Abstract: This paper examines the lightweight cryptography Second, concern is confidentiality. Confidentiality means
primitives and proposes a novel integration mechanism of hiding the information in a way that it should not be available
primitives to provide complete cryptography services for to any third party. In order to provide confidentiality among
resource constraint Mobile Ad-Hoc Networks (MANETs). In this resource constraint devices, various lightweight
work, Tseng's protocol is modified to integrate primitives [30]. In encryption/decryption mechanism are classified into two
order to evaluate the performance of secure MANETs, software; categories: (i) symmetric and (ii) asymmetric. Symmetric
throughput, jitter & end to end delay; and hardware parameters;
mechanism uses same key at both ends for encryption and
area consumption in terms of gate equivalents (GE); are taken
decryption, whereas asymmetric mechanism uses different
into consideration. An integration proposal of these cryptography
keys. Symmetric mechanisms are much faster and lighter than
primitives has been proposed and it has been observed that these
asymmetric mechanisms. Thus, symmetric mechanisms are
primitives can be clubbed with hardware cost of 36.5% of the
total GE with maximum through and minimum delay using
preferred over asymmetric mechanisms for resource constraint
Destination Sequenced Distance Vector (DSDV) protocol.
devices. Symmetric mechanisms are further categorized into
two lightweight cryptography ciphers: (i) block ciphers and
Keyword: Lightweight; Cryptography; Gate Equivalents; Key (ii) stream ciphers. Block ciphers encrypt fixed size block
Management; Authentication; Hashing; Confidentiality. input with use of a symmetric key. In particular, key size is
either kept equal to or large than block size. Various
I. INTRODUCTION lightweight block ciphers: ICEBERG, KLEIN, KATAN &
Various properties like: Ad Hoc connectivity, mobility, KATANTAN, LBLOCK, LED, mCrypton, MIBS, PRESENT,
decentralized infrastructure make MANETs popular among Piccolo, PRINTcipher, PUFFIN, SEA, TEA, XTEA,
various applications like Vehicular Ad Hoc Networks NOEKEON etc. [2-15]. Stream ciphers encrypt variable
(VANETs), military battle fields, disaster recovery, household stream of data. Pseudo random number generator (PRNG)
appliances, alert systems etc. This type of network can be techniques are generally preferred to encrypt plaintext in these
implemented either on laptops or sensor based devices using schemes. Various stream ciphers are: A2U2, MICKEY 2.0,
short range wireless technologies. On Laptops abundance of Salsa20, SOSEMANUK, HC-128, Trivium etc. [16]. Stream
hardware resources are available to implement MANETs but ciphers are faster, provide high throughput and hardware
these devices are not easy to carry as compared to small sensor efficient than block ciphers, thus preferred in resource
devices. Small sensor devices have scarcity of resources. constraint devices.
Implementing complete cryptography services on resource and Key management must be implemented prior to achieve
computing constraint devices are not feasible. According to confidentiality. Key can be symmetric or asymmetric. Each of
Moore's law only 40% of complete resources are available for these key mechanisms has agreement and
cryptography services [11]. In order to provide complete transposition/distribution processes. Symmetric key agreement
cryptography solution for low capacity and tight computing protocols are: Boyd's key agreement, Bluetooth key
mobile devices, various lightweight cryptography primitives agreement, ISO/IEC 11770-2 protocols etc. and symmetric
need to be integrated. Complete cryptography solution demand key transposition/distribution protocols are: Needham
to have following characteristics: (a) Availability, (ii) Schroeder symmetric key protocol, BBF-protocol etc.
confidentiality, (iii) integrity, (iv) authentication and (v) non Asymmetric key agreement protocols are: Basic Diffie
repudiation [1]. Availability ensures that devices must be Hekkman (DH), Station to Station Protocol, Oakley, SKEME,
available for communication despite of any worst condition to IKE, AKA, etc. and asymmetric key transposition/distribution
stop the service. Denial of Service (DoS) attack is the common protocols are: Needham Schroeder public key, Blake-Wilson
attack to halt these services. Menezes (BWM), TLS, ISO/IEC 11770-3 protocol etc. In
1982, I. Ingemarsson, D. T. Tang and C. K. Wong designed 544 rounds of linear feedback shift register, which is of 10 bits,
first group based key management protocol. Thereafter several (ii) D-Quark is heavier than U-Quark but lighter than S-Quark.
