2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
A Complete, Efficient and Lightweight Cryptography
Solution for Resource Contrainst Mobile Ad-Hoc
Networks
Adarsh Kumar Krishna Gopal
Dept. of CSE/IT Jaypee Institute of Information
Jaypee Institute of Information Technology, Noida, India
Technology, Noida, India krishna.gopal@jiit.ac.in
adarsh,kumar@jiit.ac,in
Abstract: This paper examines the lightweight cryptography
primitives and proposes a novel integration mechanism
primitives to provide complete cryptography services for
resource constraint Mobile Ad-Hoc Networks (MANETs). In this
work, Tseng's protocol is modified to integrate primitives [30].
order to evaluate the performance of secure MANETs, software;
throughput, jitter & end to end delay; and hardware parameters;
area consumption in terms of gate equivalents (GE); are taken
into consideration. An integration proposal of these cryptography
primitives has been proposed and it has been observed that these
primitives can be clubbed with hardware cost of 36.5% of the
total GE with maximum through and minimum delay using
Destination Sequenced Distance Vector (DSDV) protocol.
Keyword: Lightweight; Cryptography; Gate Equivalents; Key
Management; Authentication; Hashing; Confidentiality.
I. INTRODUCTION
Various properties like: Ad Hoc connectivity, mobility,
decentralized infrastructure make MANETs popular among
various applications like Vehicular Ad Hoc Networks
(VANETs), military battle fields, disaster recovery, household
appliances, alert systems etc. This type of network can be
implemented either on laptops or sensor based devices using
short range wireless technologies. On Laptops abundance of
hardware resources are available to implement MANETs but
these devices are not easy to carry as compared to small sensor
devices. Small sensor devices have scarcity of resources.
Implementing complete cryptography services on resource and
computing constraint devices are not feasible. According to
Moore's law only 40% of complete resources are available for
cryptography services [11]. In order to provide complete
cryptography solution for low capacity and tight computing
mobile devices, various lightweight cryptography primitives
need to be integrated. Complete cryptography solution demand
to have following characteristics: (a) Availability, (ii)
confidentiality, (iii) integrity, (iv) authentication and (v) non
repudiation [1]. Availability ensures that devices must be
available for communication despite of any worst condition to
stop the service. Denial of Service (DoS) attack is the common
attack to halt these services.
978-1-4673-2925-5/12/$31.00 2012 IEEE
Alok Aggarwal
Deptt. of CSE/IT
JPIET, Meerut, India
alok289@gmail.com
Second, concern is confidentiality. Confidentiality means
of hiding the information in a way that it should not be available
to any third party. In order to provide confidentiality among
resource constraint devices, various lightweight
In encryption/decryption mechanism are classified into two
categories: (i) symmetric and (ii) asymmetric. Symmetric
mechanism uses same key at both ends for encryption and
decryption, whereas asymmetric mechanism uses different
keys. Symmetric mechanisms are much faster and lighter than
asymmetric mechanisms. Thus, symmetric mechanisms are
preferred over asymmetric mechanisms for resource constraint
devices. Symmetric mechanisms are further categorized into
two lightweight cryptography ciphers: (i) block ciphers and
(ii) stream ciphers. Block ciphers encrypt fixed size block
input with use of a symmetric key. In particular, key size is
either kept equal to or large than block size. Various
lightweight block ciphers: ICEBERG, KLEIN, KATAN &
KATANTAN, LBLOCK, LED, mCrypton, MIBS, PRESENT,
Piccolo, PRINTcipher, PUFFIN, SEA, TEA, XTEA,
NOEKEON etc. [2-15]. Stream ciphers encrypt variable
stream of data. Pseudo random number generator (PRNG)
techniques are generally preferred to encrypt plaintext in these
schemes. Various stream ciphers are: A2U2, MICKEY 2.0,
Salsa20, SOSEMANUK, HC-128, Trivium etc. [16]. Stream
ciphers are faster, provide high throughput and hardware
efficient than block ciphers, thus preferred in resource
constraint devices.
Key management must be implemented prior to achieve
confidentiality. Key can be symmetric or asymmetric. Each of
these key mechanisms has agreement and
transposition/distribution processes. Symmetric key agreement
protocols are: Boyd's key agreement, Bluetooth key
agreement, ISO/IEC 11770-2 protocols etc. and symmetric
key transposition/distribution protocols are: Needham
Schroeder symmetric key protocol, BBF-protocol etc.
Asymmetric key agreement protocols are: Basic Diffie
Hekkman (DH), Station to Station Protocol, Oakley, SKEME,
IKE, AKA, etc. and asymmetric key transposition/distribution
protocols are: Needham Schroeder public key, Blake-Wilson
Menezes (BWM), TLS, ISO/IEC 11770-3 protocol etc. In
854
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing

