RC5-Based Security in Wireless Sensor Networks: …wseas.us/e-library/transactions/computers/2010/88-336.pdfRC5-Based Security in Wireless Sensor Networks: Utilization and Performance

RC5-Based Security in Wireless Sensor Networks:Utilization and Performance

JUHA KUKKURAINEN, MIKAEL SOINI, LAURI SYDÄNHEIMORauma Research Unit, Department of Electronics

Tampere University of TechnologyKalliokatu 2, 26100 Rauma

[email protected]

Abstract: Information transferred in a wireless sensor network can be sensitive, hence it is vital to secure the dataon the network. Enhancing the network’s security affects the network operation, by increasing the data’s handlingtime. In this paper, the trade-offs between enhanced security and sensor network performance is discussed. Thestudies concentrate on the increase in computation time and energy consumption as enhanced security features andlevels are utilized. This paper presents, RC5-based encryption and CMAC authentication, used to achieve dataconfidentiality, freshness, replay protection, authentication, and integrity. These features enhance data securitybut can also decrease sensor network operability, because of the added load in computation and communication.By selecting a suitable algorithm and operation conditions for encryption and authentication, the data security inwireless sensor networks can be improved with minor resource losses.

Key–Words: consumption, KILAVI sensor network platform, performance trade-offs, wireless sensor networksecurity

1 IntroductionWireless sensor networks (WSNs) are based on phys-ically small-sized sensor nodes exchanging mainlyenvironment-related information with each other.WSNs have a very wide application area includinghome control, industrial sensing and environmen-tal monitoring. Sensors typically have very lim-ited power, memory, and processing resources andso interactions between sensors are limited to shortdistances and low data-rates. Sensor node energy-efficiency and sensor network data-transfer reliabilityare the primary design parameters.

Security is one other vital aspect in WSN appli-cations. The implementation of security policies is acomplex and challenging issue because of resource-constrained nodes. Short transmission distances re-duce some of the security threats, but there are risks,for example, related to spoofing, message altering andreplaying, and flooding and wormhole attacks [6]. It isimportant therefore to consider security solutions thatguarantee data authenticity, freshness, replay protec-tion, integrity and confidentiality.

Security measures should not significantly affectWSN operations. In Security Protocols for SensorNetworks (SPINS) over 90 % of security-related en-ergy consumption is caused by extra communication

[14]. It is estimated that each extra bit transmittedconsumes an amount of power equal to that used inexecuting 800-1000 instructions in the processor [22].The message size also affects reliability and scalabil-ity of the sensor network [19]. These points supportthe idea that message size, and the number of mes-sages, should be minimized in order to achieve thegoals of low-power, simplicity and reliability. Thereare methods that can be used to keep this sensitiveinformation private. In asymmetric public key cryp-tosystems each node has a public key and a privatekey. The public key is published, while the private keyis kept secret. Asymmetric public key cryptosystemssuch as the Diffie-Hellman key agreement or RSA sig-natures are typically too conservative in their secu-rity measures, adding too much complexity and pro-tocol overhead to be usable in WSN solutions. Theinfluence of public key cryptography on the lifetimeof a sensor network node is evaluated in [15]. Insymmetric cryptography the transmitter and the re-ceiver of a message know and use the same secretkey; the transmitter uses the secret key to encryptthe message, and the receiver uses the same secretkey to decrypt the message. Symmetric solutions aretherefore more suitable for resource-constrained sen-sor networks, though they need special solutions for

WSEAS TRANSACTIONS on COMPUTERS Juha Kukkurainen, Mikael Soini, Lauri Sydanheimo

ISSN: 1109-2750 1191 Issue 10, Volume 9, October 2010

security key pre-distribution. [17]. There are numer-ous key distribution mechanisms available for WSNapplications, one is presented in [2].

In this paper, the well-known and well-understood RC5-based encryption and Cipher-basedMessage Authentication Code (CMAC) authentica-tion are used to achieve security in data transfer. RC5is a symmetric block cipher that is used in countermode (CTR). The same simple RC5 algorithm can beused for encryption and decryption. RC5 is also em-ployed in CMAC implementation. For these reasons,RC5 and CMAC are suitable for resource-constrainedsensors.

