption Algorithms
on Wireless Devices:-- -- -- -- -- -- 7
2.1.7 Energy Efficiency of Communication Protocols: -- -- 8
2.2 Encryption Algorithms: -- -- -- -- -- -- 8
2.2.1 Symmetric Cryptographic Algorithms: -- -- 9
2.2.1.1 Types of Symmetric Ciphers: -- -- -- 11
2.2.1.1.1 Block Ciphers: -- -- -- -- 11
2.1.1.2 Stream Ciphers: -- -- -- -- -- 12
2.2.2 List of Encryption Algorithms Compared
in this Experiment: -- -- -- -- -- -- 13
2.2.2.1 DES algorithm: -- -- -- -- -- -- 13
2.2.2.2 Triple-DES Encryption: -- -- -- -- -- 16
2.2.2.3 Blowfish Algorithm: -- -- -- -- -- 17
2.2.2.4 AES Algorithm: -- -- -- -- -- 17
2.2.2.5 RC2 Algorithm: -- -- -- -- -- 19
2.2.3 Asymmetric Cryptographic Systems: -- -- -- 20
2.2.3.1 RSA: -- -- -- -- -- -- -- 20
2.2.4 Hash Algorithms: -- -- -- -- -- -- 21
2.2.5 Cryptanalysis: -- -- -- -- -- -- 22
2.3 Security in the Internet: -- -- -- -- -- -- 22
2.3.1 IPSec: -- -- -- -- -- -- -- -- 23
2.3.2 SSL/TLS: -- -- -- -- -- -- -- -- 27
2.3.3 PGP: -- -- -- -- -- -- -- -- -- 32
2.3.4 VPN: -- -- -- -- -- -- -- -- 33
2.3.5 Firewalls: -- -- -- -- -- -- -- -- 37
2.3.6 WEP: -- -- -- -- -- -- -- -- 37
Chapter 3
3. Experimental Design: -- -- -- -- -- -- -- 40
3.1 Encryption Libraries -- -- -- -- -- -- -- -- 40
3.2 Methodology: -- -- -- -- -- -- -- -- -- 42
3.2.1 The Encryption Time Computation: -- -- -- -- -- 43
3.2.2 Energy Consumption Computation: -- -- -- -- 44
3.3 Wireless Environment -- -- -- -- -- -- -- -- 45
3.3.1 Data Transmission -- -- -- -- -- -- -- 46
3.3.2 Signal to Noise Ratio -- -- -- -- -- -- -- 46
3.3.3 Layer of Encryption -- -- -- -- -- -- -- 46
3.3.4 Changing Packet Size -- -- -- -- -- -- -- 46
Chapter 4
4. Results and Analyses: -- -- -- -- -- -- -- 47
4.1 The Effect of Changing Packet Size for Cryptographic Algorithms on Power
Consumption -- -- -- -- -- -- -- -- -- 48
4.2 The effect of changing data type (JPEG) for cryptography algorithm on power
consumption -- -- -- -- -- -- -- -- -- -- 48
4.2.1 CPU work load -- -- -- -- -- -- -- 48
4.2.2 Encryption Throughput -- -- -- -- -- -- 49
4.2.3 Power Consumption -- -- -- -- -- -- -- 49
4.2.4 Encryption with Transmission -- -- -- -- -- 49
4.3 The effect of changing data type (Audio files) for cryptography algorithm on power
consumption -- -- -- -- -- -- -- -- -- -- 50
4.4 The effect of changing Data Type (Video files) for cryptographic algorithms on power
consumption ---- -- -- -- -- -- -- -- -- 51
4.5 The effect of changing key sizes of AES on power consumption -- -- 52
4.6 The effect of Changing Number of Rounds of AES on power consumption -- 53
5. Conclusion: -- -- -- -- -- -- -- -- -- 55
Reference: -- -- -- -- -- -- -- -- -- -- 56
LIST OF FIGURES
Page
Figure 2.1: Encryption – decryption Technique: -- -- -- -- -- 9
Figure 2.2: Overview on the field of Cryptology: -- -- -- -- -- 9
Figure 2.3: Symmetric cryptosystems problem statement Illustration: -- -- 10
Figure 2.4: Symmetric-key model: -- -- -- -- -- -- 11
Figure 2.5: Principle of Stream Ciphers: -- -- -- -- -- -- 13
Figure 2.6: DES general model: -- -- -- -- -- -- -- 14
Figure 2.7: DES Computation path: -- -- -- -- -- -- 15
Figure 2.8: Triple – DES Computation path: -- -- -- -- -- 16
Figure 2.9: Triple Encryption example: -- -- -- -- -- -- 16
Figure 2.10: AES Block and Key Sizes: -- -- -- -- -- -- 17
Figure 2.11: AES Computation path: -- -- -- -- -- -- 19
Figure 2.12: RSA Encryption and Decryption: -- -- -- -- -- 21
Figure 2.13: TCP/IP protocol and IPSec: -- -- -- -- -- -- 23
Figure 2.14: Transport and Tunnel modes of IPSec: -- -- -- -- 23
Figure 2.15: Authentication Header (AH) protocol in Transport mode: -- -- 25
Figure 2.16: Encapsulation security payload in Transport mode: -- -- -- 25
Figure 2.17: Locations of SSL and TLS in the internet mode: -- -- -- 28
Figure 2.18: Creation of encryptographic secret in SSL: -- -- -- -- 29
Figure 2.19: Four SSL protocols: -- -- -- -- -- -- -- 31
Figure 2.20: Position of PGP in the TCP/IP protocol suite: -- -- -- 32
Figure 2.21: Virtual Private Network: -- -- -- -- -- -- 36
Figure 2.22: Firewall: -- -- -- -- -- -- -- -- 37
Figure 3.1: Experimental setup configuration: -- -- -- -- -- 40
Figure 4.1: Time Consumption, Throughput, and Power Consumption for
Text encryptions: -- -- -- -- -- -- -- 47
Figure 4.2: Power Consumption for Text Files Encryption in Micro
Joule/Byte with data transmission: -- -- -- -- -- 48
Figure 4.3: Time consumption for different JPEG File Encryption without data
Transmission: -- -- -- -- -- -- -- 48
Figure 4.4: Throughput of each encryption algorithm: -- -- -- -- 49
Figure 4.5: Power consumption n for different JPEG Files Encryptions: -- -- 49
Figure 4.6: Comparative execution times for transmission of JPEG files using
Different algorithms -- --- -- -- -- -- -- -- -- 50
Figure 4.7: Time consumption, Throughput, and power consumption for Text
Encryption -- --- -- -- -- -- -- -- -- -- -- 50
Figure 4.8: Power consumption for Encrypt different Audio Files (u/Byte) with
data transmission -- --- -- -- -- -- -- -- -- -- 51
Figure 4.9: Time consumption, throughput, and power consumption for
Video Files Encryptions -- --- -- -- -- -- -- -- -- 51
Figure 4.10: Power consumption for Encrypt different Video Files (ųJoule/Byte)
with data transmission -- --- -- -- -- -- -- -- -- 52
Figure 4.11: Percentage Battery Consumed with different Key Sizes for AES - -- 52
Figure 4.12: Time Consumption with Different Key Sizes for AES -- -- 53
Figure 4.13: Percentage battery consumed by different number of rounds for
AES 128 bit-key Encryption -- --- -- -- -- -- -- -- 53
Figure 4.14: Time Consumed by different number of rounds for AES 128
bit-key encryption -- --- -- -- -- -- -- -- -- -- 54
LIST OF TABLES
Table 2.1: Key lengths and number of rounds for Rijndael -- -- -- -- 18
Table 2.2: Speeds of the AES finalist in hardware and software -- -- -- 19
Table 2.3: IPSec Services -- -- -- -- -- -- -- -- 26
Table 2.4: PGP Algorithms -- -- -- -- -- -- -- -- -- 33
Table 2.5: Private Networks reserved addresses -- -- -- -- -- -- 35
LIST OF ACRONYMS
3DES -- -- -- -- -- -- -- Triple-DES
AES -- -- -- -- -- -- -- Advanced Encryption Standard
AH -- -- -- -- -- -- -- Authentication Header
ASCII -- -- -- -- -- -- -- American Standard Code for
Information Interchange
CBC -- -- -- -- -- -- -- -- --- Cipher Block Chaining
CFB -- -- -- -- -- -- -- -- -- Cipher Feedback
CPU -- -- -- -- -- -- -- -- Central Processing Unit
DES -- -- -- -- -- -- -- -- Data Encryption Standard
DoS -- -- -- -- -- -- -- -- Denial of Service
DDoS -- -- -- -- -- -- -- -- Distributed Denial of Service
IEEE -- -- -- -- -- -- -- Institute of Electrical and
Electronics Engineers
IEEE 802.11 -- -- -- -- -- -- The Institute of Electrical and
Electronics Engineers’ specifications for wireless networking
IETF -- -- -- -- -- -- -- Internet Engineering Task Force
IPSec -- -- -- -- -- -- -- Internet Protocol Security
IPv4 -- -- -- -- -- -- -- -- Internet Protocol version 4
IPv6 -- -- -- -- -- -- -- -- Internet Protocol version 6
LAN -- -- -- -- -- -- -- -- Local Area Network
MAC -- -- -- -- -- -- -- Message Authentication Codes
NIST -- -- -- -- -- -- -- National Institute of Standards
and Technology
OFB -- -- -- -- -- -- -- Output Feedback
TLS -- -- -- -- -- -- -- Transport Layer Security
ESP -- -- -- -- -- -- -- Encapsulating Security Payload
PGP -- -- -- -- -- --- -- Pretty Good Privacy
PPP -- -- -- -- -- -- -- Point-to-Point Protocol
HTTP -- -- -- -- -- -- -- Hypertext Transfer Protocol
VPN -- -- -- -- -- -- -- Virtual Private Network
OSI -- -- -- -- -- -- -- Open Systems Interconnection
RTP -- -- -- -- -- -- -- Real-Time Protocol
TCP -- -- -- -- -- -- -- Transmission Control Protocol
UDP -- -- -- -- -- -- -- User Datagram Protocol
VoIP -- -- -- -- -- -- -- Voice over Internet Protocol
WEP -- -- -- -- -- -- -- Wired Equivalent Privacy
WLAN -- -- -- -- -- -- Wireless LAN
SA -- -- -- -- -- -- -- Security Association
SADB -- -- -- -- -- -- Security Association Database
SSL -- -- -- -- -- -- -- Secure Socket Layer
SSID -- -- -- -- -- -- -- Service Set Identifier
Chapter 1
Introduction
Over the past few years, Internet-enabled business, or e-business, has drastically improved
companies’ efficiency and revenue growth. E-business applications such as e-commerce,
supply-chain management, and remote access allow companies to streamline processes, lower
operating costs, and increase customer satisfaction. Such applications require mission-critical
networks that accommodate voice, video, and data traffic, and these networks must be
scalable to support increasing numbers of users and the need for greater capacity and
performance. However, as networks enable more and more applications and are available to
more and more users, they become ever more vulnerable to a wider range of security threats.
