Cryptographic Algorithms in Wearable Communications: an Empirical Analysis
Total Page:16
File Type:pdf, Size:1020Kb
IEEE COMMUNICATIONS LETTERS, VOL. 23, NO. 11, NOVEMBER 2019 1931 Cryptographic Algorithms in Wearable Communications: An Empirical Analysis Kristtopher Coelho, Danilo Damião, Guevara Noubir, Alex Borges , Michele Nogueira , and José Nacif Abstract— In this letter, we assess the practical impact of tions and analytical models [5], [6]. Despite the importance of lightweight block and stream cipher algorithms on power con- those studies, an empirical study complements them offering sumption and hardware resources for wearable devices that own insights and knowledge, which can aid the design of more low computational resources. Differently from the literature, efficient and cost-effective solutions. Ours is the first to follow we present an empirical and hardware-driven evaluation of the most representative encryption algorithms with regard to the a hardware-driven and empirical evaluation, highlighting the requirements of wearable networks. We design and implement a impacts of the hardware specificity to cryptographic algo- cryptography library useful for wearable devices. Results confirm rithms in wearable devices. a strong correlation between the amount of logic/arithmetic Our analysis targets symmetric cryptography, where the operations, assembly instructions and power consumption for the communicating wearable devices share the session key used two evaluated platforms, and they highlight the need to design to encryption. Particularly, we focus our investigations on two encryption algorithms for wearable devices with high energy different classes of symmetric lightweight encryption algo- consumption efficiency, but strong security level similar to AES. rithms, as block ciphers [7], and stream cipher. For our Index Terms— Wearable devices, cryptographic algorithms, evaluation approach, we have designed and implemented a block cipher, stream cipher, and power consumption. cryptography library useful for wireless wearable devices.1 For power consumption measurements, we have designed I. INTRODUCTION an instrumentation circuit and integrated it in the evaluated ARKET forecasts that worldwide shipments of wear- platforms. Our analysis has focused on real-life, off-the- Mable computing devices will reach 929 million in 2021, shelf wearable platforms which consider the transmission having as major drivers fitness and healthcare gadgets [1]. of data and other with greater processing power abstracting Wearable computing devices are smart electronic devices communication. that can be incorporated into clothing, worn on the body, Our results confirm the strong correlation between the or implanted in the body, such as fitness trackers, smart- amount of logic/arithmetic operations required to encrypt data watches, and the “neural dust” implantable sensor. Wireless block or stream, and their respective power consumption [9]. communication is essential for advancements in this field, Results indicate that SKIPJACK algorithm can be up to once it allows the connection between devices in and around 18.76% more efficient among the evaluated algorithms in the human body, including low-rate devices like pedometers terms of power consumption, processing up to 32× fewer and high-rate devices like augmented-reality glasses. This instructions. It also consumes up to ≈ 3.5× less ROM mem- communication relies on different standards such as those from ory related to AES. Analyzing time vs. power consumption, the IEEE 802.15 family [2] or the next generation 5G cellular. the XTEA algorithm has a battery consumption almost 6× Given data sensitiveness, popularity and user-reliance on lower than AES. But, it is worth to highlight the high security wearable devices, there has been an emergence of new and level of AES, bringing us to the conclusion that it is necessary varied attack vectors targeting privacy intrusions, that so far efforts to design encryption algorithms for wearable devices cannot be addressed by classical techniques. In this letter, our with high computational efficiency and high security level. goal lies in empirically evaluating the practical impact of the most representative lightweight cryptographic algorithms with II. LIGHTWEIGHT CRYPTOGRAPHIC ALGORITHMS FOR regard to the requirements of wearable networks, such as high WEARABLE NETWORKS P security and low computational resources, considering energy A cryptosystem consists of a plaintext space , a ciphertext C K : constraints from implantable and non-implantable devices. space , and a key space , an encryption algorithm Enc K×P →C : K×C→P Existing studies have investigated wearable network require- , and a decryption algorithm Dec . ∈K ∈P ( ( ) ) = ments