This paper studies how these chosen security fea-tures affect sensor and sensor network performance.The focus is on security and performance trade-offs,especially in energy consumption and computationtime. KILAVI platform [13, 18, 19, 20, 21] is usedas a reference but all the results are easily exploitedin other approaches as well. KILAVI is intended forlow energy and low data-rate device control and mon-itoring in buildings, and is comprehensive with regardto the different functions and devices needed to im-plement an operative building network, with dynamicnetwork set-up and maintenance. Message structurein KILAVI is compact in order to have low over-head protocol, and reduced channel reservation timein transmissions. The risk of transmission collisionsincreases in relation to channel reservation time.

The rest of this paper is organized as follows.Section 2 is a general discussion about security so-lutions in WSNs. Section 3 concentrates on chosenencryption and authentication principles. Section 4introduces the KILAVI platform and its security fea-tures. Section 5 describes the cipher implementation.Section 6 presents the computation time used by thesecurity features. Section 7 presents the amount oftime and energy the used security features consumein data transmission. Section 8 analyzes the obtainedresults. Finally, section 9 concludes the paper.

2 Security Solutions in WSNAlthough there are encryption algorithms that arefaster and lighter compared with RC5, for exampleRC4, they lack the same degree of security [9]. Forthis reason it is not advisable to use them in wirelessapplications where confidential data is transferred be-tween endpoints. For the time being, RC5 can be con-sidered as one of the best ciphers in terms of overallperformance, when used in nodes with limited mem-ory and processing capabilities. As an industry stan-dard, RC5 is also utilized in other types of applica-tions [1, 11], and can be used in other types of wireless

sensor networks than KILAVI [4]. As the network de-vices and the microcontrollers in them develop furtherand gain more memory, more complex ciphers can beutilized with fewer resources sacrificed.

In a building environment, where data rates arelow and payloads (states, measurements, control mes-sages etc.) small, requirements for a cipher focuson data security and resource requirements. Memoryconsumption, time demanded for encryption and de-cryption operations (bit rotation, addition, multiplica-tion, etc.) and enlarged payload in transmission areall examples of WSN node resource requirements. Ifthe amount of protected data were larger, the opera-tion speed of the cipher would play a more signifi-cant role. The RC5 cipher is known for its easy adapt-ability. Utilizing the RC5 encryption and decryptionalgorithms in an existing set of instructions is rea-sonably straightforward. All the necessary functionscan be downloaded, modified and implemented freeof charge. [16, 17]

Encrypting the message for data transmission isthe only way to improve security if the transmissioncan not be secured physically by using wired trans-missions or some other method. Obviously, theseneeds set limits to the usability of the applicationand hence are not taken into consideration in WSNs.In WSN solutions, the encryption is usually accom-plished by using a symmetric cryptosystem such asRC5 or Advanced Encryption Standard (AES). Justlike RC5, AES is also a block cipher and is usedwidely in ZigBeeTM (IEEE 802.15.4) [5]. Althoughthe National Institute of Standards and Technology’s(NIST) AES cipher is more widespread than RC5 andhas inbuilt hardware support among some microcon-troller manufacturers, AES is slower and has highermemory requirements than RC5, which makes RC5a better cipher solution for devices with limited re-sources.

The reason why asymmetric-based cryptosystemsare not used in WSNs is probably due to their slowexecution times. The complexity that is required formaking mathematically-paired keys demands calcula-tion time and the extra resource-requirements for twoseparate keys: public and secret. The public key isused for message encryption and the secret key fordecryption. In resource-constrained nodes, it is im-practical to use a cryptosystem with high computa-tion, communication and storage overheads. The goodthing about asymmetric cryptosystems is that all thedevices are digitally signed and hence the authenticityof each message can be noted easily. [14]



3 Security IssuesSection 2 introduced the features of the RC5 cipherand pointed out its benefits. This section presentsmessage encryption and authentication using the RC5cipher.

3.1 EncryptionBlock-cipher type RC5 is a symmetric encryption al-gorithm that transforms a fixed-length block of unen-crypted text into a block of encrypted text of the samelength. This transformation takes place under the ac-tion of a user-provided secret key. Decryption is per-formed by applying the reverse transformation to theciphertext block using the same secret key. [1, 17]

RC5 is suitable for resource-constrained sensornodes for the following reasons. RC5 is a simple andfast cipher using only common microcontrollers op-erations; it has a low memory requirement making itsuitable for sensor applications; the same lightweightalgorithm can be used for both encryption and decryp-tion; and heavy use of data-dependent rotations pro-vides high security. The RC5 block cipher has built-in parameter variability that provides flexibility at alllevels of security and efficiency. Table 1 presents thevariety of parameters and values used in the RC5 op-erations. [16]

