Authenticated Encryption for Wireless Sensor Network

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

Padmavathi H.G, Dr Dinesh S, Dr Manjunath M*, Prof. G Venkatesha Brindavan College of Engineering, Dwarakanagar, Bagalur Main Road, Bangalore, Karnataka Corresponding author’s email id: [email protected] * DOI: http://doi.org/10.5281/zenodo.2637774

Abstract Wireless Sensor Networks (WSNs) are becoming popular day by day. Security issues on WSN thus draw much attention. To receive trusted information from these sensor nodes they have to send authenticated messages. Encryption is alone not enough to ensure the confidentiality, authenticity and integrity of communicated data. AES encryption algorithm is adopted by many WSN standards such as IEEE 802.15.4 and IEEE 802.15.6. AES algorithm which provides data encryption, also provides additional security services such as data authentication, integrity when it is combined with appropriate functionality.In this paper we have discussed different modes of operation of block ciphers which gives authenticated encryption. AES-CCM (Advanced Encryption Standard –Counter Mode with Cipher Block Chaining Mode) is a security standard that gives highest level of security. Software implementation of the algorithm is done in java and the obtained results show that it is a good solution for wireless sensor network Security.

Keywords: Security, Authentication, Blockciphers, WSN, AES-CCM (Advanced Encryption Standard –Counter Mode with Cipher Block Chaining Mode)

INTRODUCTION sensor nodes. Because of the Selection of suitable security scheme is communication channel and the trust less critical in wireless sensor networks environment, security issues have been a (WSNs) due to wireless media big problem on WSN node research. IEEE communication and limited resources of 802.15.4 is one of the standards defining

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

radio and media access control for a low to encrypt only 16 bytes of messages and rate, low power WSN [1].IEEE 802.15.4 blowfish is able to encrypt 8 bytes long investigates low data rate WSN solutions messages. Longer messages are split into with a battery life ranging from few blocks. Each block is combined with months to several years. The IEEE previously encrypted blocks and passed to 802.15.4 standard is intended to operate in the block cipher. Block combining is unlicensed and international frequency called an operation mode and there are band.802.15.4 specifies cryptographic multiple secure ways how to do it. Mode procedures for protecting communications of operation is a technique for enhancing at medium access control layer. The MAC the effect of a cryptographic algorithm or layer of 802.15.4 uses the AES-CCM adapting the algorithm for an application. protocol as security mechanism, it uses the These modes of operation (ECB, CBC, AES algorithm as the core, uses CTR CFB, OFB, and CTR) are intended to use mode to ensure confidentiality of data, with any block ciphers including triple uses CBC-MAC mode to authenticate the DES and AES. These modes of operation public information of the header in MAC can provide confidentiality or authenticity, frame [1]. but are not able to provide both simultaneously. In this paper we use java cryptographic library functions to implement generic Authenticated Encryption (AE) is a term AES algorithm in CCM mode. used to describe encryption systems which simultaneously protect confidentiality, The paper is organized as follows. Section authenticity and integrity of II presents the Authenticated Encryption communications.AE rejects any modified and modes of operation. Section III gives cipher text as invalid. It is not possible to the security protocol suite of IEEE take encrypted data, modify them and end 802.15.4. Section IV gives the result of up with valid cipher text. This property is implementation and limitations. Section V also called cipher text integrity. Any is conclusion. cipher that does not provide cipher text integrity or authenticated encryption is AUTHENTICATED ENCRYPTION probably vulnerable to some active attack. Block ciphers are only able to encrypt short messages. For example AES is able

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

Basic components of AE are Message message. Computing the MAC requires authentication Code and Symmetric senders and receivers share a secret key. encryption. Composition methods are: Depending upon the secret key, the sender computes a MAC and adds it to the  Encrypt-and –MAC message it sends. On the other end, the  MAC-then-Encrypt receiver sharing the secret key recalculates  Encrypt-then-MAC the MAC and accepts the message if and only if the received and the computed Encrypt-then-MAC provides the most MACs are the same. The success of this secure solution for authenticated idea heavily relies on the strength of MAC encryption. Authenticated encryptions are which is generally difficult to forge secure against active attackers. Most without a secret key. This security measure common operation modes that provide also prevents the adversary from modifying a authentication are: valid message and making it acceptable to a receiver without the knowledge of a  GCM (Galois Counter Mode) shared secret key [3].  CCM (Counter Mode with Cipher Block Chaining Mode) Symmetric Encryption  OCB (Offset Code Book Mode) AES is cryptographic algorithm which has  CWC (Cater-Wegman Counter Mode) become the basic choice of encryption for a wide range of application.AES is a symmetric-key block cipher with a These AE modes extend the advantages of Plaintext length of 128 bits and a flexible the known modes and improve them by the Key length of 128, 192 or 256 bits. The carefully chosen algorithm to provide output of the AES algorithm is also 128 confidentiality and authenticity [3]. bits and it is called Cipher text. In most