1982, I. Ingemarsson, D. T. Tang and C. K. Wong designed 544 rounds of linear feedback shift register, which is of 10 bits,
first group based key management protocol. Thereafter several (ii) D-Quark is heavier than U-Quark but lighter than S-Quark.
group key management protocol (GKMP) are proposed like: It provides at least 80-bits security against collisions and
Burmester and Desmedt (BD), Group Diffie Hellman (GDH), second pre-image resistance. It produces 176 bits message
GDH.1, GDH.2, GDH.3, Authenticated-GDH (A-GDH), digest with 704 rounds of linear feedback shift register, which
Secure Association-GDH (SA-GDH) etc. GKMP can be is of 10 bits, (iii) S-quark is high security provider hash than
classified as: (i) general, (ii) tree based, (iii) re-keying based any other QUARK. It provides at least 112 bits security
and (iv) ID-based. For example, General: Katz and Yung, tree against collisions and second pre-image resistance. It produces
based: Tree-Based Group Diffie Hellman (TGDH), re-keying 256 bits message digest with 1024 rounds of linear feedback
based: Lee-Kim, ID-based: Yu and Tang [17-23 ]. shift register, which is of 10 bits.
Message integrity and authentication are the minimum set PRESENT is a lightweight cryptography hash function
of requirements for any secure network. Integrity protects developed by A. Bogdanov, L. R. Knudsen, G. Leander, C.
from any message corruption during transmission and Paar, A. Poschma in 2007[28]. There are three instances of
authentication ensures the identities of communication parties PRESENT: DM-PRESENT, H-PRESENT and C-PRESENT.
and of message. Hashing with authentication provide (i) DM-PRESENT is a Davies-Meyer (DM) mode based
protection from collision resistance, compression and method and is suitable for applications that require 64-bit
efficiency. Various lightweight cryptography hash functions security. Two compact versions of DM-PRESENT are: (a)
designed are: Quark, SPONGENT, PHOTON, PRESENT, DM-PRESENT-80 and DM-PRESENT-128, (ii) H-PRESENT
KECCAK, ARMADILL02 etc. Non-repudiation assures that is Hirose's construction based double block-length hash
sender or receiver cannot later deny the processing of data. construction function. It provides collision resistance (2"), first
Sender is assured using proper delivery acknowledgment and pre-image resistance (2n) and second pre-image resistance
2
receiver is assured of sender's unique identity. Digital (2 "), (iii) Constructed-PRESENT-I92 (C-PRESENT-192)
signature and public key cryptography mechanisms are used to provides longer hash using triple block length construction. It
provide repudiation. provides collision resistant (2"), first pre-image resistant (2")
and second pre-image resistant (2").
In order to efficiently integrate complete security
primitives for ad hoc networks, software and hardware Comparison: Figure 1 and figure 2 show a comparative
parameters need to be analyzed. In this work, software analysis of two lightweight hash algorithms: Quark and
parameters taken are: throughput, jitter and end to end delay. PRESENT. From the figures, it can be seen that DM
Whereas, hardware parameters taken are: GE. Further, Tseng's PRESENT give maximum throughput with lesser number of
protocol is modified to achieve a completely secure, software GEs, minimum delay and less power consumption. So, out of
and hardware efficient scenario for resource constraint selected lightweight hash mechanisms, DM-PRESENT is
devices. more suitable for analysis and integration.
The rest of the paper is structured as follows. Section 2
describes the review of lightweight cryptography primitives.
Section 3 detail novel approach of integrating lightweight Through vs Power vs End to End Delay
cryptography primitives using modified Tseng's protocol. Comparison
Section 4 presents the result and analysis of integrated
25
approach. Finally, conclusions are in Section 5.
20 ...
." '-
15
II. RIVIEW OF PROTOCOLS 10 ........- "
..L:::lii... "
5
A. Lightweight Hash Functions 0 - -
H- DM- DM- c-
Authentication using Message Authentication Code (MAC)
u- D- S- PRE PRE PRE PRE
or Counter MAC (CMAC) generate heavy and insecure traffic.
In order to provide security with lesser traffic over network Qua Qua Qua SEN SEN SEN SEN
and collision resistant characteristics, lightweight hash rk rk rk T- T- T- T-
mechanisms are integrated. In this work, two lightweight hash 128 80 128 192
functions are selected for comparison: Quark and PRESENT.
-+-Power 2 .44 3.1 4.35 6.44 1.83 2.94 3.1
Quark is a lightweight cryptography hash function based
...... Throughput 1.47 2.27 3.13 11.4 14.6 22.9 1.9
on sponge construction developed by J. P. Aumasson, L.
Henzen, W. Meier and M. N. Plasencia in 2010 [24]. Quark is ....... Endto End
a lightweight hash because of optimized security level, 0. 71 0.41 0.29 0. 07 0.05 0.03 0.63
Delay
construction and core algorithm. Unlike PHOTON family, it is
based on bit shift registers and Boolean functions. There are
three instances of Quark: U-Quark, D-Quark and S-Quark. (i) Figure 1: Software Analysis of Quark vs PRESENT
U-Quark is the lightest hash among all three and it provides at
least 64-bit security against collisions and second pre-image
resistance attacks. It is designed to provide maximum of 128
bit pre-image resistance with message digest of 13 6 bits and