Table 1: RC5 parametersParameters Values

Word size (w) 16, 32, 64 bitsBlock size (2w) 32, 64, 128 bits

The number of rounds (r) 0 - 255Key length (b) 0 - 2040 bits

There are three basic routines in RC5: key expan-sion, encryption, and decryption. Key expansion mustbe performed before the encryption can be initiated.In the key-expansion procedure, the user-provided se-cret key is expanded to fill a key table whose size de-pends on the number of rounds. The key table is thenused in both encryption and decryption. The encryp-tion routine is based on three basic operations: integeraddition, bitwise XOR- (exclusive-or) and variable ro-tation operations. Figure 1 shows the first half of oneRC5 encryption round. The plain text to be encryptedis divided into parts A and B. First, an XOR opera-tion is performed on A and B. A bit rotation opera-tion is executed on the output of XOR and B. Finally,the output of the bit rotation operation is added to theextended encryption key (K). This whole process isthen repeated to complete one round. If the number ofrounds to be used is 12 then the procedure as shownin Figure 1 is performed 24 times. [16, 17]

<<<

K

XOR

Addition

Bit rotation

A B

Figure 1: Basic operation of the RC5 algorithm, rep-resenting half of one round.

In this work, the RC5 encryption algorithm isused in counter mode (CTR). RC5 guarantees a differ-ent character string each time and thus replay protec-tion and data freshness qualities are obtained. CTR-based RC5 encryption does not increase the amountof transmitted bits or the number of sent messagesin normal operation. In other words, the lengths ofencrypted and plain messages are the same. In CTRmode the node maintains a counter that is increasedby one after each successful transmission. The receiv-ing node must be synchronized with the transmitter tobe able to decrypt the messages. Figure 2 presents theoperation of encryption and decryption in CTR mode.K is the encryption key created in the key expansionprocedure, C is the counter value and E is the RC5encryption algorithm. CTR mode has the followingbenefits: high speed implementation, simplicity, arbi-trary message length and a low rate of error propaga-tion [8].

E

Ciphertext

Plaintext

Plaintext

K

C

E

K

C

XOR

XOR

Figure 2: Encryption and decryption in CTR mode.



3.2 AuthenticationAuthentication may be used to check data integrityand authenticate communicating entities. A data in-tegrity check makes sure that the message has notbeen altered by an adversary and an authenticationcheck confirms the identity of the transmitter.

In this work, a CMAC algorithm is used for au-thentication. CMAC is an authentication algorithmdefined by NIST. Figure 3 presents the operation prin-ciples of CMAC: on the left a situation where messagelength is an integer multiple of block size and next toit a situation where message length is not an integermultiple of block size.

E

E

E

………

...

T

M₁

M₂

Mn

K₁

XOR

XOR

K

K

K

E

E

E

………

...

T

M₁

M₂

Mn

K₂

XOR

XOR

K

K

K

+ 10...0

Figure 3: CMAC operation principles.

The CMAC algorithm depends on the choice ofan underlying symmetric key block cipher, in this caseRC5. The CMAC algorithm is thus a mode of oper-ation of the block cipher (E). The CMAC key is theblock cipher key (K); K is used to generate sub keysK1 and K2. The message M is divided into n blockswhereMi (i = 1, 2, . . . , n) is a block of the formattedmessage; and Mn is the last, possibly partial, block.T is the authentication result. [12]

CMAC is a simple variant of the Cipher BlockChaining MAC (CBC-MAC) and fixes its securitydeficiencies [10]. Whereas the basic CBC-MAC isonly secure for messages of one fixed length (and thatlength must be a multiple of the block size), CMACis secure across messages of any bit length. The secu-rity of MAC is directly related to its length - a suitablevalue is 32 bits [7].

4 KILAVI PlatformThe two previous sections dealt with security in wire-less applications and moreover, the RC5 block ci-pher. This section discusses the KILAVI platform asa workbench for studies on the influence that RC5 ci-phering has on time and energy consumption.