To combat those threats and ensure that e-business transactions and vital information are not
compromised, security technology must play a major role in today's networks [1]. Both wired
and wireless networks can claim advantages over the other; both represent viable options for
home and other local area networks (LANs). In theory, wireless LANs are less secure than
wired LANs, because wireless communication signals travel through the air and can easily be
intercepted. The increasing importance of wireless systems provides malicious persons
greater incentives to step up their efforts to gain unauthorized access to the information being
exchanged over the wireless link [2]. The security risks in the wireless environment are
particularly important because the wireless devices in the recent past have not been
developed with security of the systems in mind [3]. Cryptography is the conversion of data
into a secret code for transmission over a public network. The data is protected
(confidentiality) before transmission using an encryption algorithm to keep the data secure
from an eavesdropper. Encryption is also essential for other security services such as
authentication, data integrity and access control. Due to the intensive computation inherent in
encryption algorithms, they tend to consume a substantial amount of energy or battery power.
[4].
Studies have shown that the growth of wireless networks is being restricted by their perceived
insecurity. Security protocols implement mechanisms through which security services can be
provided.
The IEEE 802.11 standard uses the WEP protocol for security .It operates at the Data
Link layer.
IP Security (IPSec) provides security at the Network Layer by extending the IP packet
header (using additional protocol numbers, not options).
Secure Socket Layer (SSL) provides security at the Transport Layer for secure
transmissions on the Internet.
All the above-mentioned protocols rely on encryption to provide the security services.
Encryption in this sense can be said to be the backbone of security services. The three
protocols mentioned above have been designed for wired systems. In wireless networks, a
security protocol needs to also consider the limited battery power, small memory and limited
processing capabilities of the devices and the available bandwidth. Investigation of the
energy consumption of the encryption algorithms in wireless devices is therefore fundamental
in the design of energy efficient security protocols customized to the wireless environment.
1.1 Motivation
The objective of network security is to protect networks and their applications against attacks,
ensuring information availability, confidentiality and integrity. When organizations design
their network security architectures to meet this objective, they must consider a number of
factors. Not all networks and their associated applications have the same risks of attacks or
possible costs of repairing attack damages. Therefore, companies must perform cost-benefit
analyses to evaluate the potential returns on investment for various network security
technologies and components versus the opportunity costs of not implementing those items.
Usually, stronger security is achieved by using longer key sizes and stronger encryption
algorithms. The stronger algorithms come at the cost of increased computational time and
energy consumption. Encryption algorithms are known to be computationally intensive. They
consume a significant amount of computing resources such as CPU time, memory, and
battery power. A wireless device, usually with very limited resources, especially battery
power, is subject to the problem of energy consumption due to encryption algorithms. Due to
the intensive computation expected in encryption algorithms, they tend to consume a
considerable amount of energy or battery power. The battery can be quickly exhausted due to
encryption, especially for a small wireless device. Increasing the security level would reduce
the operation time of the device. Nevertheless, it is crucial to study the performance of the
encryption algorithms in terms of energy consumption for various options like varying the
key sizes, modifying the number of rounds, altering the amount of data blocks processed per
packet and algorithms that can be used on the wireless devices before designing a secure
wireless communication protocol. Knowledge of the tradeoffs would also aid in the design of
systems that can adapt the security of the communication link based on the device being used
and the battery left on it. A good number of researchers have put more efforts in carrying out
experiments on the energy efficiency of wireless devices and encryption algorithms rather
than critically studying and investigating the tradeoffs between security of wireless devices
and energy consumption analysis of encryption algorithms.
1.2 Scope of Research
The thesis focuses on evaluating the performance of encryption algorithms in terms of the
energy consumed when implemented at the application layer through standard encryption
libraries on wireless devices. The research aim and objective is to aid the design of energy
efficient secure communication schemes for the wireless environment in the future. The
research work has been divided into following tasks to achieve this purpose. First, gain
knowledge and understanding of popular symmetric key schemes such as DES, AES, 3DES,
Blowfish, and RC2. Third, study the effect of changing key size and number of rounds for
AES. Fourth, study the effect of encryption and key size variation with transmission of data.
This research does not provide any specific design optimized for the wireless environment
and this task is left to the discretion of the systems engineer.
1.3 Thesis Outline
The research focuses on the energy consumption characteristics of various encryption
schemes under altering environmental condition in wireless devices such as laptops and
Pocket PC. The first four chapters of the thesis have been organized in the following order.
Chapter 1 introduces the title of the thesis and gives an in-depth explanation of network
security. Chapter 2 covers the literature as related to the thesis. It covers different encryption
schemes from secret key to asymmetric-key systems and their security. It also covers topics
like IP Security, and Wired Equivalent Privacy (WEP). Chapter 3 explains the experimental
design. It explains how choices were made for the experiments and the measurements were
taken. Chapter 4 explains the results obtained during the research work and provides some
analyses of the results. Finally, Chapter 5 presents the summary and conclusion of the results
and provides pointers for future research work.
Chapter 2
Background and Literature Review
This chapter presents the theoretical background essential for the thesis.
2.1 Network Security
The objective of network security is to protect networks and their applications against attacks,
ensuring information availability, confidentiality and integrity. When organizations design
their network security architectures to meet this objective, they must consider a number of
factors. Not all networks and their associated applications have the same risks of attacks or
possible costs of repairing attack damages. Therefore, companies must perform cost-benefit
analyses to evaluate the potential returns on investment for various network security
technologies and components versus the opportunity costs of not implementing those items.
Networks carry all sorts of vital and confidential data, so security is a highly important part of
any wireless network structure. Security ensures that the same level of data integrity and
confidentiality as a wired network are maintained. Without properly implemented security
measures, any wireless network adapter coming within range of another network adapter or
access point can join the network. Without proper protection, any part of any network can be
susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be
violated by professional hackers, company competitors, or even internal employees. In fact,
according to several studies, more than half of all network attacks are waged internally. To
determine the best ways to protect against attacks, IT managers should understand the many
types of attacks that can be instigated and the damage that these attacks can cause to e-
business infrastructures. The most common types of attacks include Denial of Service (DoS),
password, and root access attacks. Even more malicious are Distributed Denial of Service
(DDoS) attacks in which an attacker compromises multiple machines or hosts. Historically,
password attacks, attacks in which a perpetrator gains unauthorized access to network
passwords in order to penetrate confidential information, have been the most common type of
attacks. When a hacker “cracks” the password of a legitimate user, he has access to that
user’s network resources and typically a very strong platform for getting access to the rest of
the network. Hackers can often easily obtain passwords because users typically choose
common words or numbers as their passwords, enabling the hacker’s use of software
programs to logically determine those passwords. Hackers also deploy social engineering
techniques to gain access to passwords. Social engineering is the increasingly prevalent act of
obtaining confidential network security information through nontechnical means, such as
posing as a technical support representative and making direct phone calls to employees to
gather password information. From the early days of the Internet, when only e-mail servers
were on the network, a hacker’s ultimate goal was to gain root access to the UNIX host that
ran these applications. With root access, the hacker had full control of the system and could
often collect enough information to gain access to the rest of the network and other partner
networks. E-business application hosts have increased the number of targets for hackers.
Hackers often exploit security vulnerabilities, or security holes, in the operating systems or
applications of these hosts that system administrators have not safeguarded. Using buffer
overflows, Trojan horses, and other common techniques, hackers gain control of hosts that
can be used as platforms for launching other attacks. These practices often result in a full
compromise of an organization's IS infrastructure and can lead to serious financial losses or
legal liabilities. Network attacks cause organizations several hours or days of downtime and
serious breaches in data confidentiality and integrity. Depending on the level of the attack
and the type of information that has been compromised, the consequences of network attacks
vary in degree from slightly annoying to completely devastating, and the cost of recovery
from attacks can range from hundreds to millions of dollars. When application availability is
compromised by attacks, companies can easily lose millions of dollars per hour. For example,
companies that run e-commerce Web sites lose revenue as customers “shop” elsewhere for
their products and services; informational Web sites can lose precious advertising time; and
manufacturing organizations that use supply-chain management applications can be forced to
shut down their lines because they cannot access information regarding their raw materials.
When data confidentiality is compromised, the consequence to an organization is not always
immediate but it can be costly. For example, if a hacker gains access to an organization's e-
mail system, proprietary information that provides competitive advantage might be stolen
resulting in a loss of research and development dollars spent in gaining that advantage. When
data integrity is compromised, an organization must often incur prohibitive costs to correct
the consequences of attacks. For instance, a malicious hacker might modify a Web site,
replacing relevant information with nonsensical or offensive content. This compels the
proprietor of the site to spend money not only to fix the site, but also to counter the resulting
bad public relations. The legal ramifications of breaches in data confidentiality and integrity
can also be extremely costly for organizations.
2.1.1 Confidentiality
To make the information confidential, the data is modified in such a way that it would be
infeasible for the attacker to guess the data. It is achieved by means of encryption algorithms.
Encryption is done based on shared secret information between communicating parties. Only
the receiver and in some cases the sender know how to decrypt the data after it has been
encrypted. The data is generally encrypted with an encryption key and can be decrypted by
using a decryption key. For a symmetric key scheme, the encryption and the decryption keys
are the same. For public key schemes, they are different. The key used for encryption is
called public key while the key for decryption is called the private key.
2.1.2 Authentication
The authentication aspect of security services requires that a pair of communicating entities
establishes its identity. Essentially, the authentication service tries to establish the identity by
means of making sure that a secret is shared between the involved entities. Some protocols
establish the authentication through the means of symmetric key schemes while others
establish it through the means of public key schemes. For the users of a symmetric key
authentication system the communication systems share a secret key between the two
communicating parties. Authentication is generally achieved based on challenge and response
procedure.
2.1.3 Integrity
Data integrity means that assurance is needed that only legitimate entities can modify the
message. Encrypting the message to some extent ensures that the attacker cannot modify the
message. However there is a possibility of some malicious user sending random data to the
receiver. The receiver would decrypt these messages to some incomprehensible data, which
posses the possibility of some damage. One method of avoiding such situations is to add a
checksum to the message before encrypting it. If the decrypted message and the checksum
match then the received message can be assumed valid otherwise it is considered invalid.
Such a scheme would provide authentication and confidentiality along with message
integrity.
2.1.4 Non repudiation
Non-repudiation is the concept of ensuring that a party in a dispute cannot repudiate, or refute
the validity of a statement or contract. Although this concept can be applied to any
transmission, including television and radio, by far the most common application is in the
verification and trust of signatures.
In the cryptographic literature, it is possible to find a good number of works that compare the
relative performance of various security options available for client authentication, hashing
algorithms, cryptography techniques, and digital signatures. A good number of researchers
had conducted brilliant studies on performance optimization of cryptographic algorithms.
To give more prospective about the performance of the compared algorithms, this section
discusses the results obtained from other resources.
