Public Key Cryptography in Sensor Networks Revisited

1
Public Key Cryptography in Sensor Networks -
Revisited

• Written by Gunnar Gaubatz, Jens-Peter Kaps, Berk
  Sunar
• 1st European Workshop on Security in Ad-Hoc and
  Sensor Networks (ESAS 2004)
• Presented by Kang, You Sung
• KAIST, Information Processing Systems LAB, Ph.D.
  Candidate
• 2005. 9. 27.

2
Contents

• Introduction
• Why Public Key Cryptography?
• Implementation Analysis
• Rabins Scheme
• NtruEncrypt
• Conclusions
• Annex) Energy Analysis of RSA and ECC

3
Introduction

• DSN (Distributed Sensor Networks) Applications
• Monitoring wildlife
• Collecting microclimate data
• Military applications
• Next Generation Sensor Node
• Power scavenger
• Deliver power up to 20 ?W (currently 8 ?W)
• Secure communication between sensor nodes and
  base stations
• Symmetric key cryptography
• Asymmetric key cryptography (Public key
  cryptography)

4
Why Public Key Cryptography?

• Ref) Security Level

Source http//www.patentmap.or.kr/
5
Why Public Key Cryptography?

• Related Works
• ?TESLA
• Micro Timed Efficient Stream Loss-Tolerant
  Authentication
• Emulate asymmetry through a delayed disclosure of
  symmetric keys
• Issues in ?TESLA
• Time sync with the base station
• Key management function
• Ample storage
• That is, Complex key management and high storage
  for multiple keys and messages put a considerable
  burden on the power comsumption

Solution is Public key cryptography
6
Why Public Key Cryptography?

• Selected Public Key Crypto-System
• Rabins Scheme
• NtruEncrypt
• Selected Parameters
• (Assume) Focus on the encryption operation only
• To match the level of security
• To compare Rabins Scheme to NtruEncrypt
• Power consumption
• Area
• Delay
• Throughput

7
Rabins Scheme

• Overview
• Based on the factorization problem of large
  numbers
• Similar to RSA
• Asymmetric computational cost
• Fast encryption but, slow decryption

8
Rabins Scheme

• Algorithm
• Key Generation
• Choose two large random strong prime numbers
• Compute n p q
• Pick a random number b for which 0 ? b lt n
• The public key is (n, b), the private key is (p,
  q)
• Encryption
• Represent the message as an integer x for which 0
  ? x lt n
• Compute the ciphertext En,b(x) ? x(xb) mod n
• if, b 0, then En(x) ? x2 mod n
• Decryption
• Find the four square roots x1, x2, x3, x4 of c
  En(x) ? x2 mod n

9
NtruEncrypt

• Overview
• Introduced in 1998
• Based on the hardness of the Shortest Vector
  Problem in a very high dimension lattice
• Highly efficient and particularly suitable for
  embedded application
• Has not yet received the security verification

10
NtruEncrypt

• Algorithm
• Three integer parameters (N, p, q)

11
Low-Power Design

• Power dissipation in CMOS devices

leakage current
switching activity
focus on the architectural aspect
operating frequency
short-circuit charge
technology dependent parameters outside of our
influence
supply voltage
circuit capacitance
Design rules

• Targeted clock frequency 500 kHz
• Language VHDL
• RT level simulation ModelSim
• Synthesis DesignCompiler Ultra, TSMC 0.13 ?m
  standard cell library
• Power optimization DesignCompiler,
  PowerCompiler, ModelSim
• Power analysis PrimePower

12
Implementation

• Assumption
• Only consider the encryption operation for tiny
  nodes
• Fix the public key to a constant value in tiny
  nodes

• Rabins Scheme

• NtruEncrypt

13
Analysis

• Definition of Metrics
• Chip Area
• The number of equivalent gates (2-input NAND
  gate)
• Power Consumption
• Consists of static and dynamic power
• Difference due to architecture (because of the
  same target library)
• Throughput
• The number of plaintext bits that are encrypted
  per second
• Energy per Bit Encrypted
• Amount of energy necessary to encrypt a single
  bit of the message
• Scalability
• e.g., Modularity How easily simple processing
  elements can be replicated?

14
Analysis

• Power Consumption over a Range of Clock
  Frequencies

Rabins Scheme (500 kHz, 148.18 ?W)
NtruEncrypt (k84) (500 kHz, 118.7 ?W)
NtruEncrypt (k1) (500 kHz, 19.13 ?W)
15
Analysis

• Summary of comparison

Initial condition
Implementation results
Measured values
Estimated values
Estimated values
264 bits/ 0.000866 sec 304.85 kbps
433 cycle/ 500 kHz 0.000866 sec
(N167) 167 log23 264 bits
264 bits/ 0.05845 sec 4.52 kbps
29225 cycle/ 500 kHz 0.05845 sec
512 bits/ 0.00288 sec 177.8 kbps
Processing time 1440 cycle/ 500 kHz 0.00288 sec
16
Analysis

• Summary of power and energy

• Energy per bit encrypted

lop operand length, e.g., 512 for
Rabins Scheme 264 for NtruEncrypt

• Total Energy

17
Conclusions

• Public key schemes facilitates much simpler
  security protocol
• It is possible to design public key encryption
  architectures with power consumption of less than
  20?W using the right selection algorithms and
  associated parameters, optimization and low-power
  technique

18
Energy Analysis of Public-Key Cryptography for
Wireless Sensor Networks
Annex)

• Written by Arvinderpal S. Wander, et al.
• 3rd IEEE International Conference on Pervasive
  Computing and Communication (PerCom 2005)
• Presented by Kang, You Sung
• KAIST, Information Processing Systems LAB, Ph.D.
  Candidate
• 2005. 9. 27.

19
Security Services
20
Why Public Key Cryptography?
21
RSA ECC
22
RSA ECC Operations
23
Hardware Platform
24
Analysis of Primitive Operations
25
Analysis of Handshake
26
Conclusions
27
Questions or Comments

• Any questions or comments?