group key management protocol (GKMP) are proposed like: It provides at least 80-bits security against collisions and
Burmester and Desmedt (BD), Group Diffie Hellman (GDH), second pre-image resistance. It produces 176 bits message
GDH.1, GDH.2, GDH.3, Authenticated-GDH (A-GDH), digest with 704 rounds of linear feedback shift register, which
Secure Association-GDH (SA-GDH) etc. GKMP can be is of 10 bits, (iii) S-quark is high security provider hash than
classified as: (i) general, (ii) tree based, (iii) re-keying based any other QUARK. It provides at least 112 bits security
and (iv) ID-based. For example, General: Katz and Yung, tree against collisions and second pre-image resistance. It produces
based: Tree-Based Group Diffie Hellman (TGDH), re-keying 256 bits message digest with 1024 rounds of linear feedback
based: Lee-Kim, ID-based: Yu and Tang [17-23 ]. shift register, which is of 10 bits.
Message integrity and authentication are the minimum set PRESENT is a lightweight cryptography hash function
of requirements for any secure network. Integrity protects developed by A. Bogdanov, L. R. Knudsen, G. Leander, C.
from any message corruption during transmission and Paar, A. Poschma in 2007[28]. There are three instances of
authentication ensures the identities of communication parties PRESENT: DM-PRESENT, H-PRESENT and C-PRESENT.
and of message. Hashing with authentication provide (i) DM-PRESENT is a Davies-Meyer (DM) mode based
protection from collision resistance, compression and method and is suitable for applications that require 64-bit
efficiency. Various lightweight cryptography hash functions security. Two compact versions of DM-PRESENT are: (a)
designed are: Quark, SPONGENT, PHOTON, PRESENT, DM-PRESENT-80 and DM-PRESENT-128, (ii) H-PRESENT
KECCAK, ARMADILL02 etc. Non-repudiation assures that is Hirose's construction based double block-length hash
sender or receiver cannot later deny the processing of data. construction function. It provides collision resistance (2"), first
Sender is assured using proper delivery acknowledgment and pre-image resistance (2n) and second pre-image resistance
2
receiver is assured of sender's unique identity. Digital (2 "), (iii) Constructed-PRESENT-I92 (C-PRESENT-192)
signature and public key cryptography mechanisms are used to provides longer hash using triple block length construction. It
provide repudiation. provides collision resistant (2"), first pre-image resistant (2")
and second pre-image resistant (2").
In order to efficiently integrate complete security
primitives for ad hoc networks, software and hardware Comparison: Figure 1 and figure 2 show a comparative
parameters need to be analyzed. In this work, software analysis of two lightweight hash algorithms: Quark and
parameters taken are: throughput, jitter and end to end delay. PRESENT. From the figures, it can be seen that DM
Whereas, hardware parameters taken are: GE. Further, Tseng's PRESENT give maximum throughput with lesser number of
protocol is modified to achieve a completely secure, software GEs, minimum delay and less power consumption. So, out of
and hardware efficient scenario for resource constraint selected lightweight hash mechanisms, DM-PRESENT is
devices. more suitable for analysis and integration.
The rest of the paper is structured as follows. Section 2
describes the review of lightweight cryptography primitives.
Section 3 detail novel approach of integrating lightweight Through vs Power vs End to End Delay
cryptography primitives using modified Tseng's protocol. Comparison
Section 4 presents the result and analysis of integrated
25
approach. Finally, conclusions are in Section 5.
20 ...
." '-
15
II. RIVIEW OF PROTOCOLS 10 ........- "
..L:::lii... "
5
A. Lightweight Hash Functions 0 - -
H- DM- DM- c-
Authentication using Message Authentication Code (MAC)
u- D- S- PRE PRE PRE PRE
or Counter MAC (CMAC) generate heavy and insecure traffic.