2.1.5 Encryption in Wireless Devices
Many encryption algorithms are commonly available in wired networks. Generally, most encryptions
used in wireless devices are based on symmetric key encryption. One such example is RC4. RC4 is a
stream cipher designed by Ron Rivest in 1987 and it is widely used in many applications nowadays
and in wireless networks such as IEEE 802.11 WEP [10] and CDPD [11]. RC4 is known to be fast
and efficient. RC4 is standardized to provide security services in wireless local area networks
(WLANs) using a protocol called Wired Equivalent Privacy (WEP) [12]. However, Fluhrer and many
researchers have discovered several vulnerabilities in the RC4 algorithm [13]. The weaknesses in RC4
and loopholes in the WEP Protocol have resulted in a new standard for security in WLANs (IEEE
802.11i) proposing a new protocol based on the Advanced Encryption Standard (AES). AES
encryption is fast and flexible, and it can be implemented on different platforms particularly in small
devices and smart card [13]. DES, 3DES, Blowfish, RC2 and AES have different tradeoffs in terms of
the choice of algorithms in WLANs. A study of energy consumption of these algorithms is essential to
decide on their use in security protocols.
2.1.6 Energy Consumption of Encryption Algorithms on Wireless Devices
Energy consumption of wireless devices has been extensively studied. In [14], an evaluation of power
consumption of an itsy pocket computer was conducted. This study is only intended to evaluate power
consumption of different parts of the pocket computer under normal operations. In [15], the
computational complexity of public key encryption was studied on an embedded processor. The work
concentrates on using several mathematical techniques to improve the performance of public key
encryption in the secure socket layer (SSL) protocol. In Law et. al.[16] study of the energy
consumption of encryption for sensor networks was carried out. In their investigation, the efficiency
of code sizes and algorithms of RC5 and TEA were studied. Yuan and Qu [17] proposed an energy
efficient technique using dynamic voltage scaling to reduce energy consumption of public key
encryption such RSA, DSA, and ElGamal. In Karri et. al. [18], an optimization of the energy
consumption of SSL protocol was studied. Its technique was based on using a compression algorithm
to reduce the size of the messages exchanged by the protocol in order to reduce the power consumed
by encryption and transmission.
2.1.7 Energy Efficiency of Communication Protocols
In the literature, one is likely to find several works on the energy efficiency of transmission protocols
over wireless networks at different layers. In [19], performance measurements of energy consumption
of the IEEE 802.11 network interfaces was conducted. It was shown that the significant cost of energy
consumption is due to the overhead of the 802.11 MAC protocol for point-to-point links. In [20], the
energy consumption of different variants of a TCP protocol was studied. It was shown that the
congestion control algorithm of TCP could save energy by backing off when an error burst occurred
during the transmission, but it worsened the transmission throughput. A comprehensive assessment of
energy efficient communication protocols was presented in Jones et. al. [21].
2.2 Encryption Algorithms
Encryption forms the basic building block for various security services. Encryption
algorithms take a plain text stream of data and an encryption key and generate a cipher text
stream of data. There are several types of data encryptions which form the basis of network
security. Encryption schemes are based on block or stream ciphers. The type and length of
the keys utilized depend upon the encryption algorithm and the amount of security needed. In
conventional symmetric encryption a single key is used. With this key, the sender can encrypt
a message and a recipient can decrypt the message but the security of the key becomes
problematic. In asymmetric encryption, the encryption key and the decryption key are
different. One is a public key by which the sender can encrypt the message and the other is a
private key by which a recipient can decrypt the message. The model of encryption can
universally be depicted using the following diagram:
Figure 2.1: Encryption-Decryption Technique
There are two broad classifications of encryption algorithms, split by whether they use the same key
for encryption as for decryption:
Symmetric: this means that the same key is used for both encryption and decryption
Asymmetric: this means that there are more different keys for encryption than for decryption.
Figure 2.2: Overview on the field of Cryptology
2.2.1 Symmetric Cryptographic Algorithms
The most widely used symmetric encryption algorithms are 3DES and AES. These use shared keys,
and are actually the algorithms responsible for the vast bulk of data transferred securely over the
Encryption Decryption Ciphertext
Encryption key
Decryption key
Plaintext Plaintext
C=E (K enc , P) P=D (K dec , C)
CRYPTOLOGY
Cryptanalysis Cryptography
Asymmetric-Key Protocols Symmetric-Key
Block Cipher Stream Cipher
RSA, etc BLOWFISH DES AES RC2 RC4 SEAL
Internet.. Some examples of popular symmetric algorithms include Twofish, Serpent, AES (Rijndael),
Blowfish, CAST5, RC4, TDES, and IDEA.
Symmetric Ciphers Problem Statement: The fundamental idea behind symmetric
cryptosystems is illustrated using the problem statement that follows: A and B want to
communicate over an un-secure channel (e.g., the Internet, a LAN or a cell phone link). They
want to prevent C (the bad guy) from listening. The solution to this is to use symmetric-key
cryptosystems such that if C reads the encrypted version y of the message x over the un-
secure channel, he will not be able to understand its content because x is what really was sent.
Figure 2.3: Symmetric-key cryptosystem Problem Statement Illustration
Some important definitions to illustrate symmetric-key algorithms:
1a) x is called the “plaintext”
1b) p = (xi,x2,….xp) is the (finite) “plaintext space”
2a) y is called the “ciphertext”
2b) c = (y1,y2,., yc) is the (finite) “ciphertext space”
3a) k is called the “key”
3b) k = (k1,k2,..kt) is the finite “key space”
4a) There are l encryption function eki : P C (or: eki (x) = y)
4b) There are l decryption function dki : P C (or: dki (y) = x)
4c) ek1 and dk2 are inverse functions if k1 = k2 : dki (y) = dki (eki (x) = x for all ki EK
To illustrate the above-listed mathematical expressions, we consider a typical
Data Encryption Standard (DES) algorithm
P = C = (0,1,2,….., 264
– 1) (each xi has 64 bits: xi = 010 .. 0110)
C
(bad)
A
(good)
Encryption
e ()
Decryption
d () B
(good)
Key
Generator
Secure Channel k
y
k
y
K = (0, 1,2,…, 256
– 1) (each ki has 56 bits)
Encryption (ek) and decryption (dk)
Figure 2.4: Symmetric-key model
Two properties of symmetric-key algorithms:
1) The algorithm requires same secret key for encryption and decryption.
2) Encryption and decryption are essentially identical.
Main problems with symmetric-key schemes are:
1) Symmetric Key Schemes require secure transmission of secret key.
2) In a network environment, each pair of users has to have a different key resulting in
too many keys (n – 1) ÷ 2 key pairs).
2.2.1.1 Types of Symmetric Ciphers
Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers
encrypt the bytes of the message one at a time, and block ciphers take a number of bytes and encrypt
them as a single unit.
2.2.1.1.1 Block Ciphers
A block cipher is an encryption algorithm that divides a message into blocks and encrypts
each block. In other words, block ciphers convert a fixed-length block of plain text into
cipher text of the same length, which is under the control of the secret key [6]. Block cipher is
so called because the scheme encrypts one block of data at a time using the same key on each
block. In general, the same plaintext block will always encrypt to the same cipher text when
using the same key in block cipher whereas the same plain text will encrypt to different
cipher text in a stream cipher.Block ciphers include DES, IDEA, SAFER, Blowfish.
e k d k X Y
X
k k
Block ciphers can operate in one of the following modes; Electronic codebook (ECB) mode
is the simplest, most obvious application: the secret key is used to encrypt the plain text
block to form a cipher text block.
1. Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryption
scheme. In CBC, the plain text is exclusively – ORed (xoRed) with the previous cipher text
block prior to encryption. In this mode, two identical blocks of plain text never encrypt to the
same cipher text.
2. Cipher Feedback (CFB) mode is a block cipher implementation as a self- synchronizing
stream cipher. CFB mode allows data to be encrypted in units smaller than the block size,
which might be useful in some applications such as encrypting interactive terminal input.
If we were using 1-byte CFB mode, each incoming character is placed into a shift register the
same size block transmitted. At the receiving side, the cipher text is decrypted and the extra
bits in the block are discarded.
3. Output Feedback (OFB) mode is a block cipher implementation conceptually similar to a
synchronous stream cipher. CFB prevents the same plain text block from generating the
same cipher text block by using an internal feedback mechanism that is independent of both
the plain text and cipher text bit streams
2.1.1.2 Stream ciphers
In cryptography, a stream cipher is a symmetric key cipher where plaintext bits are combined with a
pseudorandom cipher bit stream (keystream), typically by an exclusive-or (Xor) operation. In a stream
cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits
varies during the encryption [7]. An alternative name is a state cipher, as the encryption of each
digit is dependent on the current state. In practice, the digits are typically single bits or bytes.
Stream ciphers represent a different approach to symmetric encryption from block ciphers.
Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This
distinction is not always clear-cut: in some modes of operation, a block cipher primitive is
used in such a way that it acts effectively as a stream cipher. Stream ciphers typically execute
at a higher speed than block ciphers and have lower hardware complexity. However, stream
ciphers can be susceptible to serious security problems if used incorrectly: see stream cipher
attacks — in particular, the same starting state must never be used twice.
This leads to the following block diagram for a stream cipher encryption/decryption:
Figure 2.5: Principle of stream ciphers
A machine realizing the functionality shown above was developed by Vernam for
teletypewriters in 1917.
Stream ciphers are less popular than block ciphers in most application domains
such as Internet security. There are exceptions, for instance the popular stream
cipher RC4.
Stream ciphers are often used in mobile application, such as the A5 speech
encryption algorithm of the GSM mobile network.
Stream ciphers generally require fewer resources (e.g., code size or chip area) for
an implementation than block ciphers. They tend to encrypt faster than block
ciphers.
The one-time pad is the only provable secure symmetric algorithm.
The one-time pad is highly impractical in most cases because the key length has to
be equal to the message length.
The requirements for a cryptographically secure pseudo-random generator are far
more demanding than the requirements for pseudo-random generators in other
(engineering) applications such as simulation.
2.2.2 List of Encryption Algorithms Compared in this Experiment
This subsection is intended to give necessary background to understand the major differences among
the compared algorithms.
2.2.2.1 DES algorithm
Data Encryption Standard or DES is a Feistel cipher which processes plaintext blocks of n =
64 bits, producing 64-bit ciphertext blocks [6]. The effective size of the secret key K is 56
XI
ZI
YI
ZI
XI
bits; more precisely, the input key K is specified as a 64-bit key, 8 bits of which (bits 8, 16…
64) may be used as parity bits. DES uses a 56-bit key with an additional eight parity bits to
bring the block size up to 64 bits. It's an iterated block cipher using what's known as Feistel
techniques where the text block being encrypted is split into two halves. The round function
is applied to one half using a subkey and that output is then XORed with the other half; the
two halves are then swapped and the process continues except that the last round is not
swapped. DES uses 16 rounds.
Figure 2.6: DES general model
The main form of attack on DES is what's known as brute force or exhaustive key search, a
repeated trying of keys until one fits. Given that DES uses a 56-bit key, the number of
possible keys is 2 56 . With the growth in power of computer systems, this makes DES far less
secure than it was when first implemented, although for practical purposes of a non-critical
nature, it can still be considered adequate.