4.1 Short IntroductionBuilding control and monitoring is best performedwith application-specific sensor networking. KILAVIis an open manufacturer-independent platform devel-oped for low data rate and low-energy building con-trol and monitoring applications. KILAVI defines aset of functions and messages which are needed toenable co-operative networking between different de-vices and the common means for data collection anddevice control tasks. A master controls the networkoperation and all network nodes are alike. Nodes op-erate either in sensing mode (Sensor nodes) or for-warding mode (Intermediate nodes) depending, forexample, on battery state. The basis for an operationalbuilding control platform comprises: centralized hier-archical architecture to enable resource concentration,compact messages to obtain robust networking, 433MHz operating frequency to gain necessary operat-ing distances with low-power consumption, multihopcommunication to enable large-scale networks andlow-power sensors, and hybrid flooding to providelow overhead network management. KILAVI networkarchitecture is shown in Figure 4. Performance evalu-ation has shown that this platform is energy-efficient,reliable and low-power. [13, 18, 19, 20, 21]

Intermediate

nodesSensor nodes

Master

Cluster

Figure 4: KILAVI network architecture.

4.2 Security in KILAVIThe dominating traffic pattern in WSN is many-to-onewhere sensors communicate with a central unit. Thus,centralized security architecture and symmetrical end-to-end keys between a master and sensors are a naturalchoice. In KILAVI, the central node manages, deliv-ers and updates keys with every node. Nodes have oneauthentication and one encryption key to enable se-cure communication with the central node. Nodes inforwarding mode do not interpret messages except forthe information related to the forwarding or storing ofdata. This is simple from the sensor node perspectiveand a low overhead from the networking perspective.[13, 21]



KILAVI uses RC5 encryption in counter modeand the CMAC authentication presented in Section 3.More KILAVI security features including security lev-els, key exchanging procedure and counter synchro-nization are presented in [18]. In addition to the securedevice registration method presented in [18], KILAVIalso utilizes a safety feature where the network mas-ter must be set to registration mode by the user for thenew device to become a network member. This pro-cedure prevents unwanted devices joining the networkwithout approval from the network caretaker (user).The master’s registration state operates in two ways:only one device at a time can join the network andif a registration request is not received by the masterwithin a certain period of time, the master resumes itsprior operations. These actions prevent any adversarydevices joining the network without user acceptanceand hence improve network security.

Table 2 summarizes KILAVI security parameters.The justifications for the selected parameters can befound in detail from [18].

Table 2: KILAVI security parameters.KILAVI security Parameters

Word size (w) 16 bitsBlock size (2w) 32 bits

Number of rounds (r) 12Key length (b) 128 bitsCounter length 32 bitsMAC length 32 bits

Further, in KILAVI the increment due to the MACfield is only 32 bits, if security features are used.These very small packet length increments do not sig-nificantly affect sensor network reliability as shown in[19].

Memory space is usually very limited in sensornetwork nodes. The implemented solution with cho-sen parameters for encryption and authentication islightweight: RC5 code size is 716 bytes and MACsize is 366 bytes in length. The total program mem-ory size is therefore 1082 bytes.

5 ImplementationThe encryption and authentication functions presentedwere implemented on an 8-bit ATmega644PV-10PUmicrocontroller unit (MCU). The controller has 64Kbytes of Flash program memory, 4 Kbytes of RAM,and was running a self-made, event-driven set of in-structions written in C [3]. These instructions in-cluded a version of the RC5 symmetric algorithmmodified from the RC5 reference implementation and

the necessary functions needed for making transmis-sions with the nRF905 radio circuit. These functionsincluded initializations for port operations requiredfor the SPI bus operation and signalling between themicrocontroller and the radio.

Comparing the memory requirements, presentedpreviously, with the controller capabilities, it can benoted that only about 1,65 % of program memory wasoccupied for security purposes. This, of course, is dueto the large capacity of the microcontroller and wouldplay a more significant role if less memory was avail-able. Such a memory requirement sets limits for thevariety of microcontrollers usable in KILAVI platformand other equivalent applications. [3]

Being more than sufficient for embedded devicesin WSNs, RC5 has a downside when used in similarmicrocontrollers to those used in this paper. In an 8-bitenvironment, 32-bit data-dependent rotations are slowand hence costly to perform. Therefore, better effi-ciency can be achieved when 32-bit microcontrollersare used for RC5 ciphering.

6 Effect of Enhanced Security onComputation

Section 3 presented the principles of chosen securitymeasures. This section presents, based on practicalmeasurements, the time consumed by key expansion,encryption and authentication computation operationswith different security-related parameters. Section 8also considers enhanced security from the data trans-mission perspective.