In order to provide security with lesser traffic over network Qua Qua Qua SEN SEN SEN SEN
and collision resistant characteristics, lightweight hash rk rk rk T- T- T- T-
mechanisms are integrated. In this work, two lightweight hash 128 80 128 192
functions are selected for comparison: Quark and PRESENT.
-+-Power 2 .44 3.1 4.35 6.44 1.83 2.94 3.1
Quark is a lightweight cryptography hash function based
...... Throughput 1.47 2.27 3.13 11.4 14.6 22.9 1.9
on sponge construction developed by J. P. Aumasson, L.
Henzen, W. Meier and M. N. Plasencia in 2010 [24]. Quark is ....... Endto End
a lightweight hash because of optimized security level, 0. 71 0.41 0.29 0. 07 0.05 0.03 0.63
Delay
construction and core algorithm. Unlike PHOTON family, it is
based on bit shift registers and Boolean functions. There are
three instances of Quark: U-Quark, D-Quark and S-Quark. (i) Figure 1: Software Analysis of Quark vs PRESENT
U-Quark is the lightest hash among all three and it provides at
least 64-bit security against collisions and second pre-image
resistance attacks. It is designed to provide maximum of 128
bit pre-image resistance with message digest of 13 6 bits and
855
2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
I
4000
I
i
ciphertext and key is very high, (v) 16-rounds HIGHT provide
high security against saturation attack, boomerang attack,
algebraic attack or slide and related key attacks. Weaknesses
QI
.J:I of this cipher are: (i) fiestel structure increases the chance of
E finding the weak key which makes the encryption function
z involution and (ii) hardware implementation is costlier as
compared to PRESENT, mCrypton, GOST, KATAN etc.
CLEFIA is a fiestel network based lightweight block cipher
designed by T. Shirai, K. Shibutani, T. Akishita, S. Moriai and
Algorithms T. Iwata in 2007 [26]. Major strengths of this cipher are: (i)
Figure 2: Hardware Analysis of Quark vs PRESENT
half key whitening is used to reduce the cost of key additions,
(ii) protect against linear or differential attacks using two
B. Lightweight Encryption/Decryption diffusion matrices, (iii) selection of S-boxes enhances the
In order to provide confidentiality, three lightweight immunity against byte-oriented saturation and algebraic
encryption/decryption mechanisms are selected: KLEIN, attacks, (iv) one way of sub-key generation protects from
HIGHT and CLEFIA. These mechanisms are outlined here: related key attacks. Weaknesses of this cipher are: (i) silent on
side channel attacks, (ii) prone to weak and strong key attacks
KLEIN is a lightweight block cipher is proposed by Z. due to feistel network.
Gong, S. Nikova and Y.W. Law in 2011 [29]. KLEIN
provides software efficiency, compactness and protection
against various cryptanalysis. Figure 3 shows the encryption
process phases for KLEIN and Table 1 shows the comparison w Hardware Performance
of KLEIN-64/80/96 bits block variations. Major strengths of
6000
-
KLEIN are: (i) it provides resistant to weak key attacks, (ii) it o
...
provides better software performance with minimum number QI
.J:I
4000
of active S-boxes and minimum resource consumption for key E 2000
processing, (iii) it uses round dependent counter to protect z o
against symmetric key schedule attacks, (iv) it provides
protection against sum nibble attack. Weaknesses of KLEIN
block cipher are: (i) weak protection against byte oriented
integral attacks, (ii) as key size increases speed decreases, (iii)
there is strong tradeoff between security and masking based on
secret sharing in hardware. Lightweight Ciphers
Software Performance
400
300
..
Figure 3: Encryption process in KLEIN. 200 ......
100
0
....