855
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing

oriented etc. protect this mechanism against various attacks,

Gate Equivalents (GE) Gate Equivalents (GEl
(iii) strong against differential cryptanalysis with probability
5 000 ,.--------------
of T28, (iv) success rate for linear cryptanalysis in plaintext,

I
4000

I
i
algebraic attack or slide and related key attacks. Weaknesses
QI
.J:I
E finding the weak key which makes the encryption function
z involution and (ii) hardware implementation is costlier as
Algorithms
Figure 2: Hardware Analysis of Quark vs PRESENT
B. Lightweight Encryption/Decryption
In order to provide confidentiality, three lightweight
encryption/decryption mechanisms are selected: KLEIN,
HIGHT and CLEFIA. These mechanisms are outlined here:
KLEIN is a lightweight block cipher is proposed by Z.
Gong, S. Nikova and Y.W. Law in 2011 [29]. KLEIN
provides software efficiency, compactness and protection
against various cryptanalysis. Figure 3 shows the encryption
process phases for KLEIN and Table 1 shows the comparison
of KLEIN-64/80/96 bits block variations. Major strengths of
KLEIN are: (i) it provides resistant to weak key attacks, (ii) it
provides better software performance with minimum number
of active S-boxes and minimum resource consumption for key
processing, (iii) it uses round dependent counter to protect
against symmetric key schedule attacks, (iv) it provides
protection against sum nibble attack. Weaknesses of KLEIN
block cipher are: (i) weak protection against byte oriented
integral attacks, (ii) as key size increases speed decreases, (iii)
there is strong tradeoff between security and masking based on
secret sharing in hardware.
ciphertext and key is very high, (v) 16-rounds HIGHT provide
high security against saturation attack, boomerang attack,
of this cipher are: (i) fiestel structure increases the chance of
compared to PRESENT, mCrypton, GOST, KATAN etc.
CLEFIA is a fiestel network based lightweight block cipher
designed by T. Shirai, K. Shibutani, T. Akishita, S. Moriai and
T. Iwata in 2007 [26]. Major strengths of this cipher are: (i)
half key whitening is used to reduce the cost of key additions,
(ii) protect against linear or differential attacks using two
diffusion matrices, (iii) selection of S-boxes enhances the
immunity against byte-oriented saturation and algebraic
attacks, (iv) one way of sub-key generation protects from
related key attacks. Weaknesses of this cipher are: (i) silent on
side channel attacks, (ii) prone to weak and strong key attacks
due to feistel network.
w Hardware Performance
6000
-
o
...
QI
.J:I
4000
E 2000
z o
Lightweight Ciphers

Figure 4: Hardware Performance ofCLEFIA vs HIGHT vs KLEIN

Software Performance

400
300
..
Figure 3: Encryption process in KLEIN. 200 ......
100
0
....
Tahle 1: K LFIN instances comnarision
CLE FI HIGH KLEIN KLEIN KLEIN
Block Size N, Key Size Initial Subkey
A T -64 -80 -96
Size
64 12 64 7 ....... Technology 0.09 0.25 0.18 0.18 0.18
80 16 80 9
96 20 96 11 _Throughput 355.56 188.2 122.1 140.1 145.1