6.1 Key ExpansionThe first routine of RC5 is key expansion. Key ex-pansion is executed before actual encryption and itsoperation was presented in section 3. Figure 5 showshow much time the key expansion routine for the en-cryption key consumes with different word lengths asa function of the number of rounds.

6.2 Encryption and DecryptionAfter the key expansion, encryption and decryptionprocedures can be initiated in a manner presented insection 3. Figure 6 and Figure 7 present the time takento encrypt messages of various data length with dif-ferent word lengths and with different numbers of en-cryption rounds.



0

2

4

6

8

10

12

14

16

18

12 14 16

Tim

e (

ms)

Number of rounds

Key expansion - word size

w = 8 bits

w = 16 bits

w = 32 bits

Figure 5: Key expansion time with different wordlengths and numbers of rounds (clock speed 8 MHz).

0

0,5

1

1,5

2

2,5

3

3,5

4

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

Encryption calculation - word length

w = 8 bits

w = 16 bits

w = 32 bits

Figure 6: Encryption calculation for different wordlengths (clock speed 8 MHz and 12 encryptionrounds).

0

0,5

1

1,5

2

2,5

3

3,5

4

4,5

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

Encryption calculation - number of rounds

12 rounds

14 rounds

16 rounds

Figure 7: Encryption calculation time for differentnumbers of rounds (clock speed 8 MHz and wordlength 16 bits).

6.3 AuthenticationAuthentication is used to check data integrity and con-firm the identity of a sender. Figure 8 and Figure 9present MAC calculation times for variable messagesizes with different word lengths when the microcon-troller clock speed is set to 1 MHz and 8 MHz, respec-tively.

0

5

10

15

20

25

30

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

MAC calculation - word length (1 MHz)

w = 8 bits

w = 16 bits

w = 32 bits

Figure 8: MAC calculation time for different wordlengths (clock speed 1 MHz and 12 encryptionrounds).

0

0,5

1

1,5

2

2,5

3

3,5

4

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

MAC calculation - word length (8 MHz)

w = 8 bitsw = 16 bitsw = 32 bits

Figure 9: MAC calculation time for different wordlengths (clock speed 8 MHz and 12 encryptionrounds).



7 Effect of Enhanced Security onCommunication

This section considers how selected security featuresaffect sensor data transmission including the compu-tational parts presented in section 6. Computation andtransmission time, and sensor energy consumption arestudied. Message lengths used are 4 - 32 bytes whichare typical in KILAVI.

7.1 Computation and Transmission TimeFigure 10 and Figure 11 show how time is distributedin typical message transmission (with nRF905), be-tween message authentication (MAC calculation, andSPI and RF transmission of 32-bit code), encryption(encryption calculation), and actual data payload (SPIand RF transmission).

2 3 4 5 6 7 7 836

912

1518

2124

4

7

10

13

16

19

22

25

0

10

20

30

40

50

60

70

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

Time distribution in data transmission (1 MHz)

Authentication

Encryption

TX Payload

Figure 10: Time distribution in data transmissionbetween MAC, encryption and data payload (clockspeed 1 MHz, 12 encryption rounds and 16-bit wordlength).

2,0 2,7 3,3 4,0 4,7 5,4 6,0 6,7

0,40,8

1,21,5

1,92,3

2,73,0

1,1

1,5

1,8

2,2

2,6

3,0

3,3

3,7

0

2

4

6

8

10

12

14

16

4 8 12 16 20 24 28 32

Tim

e (

ms)

Data length (bytes)

Time distribution in data transmission (8 MHz )

Authentication

Encryption

TX payload

Figure 11: Time distribution in data transmissionbetween MAC, encryption and data payload (clockspeed 8 MHz, 12 encryption rounds and 16-bit wordlength).

7.2 Sensor Node Energy ConsumptionTable 3 presents current consumption values used inthe following calculations. Current consumption val-ues were measured with prototype sensors (Atmel’sATmega644PV-10PU MCU and Nordic Semiconduc-tor’s nRF905 radio).

Table 3: Current consumption of prototype nodes.Operation RC5/MAC SPI Radio

MCU active active pwr saveSPI non-active active non-active

Radio pwr down pwr down activeI@1 MHz 0,9 mA 1,1 mA 9 mAI@8 MHz 4,15 mA 4,3 mA 9 mA

By using these measured current consumption (I)values, measured voltage (U) of 2,989 V and previousmeasured time values (t), energy consumption (E)can be calculated with (1)

E = P · t = U · I · t (1)

Figure 12 and Figure 13 present energy distribu-tion in typical message transmission between encryp-tion, message authentication, and actual data payload.