Tahle 1: K LFIN instances comnarision
CLE FI HIGH KLEIN KLEIN KLEIN
Block Size N, Key Size Initial Subkey
A T -64 -80 -96
Size
64 12 64 7 ....... Technology 0.09 0.25 0.18 0.18 0.18
80 16 80 9
96 20 96 11 _Throughput 355.56 188.2 122.1 140.1 145.1
856
2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
KLEIN-96 is considered to be the most suitable protocol for Comparison: Figure 6 and figure 7 show a comparative
analysis and integration. analysis of low computational key agreement and transport
protocols using three MANET routing protocols: Ad-hoc On
C. Lightweight Key Exchange Protocols Demand Distance Vector (AODV), DSDV and Dynamic
In order to provide key agreement, key distribution and Source Routing (DSR). Results show that Tseng's protocol
non-repudiation, lightweight key exchange protocols are provides higher throughput and minimum delay for AODV
selected. In this work, two low computational key exchange protocol. Thus, Tseng's protocol is selected for complete
mechanisms are selected for comparison: Tseng's protocol and cryptography integration.
Kim, Lee, Lee protocol.
III. WORK DONE
In 2005, Y. M. Tseng proposed a lightweight group key
agreement protocol for key agreement and transport [30]. In In order to provide complete cryptography services on
2007, modification on this protocol was made to extend this resource constraint devices various cryptography primitives
protocol. Major strengths of this protocol are: (i) strong discussed in previous section are integrated and its performance
computational efficient conference key agreement and is analyzed on ns-3 simulator using python language [13]. In
transport protocol, (ii) consume lesser power and GE because order to address the first primitive i.e. availability in this work,
of small number of rounds. Weakness of this protocol is: (i) following DoS resilience algorithm is used:
forward and backward secrecies are questionable. Protocol: DoS resilience algorithm
Kim, Lee and Lee proposed a group key agreement Premises: TCP_HDR & ipaddr are the build in structures for
protocol in 2004 [3 1]. Strengths of this protocol are: (i) it is TCP and IP header information. THRESHOLD is
server-less and decentralized group key management protocol, the maximum limit of packet receiving without
(ii) unique identities are selected to generate group key and it halting the any type of service that is set by
is claimed to be protected against unauthorized access, (iii) administrator according to available hardware
provide separate efficient procedures for joining or leaving of resources. ACTIVE OPEN & PASSIVE OPEN
new nodes, (iv) this protocol uses Diffie-Hellman key are the processes that make a particular side ready
agreement protocol initialization mechanism to generate and to send a packet or receive a packet. CLIENTO,
transport keys. Weaknesses of this protocol are: (i) not strong ROUTERO, SERVERO and BLOCKO are the
against impersonation attack, (ii) attack on the integrity of functions to handle the client, router, server and
session is easy. block processes.
Goal: Stop the TCP SYN flooding packets and pass other
Throughput Comparison
packets.
countO
{
static int i=O;
return ++i;
Tseng
}
AODV DSDV DSR Kim Lee Lee BLOCK(struct ipaddr *) { }
packet_receive(TCP_HDR *packet)
MANET Routing Protocols {
int no_ofkts;
no_ofkts=countO;
if (no_ofkts > THRESHOLD)
Figure 6: Throughput comparison ofMANET routing protocols. BLOCK(struct ipaddr->src-addr)
else
{
End to End Delay CLIENT(ACTIVE_OPEN);
Tseng ROUTER(pASSIVE_OPEN);
u 1.5
QI 1
SERVER(PASSIVE_OPEN);
E 0.5
o Kim Lee Lee
CLIENT: SEND(router, SYN)
ROUTER:RECV(router, SYN)
AODV DSDV DSR & SEND(c1ient, COOKIES+ SYN+ACK)
CLIENT: RECV(COOKIES+SYN+ACK)
MANET Protocols CLIENT: SEND(COOKIES+ACK)
ROUTER: RECV(COOKIES+ACK)
If (COOKIE==VALID)
ROUTER: SEND(server, ACK)
else
BLOCK(struct ipaddr->src_addr)
Figure 7: End to End delay ofMANET routing protocols.
857
2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
858
2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
Throughput vs Power Consumption
859
2012 2nd IEEE International Conference on Parallel, Distributed and Grid Computing
860