....... Endto End

HIGHT(HIgh security and light weiGHT) is another 15.2 23.4 10.1 8.2 7.1
Delay
lightweight block cipher for low resource devices proposed by
D. Hong, J. Sung, S. Hong, J. Kim, S. Lee, B.Koo, C. Lee, D. Figure 5: Software Performance ofCLEFIA vs HIGHT vs KLEIN
Chang, J. Lee, K. Jeong, H. Kim, J. Kim and S. Chee in 2006
[25]. Various instances of HIGHT are: HIGHT-64 and Comparison: Figure 4 and figure 5 shows a comparative
HIGHT-128 bits. Major strengths of this cipher are: (i) it is analysis of lightweight ciphers: CLEFIA, HIGHT and KLEIN.
much faster in terms of security and key scheduling as KLEIN-96 gives good amount of throughput with standard
compared to AES, (ii) design issues like one 128-bit register, technology, less number of GE and minimum delay. Thus,
randomness of subkey bytes, bitwise diffusion, 8-bit processor

856
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing

KLEIN-96 is considered to be the most suitable protocol for Comparison: Figure 6 and figure 7 show a comparative
analysis and integration. analysis of low computational key agreement and transport
protocols using three MANET routing protocols: Ad-hoc On
C. Lightweight Key Exchange Protocols Demand Distance Vector (AODV), DSDV and Dynamic
In order to provide key agreement, key distribution and Source Routing (DSR). Results show that Tseng's protocol
non-repudiation, lightweight key exchange protocols are provides higher throughput and minimum delay for AODV
selected. In this work, two low computational key exchange protocol. Thus, Tseng's protocol is selected for complete
mechanisms are selected for comparison: Tseng's protocol and cryptography integration.
Kim, Lee, Lee protocol.
III. WORK DONE
In 2005, Y. M. Tseng proposed a lightweight group key
agreement protocol for key agreement and transport [30]. In In order to provide complete cryptography services on
2007, modification on this protocol was made to extend this resource constraint devices various cryptography primitives
protocol. Major strengths of this protocol are: (i) strong discussed in previous section are integrated and its performance
computational efficient conference key agreement and is analyzed on ns-3 simulator using python language [13]. In
transport protocol, (ii) consume lesser power and GE because order to address the first primitive i.e. availability in this work,
of small number of rounds. Weakness of this protocol is: (i) following DoS resilience algorithm is used:
forward and backward secrecies are questionable. Protocol: DoS resilience algorithm
Kim, Lee and Lee proposed a group key agreement Premises: TCP_HDR & ipaddr are the build in structures for
protocol in 2004 [3 1]. Strengths of this protocol are: (i) it is TCP and IP header information. THRESHOLD is
server-less and decentralized group key management protocol, the maximum limit of packet receiving without
(ii) unique identities are selected to generate group key and it halting the any type of service that is set by
is claimed to be protected against unauthorized access, (iii) administrator according to available hardware
provide separate efficient procedures for joining or leaving of resources. ACTIVE OPEN & PASSIVE OPEN
new nodes, (iv) this protocol uses Diffie-Hellman key are the processes that make a particular side ready
agreement protocol initialization mechanism to generate and to send a packet or receive a packet. CLIENTO,
transport keys. Weaknesses of this protocol are: (i) not strong ROUTERO, SERVERO and BLOCKO are the
against impersonation attack, (ii) attack on the integrity of functions to handle the client, router, server and
session is easy. block processes.
Goal: Stop the TCP SYN flooding packets and pass other
Throughput Comparison
packets.
countO
{
static int i=O;
return ++i;
Tseng
}
AODV DSDV DSR Kim Lee Lee BLOCK(struct ipaddr *) { }
packet_receive(TCP_HDR *packet)
MANET Routing Protocols {
int no_ofkts;
no_ofkts=countO;
if (no_ofkts > THRESHOLD)
Figure 6: Throughput comparison ofMANET routing protocols. BLOCK(struct ipaddr->src-addr)
else
{
End to End Delay CLIENT(ACTIVE_OPEN);
Tseng ROUTER(pASSIVE_OPEN);
u 1.5
QI 1
SERVER(PASSIVE_OPEN);
E 0.5
o Kim Lee Lee
CLIENT: SEND(router, SYN)
ROUTER:RECV(router, SYN)
AODV DSDV DSR & SEND(c1ient, COOKIES+ SYN+ACK)
CLIENT: RECV(COOKIES+SYN+ACK)
MANET Protocols CLIENT: SEND(COOKIES+ACK)
ROUTER: RECV(COOKIES+ACK)
If (COOKIE==VALID)
ROUTER: SEND(server, ACK)
else
BLOCK(struct ipaddr->src_addr)
Figure 7: End to End delay ofMANET routing protocols.