54 72 90 108 126 144 162 180

917

2533

4149

5765

26

35

43

51

59

67

75

83

0

50

100

150

200

250

300

350

4 8 12 16 20 24 28 32

Ene

rgy

(uJ)

Data length (bytes)

Energy distribution in data transmission (1 MHz)

Authentication

Encryption

TX Payload

Figure 12: Energy distribution in data transmissionbetween MAC, encryption and data payload (clockspeed 1 MHz, 12 encryption rounds and 16-bit wordlength).



5371

89106

124142

159177

510

1419

2428

3337

23

27

32

37

41

46

51

55

0

50

100

150

200

250

300

4 8 12 16 20 24 28 32

Ene

rgy

(uJ)

Data length (bytes)

Energy distribution in data transmission (8 MHz)

Authentication

Encryption

TX payload

Figure 13: Energy distribution in data transmissionbetween MAC, encryption and data payload (clockspeed 8 MHz, 12 encryption rounds and 16-bit wordlength).

8 AnalysisThis section analyzes the results individually pre-sented in sections 6 and 7. More comprehensive anal-ysis of the results is presented in section 9.

8.1 Encryption and MAC CalculationsFrom Figure 8 and Figure 9, it can be seen that thecrystal oscillator frequency is inversely proportionalto computation time. Therefore, increasing the oscil-lator frequency from 1 MHz to 8 MHz decreases thecomputation times (t) by 87.5 %. At the same time,energy consumption decreases by about 42 % inde-pendent of the message length. Energy consumption(E = P · t) does not decrease by the same amount,because the power consumption is approximately 4-times higher with an 8 MHz oscillator speed. Thenumber of rounds affects security strength. From Fig-ure 7 it can be observed that additional rounds (n)increase the computation time by around n · 5 %. Op-timal word length can save 10 % to 25 % of computa-tion time depending on the message length (see Figure6 and Figure 8).

In Figure 6, Figure 8 and Figure 9, the effects ofblock size can also be seen, as the timed results for the32-bit word length increase in steps of 8 bytes. Thesesteps are formed by the data lengths of 4 and 8 bytes,12 and 16 bytes, 20 and 24 bytes and 28 and 32 bytes.This is due to the features of the RC5 block cipher andthe fact that a block is the same size as two words.

In the key expansion procedure (see Figure 5),computation time can decrease by as much as 68 %, ifoptimal word length is used (in this case 16-bits). Theinteresting part of the measurement for the key expan-sion is the similar results with word lengths of 8 and16-bits, whereas the word length of 32-bits consumes

a lot more calculation time. The reason for this be-haviour is the 8-bit MCU’s ability to utilize a few ofthe 8-bit registers as 16-bit registers. This is accom-plished by handling the 16-bit register in 8-bit parts;upper and lower. [3]

8.2 Message TransmissionHere the results are considered from a message trans-mission perspective. This is important in addition tothe security calculations aspect. From Figure 10 andFigure 11, it can be seen that by increasing the oscilla-tor frequency from 1 MHz to 8 MHz, the computationtime decreases by 63 % to 77 % depending on mes-sage length. Messages tested were from 4 to 32 byteslong. At the same time energy consumption decreasesby 8.7 % to 18 %. The data transmission time does notvary as a function of the oscillator frequency (exclud-ing SPI transmission from microcontroller to radio).

8.3 Security versus No-Security: Transmis-sion of a Single Message

In this subchapter, 8 MHz oscillator frequency is usedfor the reasons given above. From Figure 11, it canbe seen that transmission of a single message withoutsecurity takes 2.0 ms to 6.7 ms, depending on the mes-sage length (4 B to 32 B). With the security featuresoperating, this time increases by between 74 % and100 % (3.5 ms to 13.4 ms), again depending on themessage length. From Figure 13, it can be seen thatfrom the energy perspective, transmission of a singlemessage without security consumes 53 to 177 µJ de-pending on the tested message length. The securityfeatures increase energy consumption by 52 % in allcases.