Initial
permutation Encryption 1 Encryption16 Final
permutation …
K1 K16
Figure 2.7: DES Computation Path
64-bit key
Initial permutation
Round 1
Round 2
Round 16
Final permutation
Round
Key
Generator
K 1
K 2
K16
64-bit ciphertext
64-bit plaintext
2.2.2.2 Triple-DES Encryption
Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key
length of 192 bits [6]. Consequently, Triple DES runs three times slower than standard DES, but is
much more secure if used properly. Triple DES was developed to address the obvious flaws in DES
without designing a whole new cryptosystem. It simply extends the key size of DES by applying the
algorithm three times in succession with three different keys.
Figure 2.8: Triple-DES Computation Path
Figure 2.9: Triple Encryption example
DES ENCRYPTION
Plaintext
Ciphertext
Key 3
Key 2
Key 1
DES DECRYPTION
DES ENCRYPTION
e e e
k1 k2 k3
Y X Z
2.2.2.3 Blowfish Algorithm
Blowfish is a symmetric block cipher that can be effectively used for encryption and safeguarding of
data. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for securing data.
Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption
algorithms.
2.2.2.4 AES Algorithm
The Rijndael, whose name is based on the names of its two Belgian inventors, Joan Daemen
and Vincent Rijmen, is a Block cipher. It takes an input block of a certain size, usually 128,
and produces a corresponding output block of the same size. The transformation requires a
second input, which is the secret key. It is important to know that the secret key can be of any
size (depending on the cipher used) and that AES uses three different key sizes: 128, 192 and
256 bits. To encrypt messages longer than the block size, a mode of operation is chosen.
While AES supports only block sizes of 128 bits and key sizes of 128, 192 and 256 bits, the
original Rijndael supports key and block sizes in any multiple of 32, with a minimum of 128
and a maximum of 256 bits.
Figure 2.10: AES Block and Key Sizes
Both block size and key length of Rijndael are variable. Sizes shown above are the
ones required by the AES Standard. The number of rounds (or iterations) is a function
of the key length:
Rijindael 128 128
x y
128/192/256
k
Table 2.1: Key lengths and number of rounds for Rijndael
Key lengths (bits) nr = # rounds
128 10
192 12
256 14
However, Rijndael also allows block sizes of 192 and 256 bits. For those block sizes the
number of rounds must be increased.
Rijndael does not have a Feistel structure. Feistel networks do not encrypt an entire block per
iteration (e.g., in DES, 64/2 = 32 bits are encrypted in one iteration). Rijndael encrypts all
128 bits in one iteration. As a consequence, Rijndael has a comparably small number of
rounds. Rijndael uses three different types of layers. Each layer operates on all 128 bits of a
block:
Chronology of the AES Process
Development announced on January 2, 1997 by the National Institute of Standards and
Technology (NIST).
15 candidate algorithms accepted on August 20th, 1998.
5 finalists announced on August 9th, 1999.
- Mars, IBM Corporation.
- RC6, RSA Laboratories.
- Rijndael, J. Daemen & V. Rijmen.
- Serpent, Eli Biham et al.
- Twofish, B. Schneier et al.
Monday October 2nd, 2000, NIST chooses Rijndael as the AES.
A lot of work went into software and hardware performance analysis of the AES candidate
algorithms. Here are representative numbers:
Table 2.2: Speeds of the AES Finalists in Hardware and Software
Algorithm Pentium-Pro @ 200 MHz
(Mbit/sec)
FPGA Hardware
(Gbit/sec) [EYCP01]
MARS 69 -
RC6 105 2.4
Rijndael 71 2.1
Serpent 27 4.9
Twofish 95 1.6
.
Figure 2.11: AES Computation Path
2.2.2.5 RC2 Algorithm
The RC2 algorithm is a block cipher that uses a 64 bit block size and variable key length. The
key size ranges from 8 to 256 bits. RC2 uses a source-heavy Feistel network with 16 rounds
of mixing and 2 rounds of mashing.
Round 1
Round 2
Round
Key
Generator
K 1
K 2
K 10
Round 10 Round 10
128-bit Key
128-bit ciphertext
128-bit plaintext
2.2.3 Asymmetric Cryptographic Systems
It looks as though public-key schemes can provide all functionality needed in modern
security protocols such as SSL/TLS. However, the major drawback in practice is that
encryption of data is extremely computationally demanding with public-key algorithms.
Many block and stream ciphers can encrypt 1000 times faster in software than public-key
algorithms. On the other hand, symmetric algorithms are poor at providing digital signatures
and key establishment/transport functionality. Hence, most practical protocols are hybrid
protocols which incorporate both symmetric and public-key algorithms. Mechanisms that can
be realized with public-key algorithms are:
1) Key establishment protocols (e.g., Diffie-Hellman key exchange) and key transport
protocols (e.g., via RSA) without prior exchange of a joint secret.
2) Digital signature algorithms (e.g., RSA, DSA or ECDSA)
3) Encryption
2.2.3.1 RSA
In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly
described it) is an algorithm for public-key cryptography. It is the first algorithm known to be
suitable for signing as well as encryption, and was one of the first great advances in public
key cryptography. RSA is widely used in electronic commerce protocols, and is believed to
be secure given sufficiently long keys and the use of up-to-date implementations.The RSA
algorithm involves three steps: key generation, encryption and decryption.
A few general remarks on RSA are as follows:
1) Most popular public-key cryptosystem.
2) Invented by Rivest/Shamir/Adleman in 1977 at MIT.
3) Was patented in the USA (not in the rest of the world) until 2000.
4) The main application of RSA are:
a) Encryption and, thus, for key transport
b) Digital signature
RSA Set-up Stage
1) Chose two large primes p and q.
2) Compute n = p.q
3) Compute Ф (n) = (p – 1).
4) Choose random b; 0 < b < Ф (n), with gcd (b, Ф (n)) = 1
Note that b has inverse in Z Ф(n).
5) Compute inverse a = b-1
mod Ф (n):
B . a ≡ 1 mod Ф (n).
6) Public key: kpub = (n,b).
Private key: kpr = (p,q,a).
Encryption: done using public key, kpub.
Decryption: done using private key, kpr.
Figure 2.12: RSA Encryption and Decryption
2.2.4 `Hash Algorithms
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of
data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental
or intentional modification to the data will change the hash value. The data to be encoded is
often called the "message", and the hash value is sometimes called the message digest or
simply digests.
The ideal cryptographic hash function has four main or significant properties:
I. it is easy to compute the hash value for any given message,
II. it is infeasible to find a message that has a given hash,
III. it is infeasible to modify a message without changing its hash,
IV. it is infeasible to find two different messages with the same hash.
y = ekpub (x) = xb mod n.
x E Zn = (0,1,…, n – 1).
x = dkpr (y) = ya mod n.
Cryptographic hash functions have many information security applications, notably in digital
signatures, message authentication codes (MACs), and other forms of authentication. They
can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to
detect duplicate data or uniquely identify files, and as checksums to detect accidental data
corruption. Indeed, in information security contexts, cryptographic hash values are sometimes
called (digital) fingerprints, checksums, or just hash values, even though all these terms stand
for functions with rather different properties and purposes.
All well-known hash functions, including MD4, MD5, SHA-1 and SHA-2 are built from
block-cipher-like components designed for the purpose, with feedback to ensure that the
resulting function is not bijective. A standard block cipher such as AES can be used in place
of these custom block ciphers; this generally carries a cost in performance, but can be
advantageous where a system needs to perform hashing and another cryptographic function
such as encryption that might use a block cipher, but is constrained in the code size or
hardware area it must fit into, such as in some embedded systems like smart cards.
2.2.4 Cryptanalysis
Cryptanalysis is the science of breaking a cipher without the knowledge of the key used. Its
goal is either to recover the plaintext of the message or to deduce the decryption key so that
other messages encrypted with the same key can be decrypted. One of the more obvious
attacks is to try every possible key (i.e. the finite set of possible keys, known as the
keyspace) until the result yields some intelligible data. This kind of attack is known as a
brute force attack. Clearly, the greater the keyspace, the greater the immunity to a brute
force attack.
2.3 Security in the Internet
Internet security involves the protection of a computer's Internet account and files from
intrusion of an unknown user. Basic security measures involve protection by well selected
passwords, change of file permissions and back up of computer's data. Security concerns are
in some ways peripheral to normal business working, but serve to highlight just how
important it is that business users feel confident when using IT systems. Security will
probably always be high on the IT agenda simply because cyber criminals know that a
successful attack can be very profitable. This means they will always strive to find new ways
to circumvent IT security, and users will consequently need to be continually vigilant.
2.3.1 IPSecurity
IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task
Force (IETF) to provide security for a packet at the network level. IPSec helps to create
authenticated and confidential packets for the IP layer as shown in Figure2.13 below:
Figure 2.13: TCP/IP protocol and IPSec
IPSec operates in one of two different modes: the transport mode or the tunnel mode as
shown in Figure 2.14.
Tunnel mode
Transport mode
Figure 2.14: Transport mode and tunnel modes of IPSec protocol
In the transport mode, IPSec protects what is delivered from the transport layer to the
network layer. In other words, the transport mode protects the network layer payload, the
payload to be encapsulated in the network layer. The transport mode is normally used when
Underlying physical networks
Applications
IP
UDP, TCP, or SCTP IPSec is designed
to provide security
at the network layer.
IPSec-T
Transport layer Transport layer
Payload
Network layer
IPSec IPSec-H IPSec payload
IPSec-T IP-H
IPSec-T
Network layer
IPSec IP-H
IP payload
IPSec payload
IP-H
New
IP-H IP payload
we need host-to-host or end-to-end protection of data. The sending host uses IPSec to
authenticate and/or encrypt the payload delivered from the transport layer. The receiving host
uses IPSec to check the authentication and/or decrypt the IP packet and deliver it to the
transport layer.
In the tunnel mode, IPSec protects the entire IP packet. It takes an IP packet, including the
header, applies IPSec security methods to the entire packet, and then adds a new IP header.
In other words, we use the tunnel mode when either the sender or the receiver is not a host.
The entire original packet is protected from intrusion between the sender and the receiver. It’s
as if the whole packet goes through an imaginary tunnel. IPSec defines two protocols-the
Authentication Header (AH) Protocol and the Encapsulating Security Payload (ESP)
Protocol-to provide authentication and/or encryption for packets at the IP level. The
Authentication Head (AH) Protocol is designed to authenticate the source host and to ensure
the integrity of the payload carried in the IP packet. The protocol uses a hash function and a
symmetric key to create a message digest; the digest is inserted in the authentication header.
The AH is then placed in the appropriate location based on the mode (transport or tunnel).
The AH Protocol provides source authentication and data integrity, but no privacy.
Figure below shows the fields and the position of the authentication header in the transport
mode.
1. An authentication header is added to the payload with the authentication data field
set to zero.
2. Padding may be added to make the total length even for a particular hashing
algorithm.
3. Hashing is based on the total packet. However, only those fields of the IP header
that do not change during transmission are included in the calculation of the
message digest (authentication data).
4. The authentication data are inserted in the authentication header.
5. The IP header is added after the value of the protocol field is changes to 51.
Data used in calculation of authentication data (except those fields in IP header changing during transmission)
Figure 2.15: Authentication Header (AH) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. The AH Protocol does
not provide privacy, only source authentication and data integrity. IPSec later defined an
alternative protocol that provides source authentication, integrity, and privacy called
Encapsulating Security Payload (ESP): ESP adds a header and trailer. Note that ESP’s
authentication data are added at the end of the packet which makes its calculation easier.