857
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing

Next, in order to achieve authentication, key management,

confidentiality and non-repudiation, Tseng's protocol is
ii. If ((Fi\1)/Fl_1))Ft equals Fj5Z/mod P1 ,
modified from steps 4 to 7 in following way: where (l:Sj :s n, j:;t i) and X=H(Zj, Fj\ F5
i ,Ts)
b. If either of two tests does not hold then MNj
Premises: Let MNj is an illt mobile node, PI and P2 are the two
broadcast "faiure" and exit
large prime numbers such that Pz=2PI+1, 'a' is
primitive element or generator for subgroup Gpz' c. If both tests hold then MNj can use rl to
compute the symmetric group key
Gpz is the subgroup with Pz elements, H is one way
hash function, K1K is the MNj's secret key and a K=( Fl_ )nrl Zi -1 Zi+-l ... Zi -2 mod P1
l l l l l l l
random value in Zl' KtK is the MNj's public key ocr1 rz +ocrz r + ... +ocrn r1
3 This step
. Ki calculation is according to second step of BD
such that KtK = OC SK mod PI. Ts is the timestamp to
GKA algorithm.
avoid replay attack.
Step 4:- Generating MAC over message 'M'
Goals: (i) Generate a common symmetric group key K and
Step a: Source: MAC=MAC(K, M).
share it with all group members.
Step b: Source: Apply hash over MAC
(ii) Using group key K, authenticate 'M' with DM
and generate HMAC.
PRESENT-128 hashing mechanism and generate
HMAC=H(MAC(K,M
HMAC.
Step 5:- Source: Encryption Process
(iii) Use KLEIN-96 block cipher, encrypt message
'M' with symmetric group key 'K'. Source: messsagejor_dest = EK(M)IIHMAC.
Step 1:- Key generation and broadcast Step 6:- Destination: Decryption Process
a. Let I.l=1 M Ni are the n-mobile nodes in the Destination: Message_to_receive
network. Each MN will select a random secret message_for_dest
1 '
(M IIHMAC )
vaI ue ri and ri2 .
Destination:
DK(Message_toJeceive).
b. Each MN; will compute three factors: Fl =
l
rz
Step 7:-
mod P1 , Fi2 =OC mod P1
Destination: reply the step a and step b of step
oc r and ' '
t t
4 over M and generate HMAC .
,
F? = (rl)"'(H(Fl, Ts) - Fl K1K)m od P2 If (HMAC==HMAC ) then return SUCCESS
c. Each MN; broadcasts (Fl, Fl, F?, Ts) to all. else return FAILURE.
Step 2:- Sub Key Distribution:- Strengths of proposed mechanisms are: (i) it provides
unique approach of integrating five cryptography primitives:
a. Each MN; receive all (Fl, Fl, Ff, Ts) (10 j o n,
authentication using hashing, availability, confidentiality, key
joi). management and non-repudiation, (ii) provide strong
b. Each MN; checks two c onditi ons: rotection against collision resistance, (iii) strong against
1. If ( OCHCF],Ts) equals hnear or differential, impersonation or any side channel
j FZ 2 F3 attacks, (iv) it is open to integrate other cryptography
(KpK) i (Fj ) j mod P1) and protocols also.
ll. If ( 2 :s; Fjl :s; P1 - 1) and
p IV. RESULT AND ANALYSIS
( Fjl ) z mod P1 equals 1.
c. If either of above two tests does not hold' MN; Delay Comparison
broadcasts "failure" and ex it.
1
d. else-if both tests passes then it is validated that u 0.8
Fjl is primitive element of Gp and each MN; will
z
0.6
E 0.4
selects a random number R; oZ;z and compute Z; 0.2
o
((Fl+ 1)/Fl-1)yl mod P1 '
F4i = OCRi mod P1 , F5i = ((F\ i 1)/Fl_1))Ri -+-AODV
mod) PI' F6i = Ri + H (Zi, Fi4, F5 i ,Ts)rlmod P2
....... DSDV
e. Each MN; broadcast (Z,i Fi4, F5 i , F6i ) to all.
.......DSR
Step 3:- Sub key verification and conference key
computation
a. Each MNj receive Z,j Fj\ Fj5, Fj6) and check
two conditions: Figure 8: End to End delay comparison of proposed
integrati on mechanism
i. If (OCFi6) equals Fj4((Fjl)Xmod P '
l