8.4 Security versus No-Security: Sensor Net-work Operation

In this subchapter, the above results are mirrored ina real-world KILAVI-based data collection systemwhere a sensor wakes up and transmits measured dataat specific intervals and otherwise stays in sleep mode(here, ISLEEP is 10 µA) most of the time. If a sensortransmits messages at a rate of 1 message per second,and security features are used, then the total durationof one operation cycle increases by 0.15 % to 0.67 %and the energy consumption increases by 33 % to 45% depending on the message length (4 B to 32 B). Ifa sensor transmits messages at a rate of 1 message perminute, then the total time taken for one operation cy-cle increases by between 0.003 % and 0.011 % if secu-rity features are used, and the increase in energy con-sumption is between 1.5 % and 4.7 %, both depending



on message length (4 B to 32 B). With longer trans-mission intervals, the increase in energy consumptioncaused by the security features is negligible, as seenin Figure 14.

0

10

20

30

40

50

60

4 8 12 16 20 24 28 32

%

Data length (bytes)

Energy consumption in data collection

TX interval (1/s) TX interval (1/10s)

TX interval (1/min) TX interval (1/10min)

Figure 14: The increase in energy consumptioncaused by security feature utilization in a data collec-tion system where status information is sent periodi-cally (TX interval).

9 ConclusionsKILAVI uses Rivest’s nominal version (RC5-32/12/16) for encryption and decryption, and CMACfor authentication. In this paper, the effects of thesesecurity features on WSN operation were studied.

It can be concluded that it is beneficial to usehigh operation frequencies, in this case from the in-ternal oscillator, if security features are implementedin WSN solutions. Due to high oscillator frequency,MCU’s faster operation compensates for the addedprocessing which results from enlarged buffer lengths.Shorter buffer lengths are one reason for faster com-putation times at sensor nodes and shorter end-to-enddelays in multihop communication.

It can be seen from the results that the increasein computation time caused by added security is neg-ligible in sensor networks when using typical trans-mission intervals. Therefore, KILAVI network nodesin forwarding mode do not become congested due toincreased computation and resulting delay. Further,energy-scarce nodes in sensing mode typically oper-ate with large transmission intervals and therefore theenergy consumption increase caused by added secu-rity is tolerable and does not substantially affect sen-sor lifetime.

KILAVI uses very short messages. In buildingcontrol applications messages are not normally fre-quent and so the utilization of security features pre-

sented causes neither congestion in network operationnor significant increases in sensor node energy con-sumption.

Although we managed to present a lightweightsolution using optimized C code, lighter and fasterencryption and authentication algorithms are achiev-able when Assembly code is used in optimization [7].This area of research can be considered later on whenKILAVI matures and more thorough real-life mea-surements are performed.

None of the results presented in this paper arerestricted to the KILAVI platform. Similar resultscan be achieved with other devices and platformswhere an 8-bit microcontroller is used. The measure-ments did not contain any KILAVI-specific messagesor functions and hence the results may be appliedmore widely. Likely work in the future includes im-plementation of the security enhancements presentedin this paper with an operational KILAVI sensor net-work.

Acknowledgements: The research was supported bythe Finnish Funding Agency for Technology and In-novation.

References:

[1] J.–V. Aguirre, R. Álvarez, J. Sánchez andA. Zamora, Silence Detection in Secure P2PVoIP Multiconferencing, Proc. 5th WSEAS In-ternational Conference on Information Securityand Privacy, Venice, Italy, November 2006

[2] B. Arazi, I. Elhanany, O. Arazi and H. Qi, Re-visiting Public-Key Cryptography for WirelessSensor Networks, IEEE Computer Magazine,Vol. 38, No. 11, November 2005.

[3] Atmel Corporation, ATmega644: 8-bit Mi-crocontroller with 64K Bytes In-SystemProgrammable Flash, [Online] Available:http://www.atmel.com/dyn/resources/prod_do-cuments/doc2593.pdf

[4] F. Graziosi, L. Pomante and D. Pacifico, AMiddleware-Based Approach for HeterogeneousWireless Sensor Networks, 12th WSEAS Inter-national Conference on Communications, Her-aklion, Greece, July 2008

[5] J. A. Gutiérrez, E. H. Callaway Jr and R. L. Bar-rett Jr, Low-Rate Wireless Personal Area Net-works: Enabling Wireless Sensors with IEEE802.15.4, Standards Information Network IEEEPress, USA, 2003, 155 p

[6] C. Karlof and D. Wagner, Secure Routing inWireless Sensor Networks: Attacks and counter-measures, Proc. IEEE International Workshop



http://www.atmel.com/dyn/resources/prod_documents/doc2593.pdf

http://www.atmel.com/dyn/resources/prod_documents/doc2593.pdf

on Sensor Network Protocols and Applications,May 2003, pp. 113–127.