Encapsulation Security Payload (ESP) Protocol in transport mode.
Figure 2.16: Encapsulation Security Payload (ESP) Protocol in Transport mode
When an IP datagram carries an ESP header and trailer, the value of the protocol field in the
IP head is 50. A field inside the ESP trailer (the next-header field) holds the original value of
the protocol field. The ESP procedure follows these steps:
1. An ESP trailer is added to the payload.
IP header Transport layer payload
Reserved Payload length Next header
Security parameter index
Sequence number
Padding
Authentication data (digest)
(variable length)
8 bits 8 bits 16 bits
AH
IP header ESP header Transport layer payload ESP
trailer Authentication data
(variable length)
32 bits
Security parameter index
Sequence number Pad length Next header Padding
8 bits 8 bits
32 bits
Authenticated
Encrypted
2. The payload and the trailer are encrypted.
3. The ESP header is added.
4. The ESP header, payload, and ESP trailer are used to create the authentication data.
5. The authentication data are added to the end of the ESP trailer.
6. The IP header is added after the protocol value is changed to 50.
IPSec supports both IPv4 and IPv6. In IPv6, however, AH and ESP are part of the extension
header. The ESP Protocol was designed after the AH Protocol was already in use. ESP does
whatever AH does with additional functionality which is privacy.
The two protocols, AH and ESP can provide several security services for packets at the
network layer. The following table shows the list of services available for each protocol.
Table 2.3: IPSec services
Access control Yes Yes
Message authentication (message integrity) Yes Yes
Entity authentication (data source authentication) Yes Yes
Confidentiality No Yes
Replay attack protection Yes Yes
Access Control: IPSec provides access control indirectly by using a Security Association
Database (SADB). When a packet arrives at a destination, and there is not security
association already established for this packet, the packet is discarded.
Message Authentication: The integrity of the message is preserved in both AH and ESP by
using authentication data. A digest of data is created and sent by the sender to be checked by
the receiver.
Entity Authentication: The security association and the keyed-hashed digest of the data sent
by the sender authenticate the sender of the data in both AH and ESP.
Confidentiality: The encryption of the message in ESP provides confidentiality. AH,
however, does not provide confidentiality.
Security association is a very important aspect of IPSec. Using security association, IPSec
changes a connectionless protocol; IP, to a connection-oriented protocol. We can say that
when sender and receiver agree upon a set of security parameters between them, they have
Services AH ESP
established a logical connection between themselves and this is called association. However,
they may not use this connection all the time. After establishing the connection, sender can
send a datagram to receive today, another datagram a few days later, and so on. The logical
connection is there and ready for sending a secure datagram. Certainly, they can break the
connection, or they can establish a new one after a while which is a more secure way of
communication. Each of three protocols (IPSec, SSL /TLS, and PGP) needs a set of security
parameters before it can be operative. In IPSec, the establishment of the security parameters
is done via a mechanism called Security Association (SA).
IP is a connectionless protocol: Each datagram is independent of the others. For this type of
communication, the security parameters can be established in one of the three ways.
1. Security parameters related to each datagram can be included in each datagram. The
designer of IPSec did not choose this option probably because of overhead. Adding
security parameters to each datagram creates a large overhead, particularly if the
datagram is fragmented several times during its journey.
2. A set of security parameters can be established for each datagram. This means that
before each datagram is transmitted, a set of packets needs to be exchanged between
the sender and receiver to establish security parameters.
3. IPSec uses the third choice. A set of security parameters can be established between a
sender and a particular receiver the first time the sender has a datagram to send to that
particular receiver. The set can be saved for future transmission of IP packets to the
same receiver.
2.3.2 Secure Socket Layer/Transport Layer Security (SSL/TLS)
A transport layer security provides end-to-end security services for applications that use a
reliable transport layer protocol such as TCP. The design is to provide security services for
transactions on the Internet. Two protocols are foremost today for providing security at the
transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security
(TLS) Protocol. The latter is actually an IETF version of the former. Figure below shows the
position of SSL and TLS in the Internet model. For instance, when a buyer makes an online
purchase, the following security services are desired:
1. The buyer needs to be sure that the server belongs to the actual vendor, not an imposter.
Likewise the vendor needs to authenticate the buyer. This is called entity authentication.
2. The buyer and the vendor need to be sure that the contents of the message are not
modified during transition. This is called message integrity.
3. The buyer and the vendor need to be sure that an imposter does not intercept sensitive
and confidential information such as a credit card number. This is confidentiality aspect
of security service.
Secure Socket Layer (SSL) is designed to provide security and compression services to data
generated from the application layer. Characteristically, SSL can receive data from any
application layer protocol, but usually the protocol is HTTP. The data received from the
Application are compressed (optional), signed, encrypted. The data are then passed to a
reliable transport layer protocol such as TCP. Netscape developed SSL in 1994. Versions 2
and 3 were released in 1995.
Figure 2.17: Location of SSL and TLS in the Internet model
Fragmentation: First, SSL divides the data into blocks of 214
bytes or less.
Compression: Each fragment of data is compressed by using one of the lossless compression
methods negotiated between the client and server. It should be noted that this service is
optional.
Message Integrity: To preserve the integrity of data, SSL uses a keyed-hash function to create
a MAC.
Confidentiality: To provide confidentiality, the original data and the MAC are encrypted
using symmetric-key cryptography.
Framing: A header is added to the encrypted payload. The payload is then passed to a reliable
transport layer protocol.
Security Parameters: There are no SAs, but there are cipher suites and cryptographic secrets
that together make the security parameters.
Applications
IP
TCP
Underlying physical networks
SSL/TLS is designed to
provide security at the
transport layer.
Cipher Suite: The combination of key exchange, hash, and encryption algorithms defines a
cipher suite for each SSL session. Each suite starts with the term SSL, followed by the key-
exchange algorithm. The word WITH separate the key exchange algorithm from the
encryption and hash algorithms. For example,
SSL_DHE_RSA_WITH_DES_CBC_SHA
defines DHE_RSA (ephemeral Diffie-Hellman with SRA digital signature) as the key
exchange with DES_CBC as the encryption algorithm and SHA as the hash algorithm. Note
that DH is fixed Diffie-Hellman, DHE is ephemeral Diffie-Hellman, and DH-anon is
anonymous Diffie-Hellman.
Cryptographic Secrets: The second part of security parameters is often referred to as
cryptographic secrets. To achieve message integrity and confidentiality, SSL needs six
cryptographic secrets, four keys, and two IVs. The client and the server have six different
cryptography secrets. The process of creating these secrets is shown in Figure below. The
client needs one key for message authentication, one key for encryption, and one IV for block
encryption. The server needs the same. SSL requires that they keys for one direction be
different from those for the other direction. If there is an attack in one direction, the other
direction is not affected. These parameters are generated by using a negotiation protocol.
Figure 2.18: Creation of cryptographic secrets in SSL
I
II
III
IV
V
VI
Key-exchange
handshaking
Premaster secret
A complex algorithm using SHA-1 and
MD5
Master Secret
A complex algorithm using SHA-1 and MD5
Random number
Random number
I - Client authentication key
II - Server authentication key
III - Client encryption key
IV - Server encryption key
V - Client initiation vector
VI - Server initiation vector
Some constants
Some constants
Server Client
1. The client and server exchange two random numbers; one is created by the client and
the other by the server.
2. The client and server exchange one premaster secret by using one of the key exchange
algorithms discussed previously.
3. A 48-byte master secret is created from the premaster secret by applying two hash
functions (SHA-1 and MD5).
4. The master secret is used to create variable –length secrets by applying the same set
of hash functions and prepending with different constants.
Sessions and Connections: The description of IP and TCP protocol is different. IP is a
connectionless protocol; TCP is a connection-oriented protocol. An association in IPSec
transforms the connectionless IP to a connection-oriented secured protocol. TCP is already
connection-oriented. However, the designer of SSL decided that they needed two-levels of
connectivity: session and connection. A session between two systems is an association that
can last for a long tine; a connection can be established and broken several times during a
session. Some of the security parameters are created during the session establishment and are
in effect until the session is terminated (for example, cipher suite and master key). Some of
the security parameters must be recreated (or occasionally resumed) for each connection (for
example, six secrets).
SSL defines four protocols in two layers, as shown in Figure 22 . The Record Protocol is the
carrier. It carries messages from three other protocols as well as the data coming from the
application layer. Messages from the Record Protocol are payloads to the transport layer,
normally TCP. The Headshake Protocol provides security parameters for the Record
Protocol. It establishes a cipher set and provides keys and security parameters. It also
authenticates the server to the client and the client to the server, if needed. The
ChangeCipherSpec Protocol is used for signaling the readiness of cryptographic secrets. The
Alert-Protocol is used to report abnormal conditions.
Figure 2.19: Four SSL protocols
Handshake Protocol: The Handshake Protocol uses messages to negotiate the cipher suite, to
authenticate the server to the client and the client to the server (if needed), and to exchange
information for building the cryptographic secrets.
ChangeCipherSpec Protocol: It has been shown that the negotiation of the cipher suite and
the generation of cryptographic secrets are formed gradually during the Handshake protocol.
The question now is, when can the two parties use these parameter secrets? SSL mandates
that the parties not use these parameters or secrets until they have sent or received a special
message, the ChangeCipherSpec message, which is exchanged during the Handshake
Protocol and defined in the ChangeCipherSec Protocol. Before the exchange of any
ChangeCipherSpec messages, only the pending columns have values.
Alert Protocol: SSL uses the Alert Protocol for reporting errors and abnormal conditions. It
has only one message type, the alert message, which describes the problem and its level
(warning or fatal).
Record Protocol: The Record Protocol carries messages from the upper layer (Handshake
Protocol, ChangeCipherSec protocol, Alert Protocol, or application layer). The message is
fragmented and optionally compressed; a MAC is added to the compressed message by using
the negotiated hash algorithm. The compressed fragment and the MAC are encrypted by
using the negotiated encryption algorithm. Finally, the SSL header is added to the encrypted
message. The process at the receiver is reversed.
Handshake
Protocol
ChangeCipherSpec
Protocol
Alert
Protocol
Record Protocol
Application layer
Transport layer
SSL
2.3.3 PGP
One of the protocols to provide security at the application layer is Pretty Good Privacy
(PGP). PGP is designed to create authenticated and confidential e-mails. Figure 23 shows the
position of PGP in the TCP/IP protocol suite.
Figure 2.20: Position of PGP in the TCP/IP protocol suite
Sending an e-mail is a one-time activity. In IPSec or SSL, it assumes that the two parties
create a session between themselves and exchange data in both directions. In e-mail, there is
no session. Sender and receiver cannot create a session. Sender sends a message to receiver
sometime later; receiver reads the message and may or may not sent a reply. In PGP, the
sender of the message needs to include the identifiers of the algorithms used in the message
as well as the values of the keys.
Services: PGP can provide several services based on the requirements of the user. An e-mail
can use one or more of these services.