either from a software perspective [3], [4] or by simula- For each k and p ,itisDec Enc p k k p. In the communication model by Shannon [10], a cryptosystem Manuscript received June 19, 2019; revised July 17, 2019; accepted provides confidentiality to the information from an attacker. August 19, 2019. Date of publication August 27, 2019; date of current version Hence, a sender and a receiver communicate by a public November 11, 2019. This material was based upon work partially supported by CAPES, CNPq, FAPEMIG, the Rede Nacional de Pesquisa under grant channel, where they exchange ciphertexts. No. 99/2017, and the National Science Foundation under Grant No. 1740907. Symmetric key cryptography assumes a secure channel used The associate editor coordinating the review of this letter and approving it for by the communicating parties to establish a secret session publication was D. Ciuonzo. (Corresponding author: Michele Nogueira.) K. Coelho, D. Damião, and J. Nacif are with the Science and Technology key k, not accessible to the adversary. Given p, k,and Institute, Federal University of Viçosa, Viçosa 35690-000, Brazil. the cryptosystem, the sender can construct the ciphertext c G. Noubir is with the College of Computer and Information Science, and send it to the receiver. The receiver can reconstruct the Northeastern University, Boston, MA 02120 USA. plaintext p,givenc, k, and the cryptosystem. Symmetric key A. Borges is with the Computer Science Department, Federal University of Juiz de Fora, Juiz de Fora 36036-900, Brazil. cryptography is relevant for wearable networks, that devices M. Nogueira is with the Department of Informatics, Federal University of have severe resource constraints (e.g., energy, memory, and Paraná, Curitiba 81531-980, Brazil (e-mail: [email protected]). Digital Object Identifier 10.1109/LCOMM.2019.2937782 1https://github.com/UFV-Alumni/lib_crypto 1558-2558 © 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. Authorized licensed use limited to: Northeastern University. Downloaded on November 26,2020 at 20:54:10 UTC from IEEE Xplore. Restrictions apply. 1932 IEEE COMMUNICATIONS LETTERS, VOL. 23, NO. 11, NOVEMBER 2019 processing), and applications demand for low response time. The Advanced Encryption Standard (AES) algorithm has The attacker’s main goal lies in recovering p or k and, become the primary choice for various security services due according to Kerckhoff’s principle, an attacker knows the spec- to its strong defense against known attacks. The best known ification of the cryptosystem and has access to the ciphertext c. attacks against AES are slightly faster than brute-force and While in the last decades the progress in the security require 2126.2 operations to recover an AES-128 key. In [15], cryptographic primitives was based in modeling [11], this the authors presented an optimized version of AES for devices letter focuses on power consumption analysis of established with low computational capacity and memory resources, while block and stream ciphers. A block cipher is a cryptosystem still providing low power consumption. with gf(pn),wheregf denotes the Galois field in order RC4 is a stream cipher and it comprises of a Key Scheduling n ∈Z+ and plaintext p ∈P. For each key k, the encryption Algorithm (KSA) and a Pseudo-Random Generation Algo- function Enc(p)k is a permutation. In the most general case, rithm (PRGA). KSA transforms a random key in an initial the K corresponds to the set of permutations of size 2n!, permutation, whereas PRGA uses this initial permutation to where a single k lies in a table of size 2n. The use of a generate a pseudo-random output sequence. Cryptographic subset of permutations is reasonable by generating a small key. transformations applied by the algorithm are linear and simple, To encrypt messages longer than the block size, we use a mode using permutations and sums of integer values. However, the of operation, such as Cipher Block Chaining, and integrity secure use of RC4 is non-trivial as experienced with Wi-Fi protection, such as Galois Counter Mode [11]. WEP. The recovery requires a complex process of about 213 A stream cipher encrypts binary digits of a plaintext one at algorithm operations for 256-bit key [16]. time. It follows an internal state x ∈X, an update function L : X→X, and an output function f : X→Z,whereZ is called III. EXPERIMENTS AND METHODOLOGY the keystream alphabet. An output z ∈Zis produced at time t, In this letter, the experiments rely on two platforms: according to zt = f(xt),wherext = Lt(x) and x is the initial (i) wearable devices from the Shimmer platform, model 2R state. The stream of outputs z0,z1,...is called the keystream. and (ii) a Teensy™ 3.2 microcontroller. The Shimmer devices Each output symbol is