wireless standards such as IEEE 802.15.4, Message Authentication Code the key length is 128 bits. To ensure message authentication and integrity, a message authentication code The AES algorithm contains encryption (MAC) is appended to each message sent. and key Expansion processes. This MAC is viewed as a cryptographically secure checksum of the

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

 Encryption process consists of 10 The GCM mode uses a variation of the rounds and in each round it does Sub Counter mode with an incrementing Bytes (), Shift Rows (), Mix Colums() function to ensure the confidentiality. And and Add Round Keys() operations. the authentication is ensured by using a hash function over a binary Galois field,  Key Expansion process is done by a this hash function is called GHASH. The function called Schedule Key () which encryption and authentication of GCM are in turn consists of two operations secure against the chosen-plaintext attack. namely SubWord() and Rotword(). The implementation of GCM can be done in both hardware and software [4]. AES provides various security services based on 7 modes of operations [4]. Counter mode with Cipher Block Chaining Mode Galois/Counter Mode The CCM mode is a combination of the The Galois/Counter Mode (GCM) is a Counter (CTR) mode and the Cipher block cipher mode of operation which is Block Channing (CBC) mode, where the used to provide authenticated encryption. Counter mode and the CBC mode are As the name suggests, the GCM mode applied respectively to provide combines the well-known counter mode confidentiality and authenticity with using with the new Galois mode. The GCM a single key. The CCM mode is only mode can be applied to 64-bit block defined to support the 128-bit block cipher cipher. GCM has two functions, algorithm, such as AES-128. The CCM authenticated encryption and authenticated mode accepts a variable-length decryption. The two outputs of the authentication tags (from 32-bits to 128- authenticated encryption function are: bits), thus allowing varying degrees of protection against unauthorized  A cipher text, denoted C, which has the modifications. same length as that of the plaintext The CCM mode has two functions, namely  An authentication tag, denoted T, encryption-authentication function and which has any bit length between 64 decryption-verification function. Because and 128 the CCM mode uses single key, the key does not allow to be accessed without

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

evidence. The value of the nonce should SECURITY MODEL FOR WSN be unique for each key in encryption [4]. The IEEE 802.15.4 standard is designed for low-rate wireless personal area Offset Code Book Mode networks (LR-WPANs).Unlike wireless The Offset Code Book (OCB) mode is local area networks (WLANs), another AE mode, which provides the connections effected via WPANs involve confidentiality and the authenticity little or no infrastructure. This is set to simultaneously. Before appearing of the become the standard communications AE modes, the confidentiality and the protocol for use in wireless sensor authenticity are provided separately by two networks. Features allow small, power systems: block cipher for the efficient, inexpensive solutions to be confidentiality and MAC for the implemented for an expansive range of authenticity. devices.

However, the OCB mode combines The main objectives of an LR-WPAN are appropriately block cipher and MAC, and ease of installation, reliable data transfer, the computational cost is lower as the two short-range operation, and extremely low separate systems. The OCB mode accepts cost and reasonable battery life, whilst the block cipher, which has the size of maintaining a simple and flexible protocol. 128, 192 and 256 [5]. The standard itself defines the physical (PHY) and MAC layers, component Cater Wegman Counter Mode devices and supported network topologies. The Cater-Wegman Counter (CWC) mode There are number of security suites is an AE mode, which uses the Counter specified in this standard [6]. mode and the Carter-Wegman universal hash function to provide confidentiality A. IEEE 802.15.4 Security and authenticity respectively. The There are many security suites that can be outstanding point is that this mode has five implemented under IEEE 802.15.4 important properties: provable security, standard. A link layer protocol provides parallelizable, high performance in the four basic security services. These hardware, high performance in software, include access control, message integrity, and free from intellectual property and message confidentiality and replay concerns [5]. protection [6].