858
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
Throughput vs Power Consumption
Throughput
o Solutions", International Conference
AU; OS:; 0;1 Power
MANET Protocols Consumption
Figure 9: Throughput vs Power Consumption
Figure 8 and figure 9 show throughputs, power and delay
comparisons over MANET routing protocols using proposed
integrated cryptography primitives technique. Results show
that DSDV is considered to be the best protocol with
comparatively good throughput, less power consumption and
minimum end to end delay. It is observed that performance of
proposed mechanism varies for different routing protocols
based on the route discovery mechanism followed by these
routing protocols. If discovery mechanism is changes to
reactive approach then AODV and DSR protocols performs
better than DSDY. It is also calculated that five cryptography
primitives can be integrated with hardware cost of
approximately 3650 GEs.
V. CONCLUSI ON
The integrated cryptography approach presented in this
paper provides efficient way to achieve authentication,
availability, confidentiality, key management and non
repudiation. The approach satisfies the needs of a secure
MANET: it requires low GEs and provide maximum
throughput with minimum delay. Moreover, it can be extended
with stream ciphers with minimum number of GEs.
REFERENCES
[I] L. Zhou, Z. J. Haas, "Securing Ad Hoc Networks", IEEE network,
special issue on network security, pp. 24-30, 1999.
[2] C. D. Canniere, O. Dunkelman and M. Knezevic, "KATAN and
KTANTAN-A Family of Small and Efficient Hardware Oriented Block
Ciphers", In Cryptographic Hardware and Embedded Systems-CHES
2009, vol. 5747 of Lecture Notes in Computer Science, pp. 272-288,
Springer 2009.
[3] C. H. Lim, T. Korkishko, "mCrypton- A Lightweight Block Cipher for
Security of Low-Cost RFID Tags and Sensors", WISA 2005, pp. 243-
258, 2005.
[4] G. Leander, C. Paar, A. Poschmann and K. Schramm, "New Lightweight
DES variants", FSE 2007, pp. 196-210 (2007).
[5] K. Shibutani, T. Tsobe, H. Hiwatari, A. Mitsuda, T. Akishita and T.
Shirai, "Piccolo: An Ultra-Lightweight Block cipher", CHES 201I,
LNCS 6917, pp. 342-357, 201I.
[6] H. Cheng, H. M. Heys, C. Wang, "PUFFIN: A Novel Compact Block
Cipher Targeted to Embedded Digital Systems", Euromicro Conference
on Digital System Design (DSD 2008), pp.383-390, Parma, Italy, 2008.
[7] J. Guo, T. Peyrin, A. Poschmann and M. Robshaw, "The LED Block
Cipher", Lecture Notes in Computer Science, CHESS 2011, vol.
6917/2011, pp. 326-341, 2011.
[8] L. Knudsen, G. Leander, A. Poschmann and M. J. B. Robshaw, "
PRINTCTPHER: A Block Cipher for IC-Printing", CHES 2010, pp.16-
32, Springer, 2010.
[9] H. Alkhzaimi and E. Zenner, "A cryptanalysis of PRINTCTPHER: The
Invariant Subspace Attack", CRYPT0201I, pp. 206-221, Springer,201I.
859
[10] P. Peris-Lopez, J.C. Hernandez-Castro, J. M. Esteveze-Tapiador, A.
Ribagorda, "RFlD Systems: A Survey on Security Threats and Proposed
on Personal Wireless
Communication- PWCA'06, LNCS 4217 (2006).
[II] G. E. Moore, "Cramming More Components onto Integrated Circuits.
Electronics": http://www.intel. com,(1965).
[12] F. X. Standaert, G. Piret, N. Gershendeld, J. J. Quisquarter, "SEA: A
Scalable Encryption Algorithm for small embedded applications", In the
proceedings of CAROlS 2006, LNCS, vol. 3928, pp. 222-236,