[7] C. Karlof, N. Sastry and D. Wagner, TinySec:A Link Layer Security Architecture for Wire-less Sensor Networks, Proc. 2nd ACM Confer-ence on Embedded Networked Sensor Systems,November 2004.

[8] H. Lipmaa, P. Rogaway and D. Wagner, Com-ments to NIST concerning AES Modes of Oper-ations: CTR-Mode Encryption, Symmetric KeyBlock Cipher Modes of Operation Workshop,Baltimore, MD, USA, October 2000.

[9] X. Luo, K. Zheng, Y. Pan and Z. Wu, Encryptionalgorithms comparisons for wireless networkedsensors, IEEE lntemational Conference on Sys-tems, Man and Cybernetics , 2004

[10] A. Menezes, P. van Oorschot and S. Van-stone, Handbook of Applied Cryptography, CRCPress, Inc., Boca Raton, FL, USA, 1996.

[11] S. Milanovic and N. E. Mastorakis, Building aStrategic m-Commerce Services Platform, Proc.4th WSEAS Internatioal Conference on ISA2004, Miami, Florida, April 2004.

[12] National Institute of Standards and Technology,Recommendation for Block Cipher Modes ofOperation: The CMAC Mode for Authentica-tion, National Institute of Standards and Tech-nology, Special Publication 800-38B, May 2005.

[13] P. Oksa, M. Soini, L. Sydänheimo and M.Kivikoski, Kilavi platform for wireless buildingautomation, Energy and Buildings Journal, Vol.40, No. 9, 2008, pp. 1721–1730.

[14] A. Perrig, R. Szewczyk, V. Wen, D. Culler andJ.D. Tygar, SPINS: Security Protocols for Sen-sor Networks, Proc. 7th Annual ACM Interna-tional Conference on Mobile Computing andNetworks, Rome, Italy, July 2001, pp. 189–199.

[15] K. Piotrowski, P. Langendoerfer and S. Peter,How public key cryptography influences wire-less sensor node lifetime, Proc. 4th ACM work-shop on Security of ad hoc and sensor networks,October 2006.

[16] R.L. Rivest, The RC5 Encryption Algorithm,Proc. 2nd International Workshop on Fast Soft-ware Encryption, Leuven, Belgium, December1994, pp. 86–96.

[17] RSA Laboratories, RSA Laboratories: Fre-quently Asked Questions About Today’s Cryp-tography, RSA Security Inc., Version 4.1, 2000.

[18] H. Sikkilä, M. Soini, L. Sydänheimo andM. Kivikoski, KILAVI Wireless CommunicationProtocol for the Building Environment - Secu-rity Issues, Proc. 10th IEEE International Sym-posium of Consumer Electronics, St. Petersburg,Russia, June-July 2006.

[19] M. Soini, L. Sydänheimo and M. Kivikoski,Reliability and Scalability of Wireless KilaviBuilding Control Platform, Proc. 11th WSEASInternational Conference on Communications,Agios Nikolaos, Crete Island, Greece, July 2007

[20] M. Soini, H. Sikkila, P. Oksa, L. Sydänheimoand M. Kivikoski, KILAVI Wireless Communi-cation Protocol for the Building Environment -Network Issues, Proc. 10th IEEE InternationalSymposium of Consumer Electronics, St. Peters-burg, Russia, June–July 2006.

[21] M. Soini, J. van Greunen, J. Rabaey andL. Sydänheimo, Beyond Sensor Networks:ZUMA Middleware, Proc. IEEE Wireless Com-munication and Networking Conference, HongKong, China, March 2007.

[22] R. Szewczyk, A. Woo, S. Hollar, D.E. Cullerand K.S.J. Pister, System architecture directionsfor networked sensors, Proc. 10th InternationalConference on Architectural Support for Pro-gramming Languages and Operating Systems,Cambridge, MA, USA, November 2000, pp. 93–104.



Documents

RC5-Based Security in Wireless Sensor Networks: …wseas.us/e-library/transactions/computers/2010/88-336.pdfRC5-Based Security in Wireless Sensor Networks: Utilization and Performance