Plaintext: The simplest case is to send the e-mail message in plaintext (no service). The
sender, composes a message and sends it to the receiver. The message is stored in receiver
mailbox until it is retrieved by him.
Message Authentication: The next improvement is to let the sender sign the message. He
creates a digest of the message and signs it with his private key. He (the receiver) receives the
message and verifies the message by using the sender’s public key. Two keys are needed for
this scenario. A further improvement is to compress the message and digest to make the
packet more compact. This improvement has no security benefit, but it eases the traffic.
Confidentiality with One-Time Session Key: Confidentiality in an e-mail system can be
achieved by using conventional encryption with a one-time session key. Sender can create a
session key, use the session key to encrypt the message and the digest, and send the key itself
Applications (e-mail)
UDP, TCP, or SCTP
IP
Underlying physical networks
PGP is designed to
provide security at the application layer.
with the message. However, to protect the session key, sender encrypts it with receiver’s
public key.
Code Conversion: Another service provided by PGP is code conversion. Most e-mail systems
allow the message to consist of only ASCII characters. To translate other characters not in the
ASCII set, PGP uses Radix 64 conversion. Each character to be sent (after encryption) is
converted to Radix 64 code.
Segmentation: PGP allows segmentation of the message after it has been converted to Radix
64 to make each transmitted unit the uniform size allowed by the underlying e-mail protocol.
PGP Algorithms: The algorithms used in PGP are shown in Table 4. The list is not complete;
new algorithms are constantly added.
Table 2.4: PGP Algorithms
Algorithm ID Description
Public key 1 RSA (encryption or signing)
2 RSA (for encryption only)
3 RSA (for signing only)
17 DSS (for signing)
Algorithm ID Description
Hash 1 MD5
2 SHA-1
Encryption 3 RIPE-MD
0 No encryption
1 IDEA
2 Triple DES (3 DES)
9 AES
2.3.4 Virtual Private Network
A common use of IPSEC is the construction of a Virtual Private Network (VPN), where
multiple segments of a private network are linked over a public network using encrypted
tunnels. This allows applications on the private network to communicate securely without
any local cryptographic support, since the VPN routers perform the encryption and
decryption. IPSEC is well suited for this environment, more so than tunnelling PPP over SSL
or SSH, since it operates directly on the IP packets and preserves a one-to-one
correspondence between packets inside and outside the network. In the case of tunnelling
PPP over an encrypted TCP connection, any packet loss in the public network would trigger a
TCP retransmission, stalling the link until the packet was delivered. In particular, running
Voice over IP (VoIP) traffic through a TCP/PPP tunnel would largely defeat the RTP
protocol used for VoIP; IPSEC is better suited in this case.
VPN is a technology that is presently famous among large organizations that utilize the
global Internet for both intra – and interorganization communication, but require privacy in
their internal communications. VPN is being considered here because it uses the IPSec
Protocol to apply security to the IP datagram.
Private Networks: A private network is designed for use inside an organization. It allows
access to shared resources and, at the same time, provides privacy. Two frequently used
terms are involved here:
Intranet: An intranet is a private network (LAN) that uses the Internet model. However,
access to the network is restricted to the users inside the organization. The network uses
application programs defined for the global Internet, such as HTTP, and may have Web
servers, print servers, file servers, and so on.
Extranet: An extranet is the similar to an internet with one major difference: Some resources
may be accessed by specific groups of users outside the organization under authorized
customers’ access to product specifications, availability, and online ordering. A university or
a college can permit distance learning students access to the computer lab after passwords
have been checked.
Addressing: A private network that uses the Intranet model must use IP addresses. Three
choices are available:
1. The network can apply for a set of addresses from the Internet authorities and use
them without being connected to the Internet. This strategy has an advantage. If in the
future the organization decides to be connected to the Internet, it can do so with
relative ease. However, there is also disadvantage: The address space is wasted in the
meantime.
2. The network can use any set of addresses without registering with the Internet
authorities. Because the network is isolated, the addresses do not have to be unique.
However, this strategy has a serious drawback: Users might mistakenly confuse the
addresses as part of the global Internet.
3. To overcome the problems associated with the first and second strategies, the Internet
authorities have reserved three sets of addresses, shown in the Table 2.5 below:
Any organization can use an address out of this set without permission from the Internet
authorities. Everybody knows that these reserved addresses are for private networks. They are
unique inside the organization, but they are not unique globally. No router will forward a
packet that has one of these addresses as the destination address.
Table 2.5: Private networks reserved addresses.
Prefix Range Total
10/8 10.0.0.0 to 101255.255.255 224
172.16/12 172.16.0.0 to 172.31.255.255 220
192.168/16 192.168.0.0 to 192.168.255.255 216
Internet
Site x Site y
R2R1
Figure 2.21: Virtual Private Network
VPN Technology: VPN technology, Figure 2.21,uses IPSec in the tunnel mode to prove
authentication, integrity, and privacy. Tunneling: To guarantee privacy and other security
measures for an organization, VPN can use the IPSec in the tunnel mode. In this mode, each
IP datagram destined for private use in the organization is encapsulated in another datagram.
2.3.5 Firewalls
A firewall is a part of a computer system or network that is designed to block unauthorized
access while permitting authorized communications. It is a device or set of devices which is
configured to permit or deny computer applications based upon a set of rules and other
criteria. It may succinctly be described as a computer, router or other communication device
that filters access to the protected network [18]. Cheswick and Bellovin [6] define a firewall
as a collection of components or a system that is placed between two networks and possesses
the following properties:
All traffic from inside to outside, and vice-versa, must pass through it.
Only authorised traffic, as defined by the local security policy, is allowed to pass
through it.
The firewall itself is immune to penetration.
Firewalls can be implemented in either hardware or software, or a combination of both. They
are frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that do not meet
the specified security criteria. There are several types of firewall techniques:
1. Packet filter: Packet filtering inspects each packet passing through the network and
accepts or rejects it based on user-defined rules. Although difficult to configure, it is
fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
2. Application gateway: Applies security mechanisms to specific applications, such as
FTP and Telnet servers. This is very effective, but can impose performance
degradation.
3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection
is established. Once the connection has been made, packets can flow between the
hosts without further checking.
4. Proxy server: Intercepts all messages entering and leaving the network. The proxy
server effectively hides the true network addresses.
All previous security measures cannot prevent hacker from sending a harmful message to a
system. To control access to a system, we need firewalls. Figure 2.22 shows a firewall.
Outgoing Incoming
Global InternetInternal network(s)
Firewall
Figure 2.22: Firewall
For example, a firewall may filter all incoming packets destined for a specific host or a
specific server such as HTTP. A firewall can be used to deny access to a specific host or a
specific service in the organization.
2.3.6 Wired Equivalent Privacy (WEP)
WEP is a security protocol that adds security to wireless local area networks (WLANs) based
on the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11. It is an OSI Data Link layer (Layer
2) security technology. And it is designed to provide a wireless local area network (WLAN)
with a level of security and privacy comparable to what is usually expected of a wired LAN.
A wired local area network (LAN) is generally protected by physical security mechanisms
(controlled access to a building for example) that are effective for a controlled physical
environment, but may be ineffective for WLANs because radio waves are not necessarily
bound by the walls containing the network. WEP seeks to establish similar protection to that
offered by the wired network's physical security measures by encrypting data transmitted
over the WLAN. It uses RC4 encryption, which is the same as that used by the security built
into standard web browsers (SSL). In a WEP protected network, all packets are encrypted
using the stream cipher RC4 under a common key, the root key.RC4 utilizes a combination of
secret user keys and system-generated values. The original implementations of WEP
supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of
system-generated data (64 bits total). Research has shown that 40-bit WEP encryption is too
easy to decode, and consequently product vendors today employ 128-bit encryption (having a
key length of 104 bits, not 128 bits) or better (including 152-bit and 256-bit WEP systems).
Regardless of how it is implemented on a wireless LAN, WEP represents just one element of
an overall WLAN security strategy. A research group from the University of California at
Berkeley recently published a report citing "major security flaws" in WEP that left WLANs
using the protocol vulnerable to attacks (called wireless equivalent privacy attacks). In the
course of the group's examination of the technology, they were able to intercept and modify
transmissions and gain access to restricted networks.
802.11 Authentication: The 802.11 standard defines several services that govern how two
IEEE 802.11 devices communicate. The following events must occur before an 802.11
Station can communicate with an Ethernet network through an access point:
1. Wireless station is turned on.
2. The station listens for messages from any access points that are in range.
3. The station finds a message from an access point that has a matching SSID.
4. The station sends an authentication request to the access point.
5. The access point authenticates the station.
6. The station sends an association request to the access point.
7. The access point associates with the station.
8. The station can now communicate with the Ethernet network through the access point.
An access point must authenticate a station before the station can associate with the access
point or communicate with the network. The IEEE 802.11 standard defines two types of
authentication: Open System and Shared Key.
Open System Authentication allows any device to join the network, assuming that
the device SSID matches the access point SSID. Alternatively, the device can use the
"ANY" SSID option to associate with any available Access Point within range,
regardless of its SSID.
The following steps occur when two devices use Open System Authentication:
1. The station sends an authentication request to the access point.
2. The access point authenticates the station.
3. The station associates with the access point and joins the network.
Shared Key Authentication requires that the station and the access point have the
same WEP Key to authenticate. These two authentication procedures are described
below.
The following steps occur when two devices use Shared Key Authentication:
1. The station sends an authentication request to the access point.
2. The access point sends challenge text to the station.
3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge
text, and sends the encrypted text to the access point.
4. The access point decrypts the encrypted text using its configured WEP Key that
corresponds to the station's default key. The access point compares the decrypted
text with the original challenge text. If the decrypted text matches the original
challenge text, then the access point and the station share the same WEP Key and the
access point authenticates the station.
5. The station connects to the network.
If the decrypted text does not match the original challenge text (the access point and
station do not share the same WEP Key), then the access point will refuse to
authenticate the station and the station will be unable to communicate with either the
802.11 networks or Ethernet network.
Chapter 3
Experimental Design
The setup for the experiment is as shown in Figure 3.1. The server is connected to the access
point with 100 Mbps Ethernet link. The wireless devices considered in the experiment are
laptop and Pocket PC. The wireless devices are used one at a time and never all at the same
time. Transmission of data is from the wireless devices to the server through the wireless link
using TCP/IP protocol. For encryption the libraries considered were OpenSSL and Crypto++.
Cisco Aironet 1230AG series 802.11/a/b/g
Access Ponit
Athlon 1.3 GHz server with 384 MB RAM
and Windows XP Operating System
Toshiba Satellite L300-20D laptop with an
Intel CPU T1600 @ 1.66GHzCompaq IPAQ Pocket PC
H3800 with Expansion Slot
H3600 with Windows CE 3.0
Figure 3.1: Experimental Setup Configuration
3.1 Encryption Libraries
Many encryption libraries are available supporting most of the cryptographic algorithms. It is
always wise to use full-featured, source-available cryptographic libraries because building a
security toolkit is hard, and making the source available makes it easier to find and fix
problems. New systems should be built with a library whose source is available to the public
for inspection. Most of these libraries have approximately the same crypto functions and
encodings. All seem to be reasonably well documented, although openssl is trailing a little.
