Motivation AES Throughput Advanced Encryption Standard

Home , AES implementations

Utilizing Hardware AES Encryption for WSNs by Felix Büsching, Andreas Figur, Dominik Schürmann, and Lars Wolf Technische Universität Braunschweig | Institute of Operating Systems and Computer Networks Felix Büsching | [email protected] | Phone +49 (0) 531 391-3289

Motivation Implementations

Encryption is essential in many Wireless Sensor Network (WSN) appli- Four different AES algorithms were implemented for INGA Wireless cations. Several encryption frameworks exist which are mostly based Sensor Nodes. While the first algorithm (1) SW-AES-1 was realized for on software algorithms. However, nearly every up-to-date radio trans- Contiki in C in a straight forward way, the (2) SW-AES-2 implementa- ceiver chip is equipped with an integrated hardware encryption en- tion was improved by a static lookup table. gine. Here we show the benefits of utilizing an integrated hardware To compare our C implementations with a software reference, we uti- encryption engine in comparison to pure software-based solutions. lized (3) RijndaelFast, an optimized assembler implementation for the Atmel ATmega family. We see this external implementation as a the- oretical limit, knowing that this performance could never be reached when using an operating system like TinyOS or Contiki. Advanced Encryption Standard - AES Most of the currently available radio transmitters and have an integrated hardware AES unit. These units can usually be addressed by special ▪▪ ... is a variant of Rijndael with a fixed block size of 128 bits. registers via SPI bus. When using an ▪▪ ... is based on a substitution-permutation network, which shall op- operating system like Contiki or Ti- erate fast in both software and hardware. nyOS, the corresponding hardware ▪▪ ... is a block cipher with various modes of operation. drivers have to be implemented – we did this for Contiki running on INGA Operation Modes of Block Ciphers and by that created the (4) HW-AES implementation. Different operation exist for different purposes. Electronic Code- book (ECB) and Cipher-block Plain Text 1 Plain Text 2 Plain Text n chaining (CBC) are the most Key Block Key Block Key Block Institute of Operating Systems common modes. In ECB each Encryption Encryption Encryption and Computer Networks http://www.ibr.cs.tu-bs.de/projects/inga block is encrypted separately. Cipher Text 1 Cipher Text 2 Cipher Text n Resources In CBC each plain-text Plain Text 1 Plain Text 2 Plain Text n Our AES implementations, the AES hardware Initialization Vector block is XOR-ed with drivers, and the INGA Wireless Sensor Node the previous cipher-text Key Block Key Block Key Block are open source: Encryption Encryption Encryption and afterwards being Cipher Text 1 Cipher Text 2 Cipher Text n http://www.ibr.cs.tu-bs.de/projects/inga encrypted.

AES Throughput UDP Throughput Code Size

The optimized software solution is nearly twice We measured the UDP throughput between two The memory utilization [bytes] as fast as SW-AES-1. The assembler implementa- nodes: without encryption, with hardware support of our implementations can tion outperforms both Contiki implementations, and with our two software AES implementations. be divided in RAM and ROM but, it is not working with any other software. The While software AES significantly cuts down the (for data and functions). hardware utilization, which again runs in Contiki, throughput, with hardware AES nearly the “nor- RAM ROM outperforms any SW implementation by far. mal” throughput can be achieved. Data Funct. SW-AES-1 32 522 2514 2000.00 120 ECB encryption 105.5 SW-AES-2 32 2058 2462 1800.00 ECB decryption No encryption 95.7 100 1600.00 CBC encryption HW-AES HW-AES 0 0 518 )

s 97.3 ) / s

1400.00 t SW-AES-2 / CBC decryption i 80 t 88.1 i b b k The utilization of hardware (

k SW-AES-1 1200.00 61.6 ( t t u u 1000.00 60 AES only consumes 518 bytes h p

h p 44.9 g g

u 58.4 u 800.00 of ROM for the implementa- 40

h r o 28.7 28.7 h r o 42.9 T T 600.00 24.7 21.6 tion of the drivers. 400.00 20 . 5 . 5 . 6 . 6

5 5 5 5 22.5 . 9 . 2 . 9 . 2 22.0

5 5 8 8 19.8 . 6 . 2 . 6 . 0 . 1 . 0 . 1 . 0 200.00 3 0 3 0 17.7 0 8 0 8 8 1 8 1 , 7 , 7 , 0 , 0 1 0 1 0 Conclusion: Use hardware 4 3 4 3 2 1 2 1 1 1 1 1 4 3 4 3 0 0.00 64 128 512 1024 HW-AES ext. AES SW-AES-2 SW-AES-1 AES, wherever possible! (Assembler) UDP Payload (byte)

Institute of Operating Systems and Computer Networks