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

Table 1 Security Suites defined by IEEE 802.15.4 Name Description Null No security

AES-CTR Encryption only AES-CBC-MAC-128 Authentication only AES-CBC-MAC-64 AES-CBC-MAC-32 AES-CCM-128 Authenticated Encryption AES-CCM-64 AES-CCM-32

Adding a MAC to messages enables data authenticity and integrity. Corresponding to IEEE 802.15.4 an application chooses different lengths of MAC. According to low power requirement for sensor nodes one prefers shorter messages which needs less transmission time and thus less power. But in contrast, better authenticity and integrity requires longer MAC [7].

The CCM mode authentication mechanism described in 802.15.4 takes a message as input and gives a MAC of variable length as output [7]. See figure 1.

Figure 1 Authentication of a message according to CCM with AES

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

Figure 2 Encryption of a message according CCM with AES

The CCM mode confidentiality mechanism described in IEEE 802.15.4 takes payload/MAC of a message as input and gives encrypted payload/MAC as output [7]. See figure 2.

There are other alternative security implementations are possible with IEEE 802.15.4 addition to CCM mode.

No Security

Len IEEE 802.15.4 Header Payload CRC

Authentication

Len IEEE Auxiliary Payload PAD MAC CRC 802.15.4 Security Header Header

Encryption Len IEEE 802.15.4 Auxiliary Security Encryption Payload PAD CRC Header Header

Encryption and Authentication Len IEEE Auxiliary Encr PAD PAD MAC CRC 802.15.4 Security Payload Header Header

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

CONCLUSION and Reviews, vol. 42, no. 6, pp. In the above paper titled Authenticated 1243 – 1256, Nov. 2012. encryption for wireless sensor network we have discussed different modes of III. G. H. J. . C. F. . H. J. .d. G. H. . G. operation of block ciphers which gives C. Tsekoura, I. Selimis, authenticated encryption. AES-CCM “Exploration of cryptographic asip (Advanced Encryption Standard Counter designs for wireless sensor nodes,” Mode with Cipher Block Chaining Mode) Electronics, Circuits, and Systems, is a security standard that gives highest pp. 827 – 830, Dec. 2010. level of security. Software implementation of the algorithm is done in java language IV. T. N. David Boyle, “Securing and also java cryptographic library wireless sensor networks: Security functions are used to implement generic architectures,” AES algorithm in CCM mode, the V. Journal Of Networks, vol. 3, no. 1, obtained results show that it is a good pp. 65–77, Jan 2008. solution for wireless sensor network Security. VI. H. Chen, “Authentication mode of block ciphers,” [Online]. REFERENCES Available: I. D.-y. Q. H. H. Bin Feng, “Parallel https://www.emsec.rub.de/media/cr and multiplex architecture of aes- ypto/attachments/ﬁles/2011/03/che ccm coprocessor implementation n.pdf.[Accessed: Feb. 22, 2015]. for ieee 802.15.4,” Emerging Intelligent Data and Web Cite this Article Technologies, pp. 149 – 153, Sept. Padmavathi H.G, Dr Dinesh S, Dr 2013. Manjunath M & Prof. G Venkatesha Authenticated Encryption for II. W. S.. X. W. Islam, K., “Wireless Wireless Sensor Network Journal of Wireless Communication, Network and sensor network reliability and Mobile Engineering Technology, 4(1) security in factory automation: A 47- 55 survey,” Systems, Man, and http://doi.org/10.5281/zenodo.2637774 Cybernetics, Part C: Applications

Journal of Wireless Communication, Network and Mobile Engineering Technology Volume 4 Issue 1

AUTHORS’ PROFILE [1] Padmavathi H.G, Associate Professor Department: CSE College Name: Brindavan College of Engineering, Dwarakanagar, Bagalur Main Road, Bangalore, Karnataka Email Id: [email protected]

[2] Dr Dinesh S, Associate Professor& HOD Department: ISE College Name: Brindavan College of Engineering, Dwarakanagar, Bagalur Main Road, Bangalore, Karnataka Email Id: [email protected]

[3] Dr Manjunath M, Assistant Professor Department: ECE College Name: Brindavan College of Engineering, Dwarakanagar, Bagalur Main Road, Bangalore, Karnataka Email Id: [email protected]

[4] Prof. G Venkatesha, Professor& HOD Department: ECE College Name: Brindavan College of Engineering, Dwarakanagar, Bagalur Main Road, Bangalore, Karnataka Email Id: [email protected]