Choice of one over another is largely a matter of language and license. All libraries are
generally up-to-date with the latest development in number theory that helps faster
mathematical operation. Crypto++ was the basic library selected for encryption since it has a
sample benchmark published on its website. The choice was primarily based on ease of use,
availability of benchmarks for verification, algorithms supported.
Some of the popular libraries are as follows:
I. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library. The project is managed by a worldwide community of volunteers that
use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related
documentation. It has implementations for AES, DES, Triple-DES, IDEA, RC2, RC4, RC5,
SAFER, DH, RSA, and DSA. OpenSSL is based on the excellent SSLeay library developed
by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-
style licence, which basically means that you are free to get and use it for commercial and
non-commercial purposes subject to some simple license conditions.
II. Cryptix is Java cryptographic library implemented in Java and Perl. Since 1995 the
Cryptix project has been instrumental in getting strong cryptography to Java platform (and
some to the Perl platform as well). In fact, while nowadays strong cryptography is widely
available, this has not always been the case. At a time when export controls on cryptography
were still in effect, Cryptix was the first available cryptographic library for Java. Cryptix was
initiated and at first sponsored by Systemics, later on the independent Cryptix Foundation ltd
was incorporated. It has implementations for Blowfish, CAST5, DES, IDEA, MARS, RC2,
RC4, RC6, and Rijndael (AES), Serpent, SKIPJACK, Square, Triple-DES, Twofish, RSA,
DH, and ElGamal.
III. Crypto++ is a free C++ class library by published and maintained Wei Dai. This free
C++ class library is a class hierarchy with an API defined by the base abstract classes. It
handles a large number of cryptographic schemes (including public key cryptography) and
cipher modes. In no particular order, here's a list of some stuff supported: RC6, MARS,
Rijndael, Twofish, Serpent, IDEA, DES, Triple DES (DES-EDE2 and DES-EDE3), DESX
(DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK,
CAST-128, Square, CBC padded, CBC ciphertext stealing (CTS), CFB, OFB, counter
mode,It has implementation for most of the popular Cryptographic algorithms. It has
implementation for AES, IDEA, DES, Triple-DES, RC2, RC5, Blowfish, TEA, SAFER, 3-
WAY, GOST, SHARK, CAST-128, SEAL, RSA, ElGamal, , ECIES. The dedicated author
Wei Dai actively maintains the library.
IV. Cryptlib is a powerful security toolkit that allows even inexperienced crypto
programmers to easily add encryption and authentication services to their software. The high-
level interface provides anyone with the ability to add strong security capabilities to an
application in as little as half an hour, without needing to know any of the low-level details
that make the encryption or authentication work. Because of this, cryptlib dramatically
reduces the cost involved in adding security to new or existing applications.
At the highest level, cryptlib provides implementations of complete security services such as
S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA
services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure
timestamping. Since cryptlib uses industry-standard X.509, S/MIME, PGP/OpenPGP, and
SSH/SSL/TLS data formats, the resulting encrypted or signed data can be easily transported
to other systems and processed there, and cryptlib itself runs on virtually any operating
system - cryptlib doesn't tie you to a single system. This allows email, files, and EDI
transactions to be authenticated with digital signatures and encrypted in an industry-standard
format.
3.2 Methodology
This section describes the techniques and simulation choices made to evaluate the
performance of the selected algorithms.
In these experiments, the laptop encrypts different sizes of data blocks (0.5MB to 20MB)
using the encryption libraries. Five encryption algorithms that are selected in the experiment
are AES (key size:256 bits),DES(key size:64 bits),RC2(key size:64 bits), Blowfish(key
size:256 bits), and 3DES(key size:192 bits). These implementations are thoroughly tested and
are optimized to give the maximum performance for each algorithm. The results are checked
and tested for AES that supposed to be the best encryption algorithm by a different
implementations program to give the maximum performance for the algorithms and make
sure the results are the same using multiple platforms [27].Then for transmission of data, the
laptop and the pocket pc are connected wirelessly. Data is transmitted from the first laptop to
the pocket pc through the wireless link using TCP/IP protocol. the experiment are applied in
two mode of wireless LANs connection (BSS and ad hoc mode).Using IEEE 802.11 standard,
data is transmitted using the two different types of authentication. Firstly, data is transmitted
using Open System Authentication (no encryption). Secondly, data is transmitted using
Shared Key Authentication (WEP encryption). Using IEEE 802.11i, data is transmitted using
Open System Authentication (no encryption) and data is transmitted using WPA. The effects
of different signal to noise conditions and its effect on transmission of data (under relatively
excellent signals and poor signals) are studied.
Hardware Descriptions for this Experimental Setup
A. Compaq iPAQ H3600 Series
CPU - Intel Strong ARM SA1110 processor
32 MB of SDRAM and 16MB of flash
Serial and slave USB via cradle
115Kbps and 4Mbps IrDA
Expansion packs
B. Toshiba L300-20D Laptop
Intel CPU T1600 @ 1.66GHz
32-bit Windows Operating System
160 GB Hard disk
1GB RAM
In this experiment, several performance metrics are collected and analyzed:
1. Encryption time
2. Throughput
3. Battery power
4. Transmission time.
3.2.1 Encryption time Computation
The encryption time is considered the time that an encryption algorithm takes to produce a
cipher text from a plaintext. Encryption time is used to calculate the throughput of an
encryption scheme. It indicates the speed of encryption. The throughput of the encryption
scheme is calculated as the total plaintext in bytes encrypted divided by the encryption time.
The throughput of the encryption scheme is calculated as the total plaintext in bytes
encrypted divided by the encryption time. The CPU process time is the time that a CPU is
committed only to the particular process of calculations. It reflects the load of the CPU.
3.2.2 Energy Consumption Computation
Energy consumption of security systems can be measured in many ways. For computation of
the energy cost of encryption (micro joule/byte), the same techniques as described in is
adopted [24]. A basic cost of encryption represented by the product of the total number of
clock cycles taken by the encryption and the average current drawn by each CPU clock cycle
is presented. The basic encryption cost is in unit of ampere-cycle. The methods used in this
experiment are briefly discussed as follows:
The first method used to measure energy consumption is to assume that an average amount of
energy is consumed by normal operations and to test the extra energy consumed by an
encryption algorithms.
The battery life consumed in percentage for one run =
runs ofnumber the
lifebattery in Change
Average battery Consumed per iteration=
N
IterationsumedPerBatteryCon
N
1
The second method of security parameters can also be measured by counting the amount of
computing cycles which are used in computations related to cryptographic operations. In
other words the second method used to measure energy consumption is to assume that an
average amount of energy is consumed by normal operations and to test the extra energy
consumed by an encryption algorithms. This method simply monitors the level of the
percentage of remaining battery. The experiments note the number of iteration or runs over
the file and the battery life. Change in battery life divided by the number of runs gives the
battery life consumed in percentage for one run. The second method for computation of the
energy cost of encryption. For computation of the energy cost of encryption, the same
techniques is used as described in [30], [32] using the following equations.
Bcost_encryption (ampere-cycle) = τ * I
Tenergy_cost (ampere-seconds) =
ec)F(cycles/s
cycle)-(ampereB ptioncost_encry
Ecost (Joule) = Tenergy_cost (ampere-seconds)*V
Where
Bcost_encryption: is a basic cost of encryption (ampere-cycle).
τ: the total number of clock cycles.
I: the average current drawn by each CPU clock cycle.
Tenergy_cost: the total energy cost (ampere-seconds).
F: clock frequency (cycles/sec).
Ecost (Joule): the energy cost (consumed).
By using the cycles, the operating voltage of the CPU, and the average current drawn for each
cycle, the energy consumption of cryptographic functions are computed. For example, on
average, each cycle consumes approximately 270 mA on an Intel 486DX2 processor [30] or
180 mA on Intel Strong ARM [31]. For a sample calculation, with a 700 MHz CPU operating
at 1.35 Volt, an encryption with 20,000 cycles would consume about 5.71 x 10-3 mA-second
or 7.7 μ Joule. So, the amount of energy consumed by program P to achieve its goal
(encryption or decryption) is given by
E= VCC × I × N × τ
Where N: the number of clock cycles.
τ: the clock period.
VCC: the supply voltage of the system
I: the average current in amperes drawn from the power source for T seconds.
Since for a given hardware,
Both VCC and τ are fixed,
E α I × N.
However, at the application level, it is more meaningful to talk about T than N, and therefore,
we express energy as E α I × T. [30]Since for a given hardware Vcc are fixed.
3.3 Wireless Environment
Some perspective of the effect of changing wireless environment may serve to be useful
while designing wireless communication systems. With this in mind factors like changing the
signal to noise ratio, packet size, and layer where encryption is performed are considered in
these experiments.
3.3.1 Data Transmission
All algorithms considered above need to be considered when the data that is encrypted by
them is transmitted over the wireless network. Initially the effect of signal to noise ratio is
removed by keeping the device very close to the access point to have excellent signal
conditions. The effect of the algorithm and key size variations under data transmission is
evaluated.
3.3.2 Signal to Noise Ratio
Reduced signal to noise ration causes retransmission and transmissions under lower signal to
noise ratio are more demanding on the battery. To understand the comparison of battery cost
for encryption and transmission with varying signal to noise conditions measurements are
taken transmission for data transfer with and without encryption under different signal to
noise conditions.
3.3.3 Layer of Encryption
One of the goals of this study is to determine the effect of moving the encryption process to
application level. So data transmission is done with encryption enabled at the link level by
WEP and then same data is transmitted with WEP disabled and encryption at application
level using AES.
3.3.4 Changing Packet Size
In 802.11b environment the TCP transmissions involve transmission of packets over which
the TCP, IP and Ethernet headers are added. So the transmission of 128 bits data leads to and
inefficient transmission mechanism. Also waiting for acknowledgements leads to reduction in
effective throughput. The purpose of this set of experiments is to determine the change in
performance observed by switching from 128 bits transmission to 1024 bytes transmission.
Chapter 4
Results and Analyses
4.1 The Effect of Changing Packet Size for Cryptographic Algorithms on Power
Consumption
Encryption time is used to compute the throughput of an encryption algorithm. In this
subsection, CPU work load, encryption throughput and power consumption for text
encryption without transmission are calculated to prove which encryption algorithm has
better performance.
0
5
10
15
20
25
30
RC2 DES 3DES AES BLOWFISH
Duration Time(milliseconds/100)
Throughput(MB/Sec)
Power Consumption (Microjoules)
Figure 4.1: Time Consumption, Throughput, and power consumption for Text encryptions.
The effect of changes when transmission of data is taken in consideration under different
scenario such as transmission of data by using two different architectures (BBS, and ADhoc
mode) was equally studied.
0
2
4
6
8
10
12
Po
wer
Co
nsu
mp
tio
n
(Mic
rojo
ule
/Byte
)
No Enc AES 3DES DES RC2 BF
Cryptographic Algorithms
Adhoc mode/Excellent signal/Open
Key Authentication(without
encryption)
Adhoc/Excellent signal/Shared Key
Authentication(WEP)
Poor Signals
BBS/WPA
BBS/Open Key
Authentication(without encryption)
Figure 4.2: Power consumption for Text Files Encryption in Micro joule/Byte with data
transmission
4.2 The effect of changing data type (JPEG) for cryptography algorithm on power
consumption.