Tarragona, Spain, 2006.
[13] NS3 Simulator, http://www. nsnam.org
[14] M. M. Fouda, Z. Md. Fadlullah, N. Kato, R. Lu, and X. Shen, "A
Lightweight Message Authentication Scheme for Smart Grid
Communications", IEEE Transaction on Smart Grid, vol. 2, No. 4,
pp.675-685,2011.
[15] J. Guo, T. Peyrin and A. Poschmann, "The PHOTON Family of
Lightweight Hash Functions", CRYPTO 2011, pp.222-239, Springer
Verlag 2011.
[16] T. Good, W. Chelton and M. Benaissa, "Hardware Results for Selected
Stream Cipher Candidates", Presented at SASC (2007), URL:
http://www. ecrypt.eu. orglstream/
[17] J. Katz and M. Yung, "Scalable protocols for authenticated group key
exchange", In Advances in Cryptography Crypto'03, Lecture Notes in
Computer Science, Vol. 2729, pp. 110-125, 2003.
[18] I. Ingemarsson, D. T. Tang and C. K. Wong, "A Conference key
distribution system", IEEE Transactions on Information Theory, vol. 28,
No. 5, pp.714-720, September 1982.
[19] Michael Steiner, Gene Tsudik, and Michael Waidner, " Diffie-Hellman
Key Distribution Extended to Group Communication", ACM Conference
on Computer and Communication Security, Pages 31-37, 1996.
[20] GIuseppe Ateniese, Michael, and Gene Tsudik, "Authenticated Group
Key Agreement and Friends" international Conference on Computer
and Communication Security, Pages 17-26, 1998.
[21] M. Steiner, G. Tsudik and M. Waidner, "CLIQUES: A new approach to
group key agreement", Proc. Of the 18th international conference on
distributed computing systems, pp.380-387, 1998.
[22] M. Steiner, G. Tsudik and M. Waidner, "Key agreement in dynamic peer
groups", IEEE Transactions on Parallel and Distributed Systems, vol.
II, No. 8, pp.769-780, August 2000.
[23] M. Burmester and Y. Desmedt. "A Secure and efficient conference key
distribution system", Proc. Advances incryptography-Eurocrypt'94,
Lecture Notes in Computer Science, vol. 950, pp.275-286,I995.
[24] A. P. Aumasson, L. Henzen, W. Meier and M. N. Plasencia, "Quark: A
Lightweight Hash", CHES 2010, pp.I-15, 2010.
[25] D. Hong, J. Sung, S. Hond, J. Lim, S. Lee, B. Koo, C. Lee, D. Chang, J.
Lee, K. Jeong, H. Kim, 1. Kim and S. Chee, "HIGHT: A New Block
Cipher Suit able for Low Resource Device" , Proceedings of CHES
2006, LNCS 4249, Springer, 2006.
[26] T. Shirai, K. Shibutani, T. Akishita, S. Moriai and T. Iwata, 'The 128-
Bit Blockcipher CLEFIA", Proceedings of FSE 2007, LNCS 4593,
Springer, 2007.
[27] P. Zhang, B. Sun and C. Li, "Saturation attack on the block cipher hight.
In Cryptology and Network Security", vol. 5888 of LNCS, Springer,
2009.
[28] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J.
B. Robshaw, Y. Seuria and C. Vikkelsoe, "PRESENT: An Ultra
Lightweight Block Cipher", In P. Paillier and I. Verbauwhede, editors,
CHES 2007, Vol. 4727 of LNCS, pp. 450-466, Springer-verlag, 2007.
[29] Z. Gong, S. Nikova, Y.W. Law, "KLEIN: A New Family of Lightweight
Block Ciphers", RFIDSec 2011, pp. 1-18, Springer, 2011.
[30] Y. M. Tseng, "Efficient authenticated key agreement protocols resistant
to a denial of service attack", international Journal of Network
Management, vol. 15, pp. 193-202, 2005.
 2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing

[31] H. J. Kim, S. M. Lee and D. H. Lee, "Constant round authenticated

group key exchange for dynamic groups", Asiacrypt'04, LNCS 3329,
pp. 245-259, Springer-Verlag, 2004.

860