Figures 4, 5 and 6 respectively depict the experimental results obtained when a comparison
between different JPEG images was carried out to know which one has better performance.
4.2.1 CPU work load
Figure 4.3: Time consumption for different JPEG Files Encryption without data Transmission
4.2.2 Encryption Throughput
Throughput of each encryption algorithm to encrypt different text data without data
transmission is shown in Figure 5.
Figure 4.4: Throughput of each encryption algorithm (Kilobytes/Second)
4.2.3 Power Consumption
The Power consumption to encrypt different text data with a different data block size in
micro joule/bytes are shown in Figure 4.5.
Figure 4.5: Power consumption for different JPEG Files Encryptions
4.2.4 Encryption with Transmission
The Figure 4.6 depicts effects of changes on results when transmission of data is taken in
consideration.
0
0.5
1
1.5
2
2.5
3
3.5
4C
om
para
tive E
xecu
tio
n
Tim
es f
or
Tra
nsm
issio
n
of
En
cry
pti
on
Alg
ori
thm
s
BF 3DES RC2 DES AES No Enc
Cryptographic Algorithms
Adhoc/Excellent signals/open
key Authentication w ithout
encryption
Adhoc/Excellent signals/shared
key Authentication(WEP)
Poor signals
BBS/Excellent signals/WPA
Figure 4.6: Comparative execution times for transmission of JPEG files using different
algorithms
In case of data transmission, it was found there is insignificant difference in performance of
different symmetric key schemes (most of the resources are consumed for data transmission
rather than computation).
4.3 The effect of changing data type (Audio files) for cryptography algorithm on
power consumption.
0
10
20
30
40
50
60
Valu
es
BLOWFISH AES DES 3DES RC2
Cryptographic Algorithms
Power consumption in
microjoules
Throughput(MB/Sec)
Duration Time in Seconds
Figure 4.7: Time consumption, Throughput, and power consumption for Text Encryption
0
5
10
15
20
Po
we
r C
on
su
me
d
(Mic
rojo
ule
/By
te)
No
Encryption
AES 3DES DES RC2 BF
Cryptographic Algorithms
Adhoc/Excellent signals/open key
Authentication without encryption
Adhoc/Excellent signals/shared
keyWEP
Poor signals
BBS/WPA
BBS/Open key without encryption
Figure 4.8: Power consumption for Encrypt different Audio Files (μ/Byte) with data
transmission
4.4 The effect of changing Data Type (Video files) for cryptographic algorithms on
power consumption.
0
2
4
6
8
10
12
14
16
Values
BF AES DES 3DES RC2
Cryptographic Algorithms
Throughput(MB/Sec)
Duration Time in Sec
Power Consumption(Microjoule/Byte)
Figure 4.9: Time consumption, Throughput, and power consumption for Video Files
Encryptions
0
1
2
3
4
5
Po
wer
Co
nsu
med
(Mic
rojo
ule
/Byte
)
No Enc AES 3DES DES RC2 BF
Cryptographic Algorithms
Adhoc/Excellent signal/open key
without encryption
Adhoc/Excellent signals/shared keyWEP
Poor signals
BBS/WPA
BBS/open key without encryption
Figure 4.10: Power consumption for Encrypt different Video Files (μJoule/Byte) with data
transmission
4.5 The effect of changing key sizes of AES on power consumption.
In this subsection, a comparison of the change in performance by using different key sizes for
AES algorithm was carried out. The three different key sizes possible are 128 bit, 192 bits
and 256 bit keys.
0.00395
0.004
0.00405
0.0041
0.00415
0.0042
0.00425
0.0043
0.00435
0.0044
% B
atte
ry C
on
sum
ed
AES 128 AES 192 AES 256
Key Size in bits
Figure 4.11: Percentage Battery Consumed with different Key Sizes for AES
Figure 4.12: Time Consumption with Different Key Sizes for AES
In case of AES it can be seen that higher key size leads to visible change in the battery and
time consumption. It can be seen that going from 128 bits key to 192 bits causes increase in
power and time consumption by about 8% and to 256 bit key causes an increase of 16%.
AES128 has 120, AES 192 has 144, and AES256 has 168 rotate byte operations, which
implies 20% and 40% more operations for AES 192 and AES256 when compared to
AES128. Although there seems an increase in power consumption that is directly
proportional to the increased operations, the increase is less amplified. However, the
increased power consumption of higher key size posses a compromise that should be
considered before choosing the size of the key. For normal application 128 bits key is
considered very secure hence going for higher key sizes would mean unnecessary wastage of
resources for the added security that is actually not required.
4.6 The effect of Changing Number of Rounds of AES on power consumption.
The AES encryption scheme has 10 rounds for 128 bits key. It should be possible to reduce
the number of rounds so that the amount of battery and time consumed while encrypting the
data could be reduced. Figures 14 and 15 below show the comparison of energy and time
consumed by the reduced round version of AES 128 bits key encryption.
0
0.0005
0.001
0.0015
0.002
0.0025
0.003
0.0035
0.004
0.0045
% B
att
ery
Co
nsu
mp
tio
n
1 2 3 4
Number of Rounds
Figure 4.13: Percentage battery consumed by different number of rounds for AES 128 bit-key
Encryption
0
50
100
150
200
250
300
Tim
e i
n M
illi
seco
nd
s
1 2 3 4 5 6
Number of Rounds
Figure 4.14: Time Consumed by different number of rounds for AES 128 bit-key encryption
As can be seen from the graph by reducing the number of rounds from 10 to 4 rounds it is
possible to save 13% of battery and time consumption and from 10 to 7 rounds is 3%.
Reducing the number of rounds would decrease the security of the encryption.
5. Conclusions
This paper presents a performance evaluation of five symmetric encryption algorithms on
power consumption that are commonly used in WLANs. The selected algorithms are AES,
DES, 3DES, Blowfish and RC2. The performance metrics were encryption throughput, CPU
work load, energy cost and key size variation. From the experiments, in the case of changing
packet size with and without transmission of data using different architectures and different
WLANs protocols, it is seen that Blowfish has better performance than other common
encryption algorithms used. In the case of image instead of text, it was found that RC2 and
Blowfish have disadvantages over other algorithms in terms of time consumption. Also, it is
found that 3DES still has low performance compared to DES. When transmission of data is
considered there is negligible difference in performance of different symmetric key schemes
as most of the resources are consumed for data transmission rather than computation.
Increasing the key size by 64 bits of AES leads to increase in energy consumption by about
8% without any data transfer and with data transfer the difference is not noticeable. Thus real
time applications where data is just transferred between systems and not stored for future
retrieval may prefer to have higher security provided by larger key size. Reducing the number
of rounds leads to power savings but it makes the protocols insecure for AES and should be
avoided. Seven or more rounds can be considered fairly secure and could be used to save
energy in some cases. In the future, optimizing the encryption schemes for wireless devices
can be considered.
References
1. Network Security: An Executive Overview, Cisco Systems
2. WLANS: Wireless Dream, Security Nightmare, Dermot McGrath, Broadband
Wireless Business Magazine, Vol. 3, No. 8, January/February 2003
3. Hirani, S.,''Energy Consumption of Encryption Schemes in Wireless Devices Thesis,''
university of Pittsburgh, April 9, 2003. Retrieved October 1, 2008, at:
portal.acm.org/citation.cfm?id=383768
4. Ruangchaijatupon.N., Krishnamurthy .P., “Encryption and Power Consumption in
Wireless LANs,” The Third IEEE Workshop on Wireless LANs, September 27-28,
2001, Newton, Massachusetts
5. Prof. Christof Paar, Lecture Notes APPLIED CRYPTOGRAPHY AND DATA
SECURITY (version 2.5 | January 2005) .
6. William Stallings, ‘Cryptography and Network Security’, Prentice Hall Publication,
1999
7. Schneier .B., Applied Cryptography, John Wiley & Sons, Inc., 1996.
8. Announcing the Advanced Encryption Standard (AES), Federal Information
Processing Standards Publication 197, 26 November 2001
9. Handbook of Applied Cryptography by Menezes, A., Oorschot, P. and Vanstone, S.
10. IEEE P802 working group, P802.11i Draft Supplement to Standard for
Telecommunications and Information Exchange Between Systems- LAN/MAN Specific
Requirements - Part 11: Wireless Medium Access Control (MAC) and physical layer
(PHY) specifications: Specification for Enhanced Security, November 2002.
11. K. Pahlavan and P. Krishnamurthy, Principles of Wireless Networks - A Unified
Approach, Prentice Hall, 2002
12. IEEE P802 working group, IEEE P802.11 Standard, Part 11: Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY) Specifications, 1999 Edition.
13. Daemen .J. and Rijmen .V., “AES Proposal: Rijndael,”
http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf.
14. Viredaz .M.A. and Wallach .D.A., “Power Evaluation of a Handheld Computer: A
Case Study,” WRL Research Report, 2001/1.
15. Potlapally, N.R., et. al., “Optimizing Public-Key Encryption for Wireless Clients,”
International Conference on Communications
(ICC), May 2002.
16. Law, Y.W. and et. al.,“Assessing Security-Critical Energy-Efficient Sensor
Networks,” IFIP WG 11.2 Small Systems Security Conf., Athens, Greece.
17. Yuan ,L. and Qu ,G., “Design Space Exploration for Energy-Efficient Secure Sensor
Network,” In proceeding of the 13th IEEE International Conference on Application-
Specific Systems, Architectures, and Processors (ASAP’02), July 17-19, 2002, San
Jose, California.
18. Karri, R. and Mishra, P., “Optimizing the Energy Consumed by Secure Wireless
Sessions – Wireless Transport Layer Security Case Study,” Mobile Networks and
Applications, 8, 177-185, 2003.
19. Feeney, L.M. and Nilsson, M., “Investigating the energy consumption of a wireless
network interface in an ad hoc networking environment.” In Proceedings of IEEE
Infocom, Anchorage AK, April, 2001
20. Zorzi, M. and Rao, R., “Energy Efficiency of TCP,” In Proceedings of the 7th
International Workshop on Mobile Multimedia Communications, 1999, San Diego,
California.
21. Jones, C.E. and et. al. “A Survey of Energy Efficient Network Protocols for Wireless
Networks,” Wireless Networks, 7, 343-358, 2001.
22. ‘OpenSSL Project’, http://www.openssl.org/
23. Tamimi, A.A., ''Performance Analysis of Data Encryption Algorithms. Retrieved
Feb.3, 2010 from http://www.cs.wustl.edu/~jain/cse567-
06/ftp/encryption_perf/index.html
24. Naik, K., Wei, D. S.L., “Software Implementation Strategies for Power-Conscious
Systems,” Mobile Networks and Applications, 6, 291-305, 2001.
25. Sinha ,A. and Chandrakasan,,A.P. ,“Joule Track A Web Based Tool for Software
Energy Profiling, ” Proceedings of the 38th Design Automation Conference, DAC
2001, Las Vegas, NV, USA, pp. 220-225.