Encryption Overhead in Embedded Systems and Sensor Network Nodes: Modeling and Analysis

1
Encryption Overhead in Embedded Systems and
Sensor Network Nodes Modeling and Analysis

• Prasanth Ganesan, Ramnath Venugopalan, Pushkin
  Peddabachagari,
• Alexander Dean, Frank Mueller, Mihail Sichitiu
• Center for Embedded Systems Research
• Departments of Computer Science / Electrical and
  Computer Engineering
• North Carolina State University

2
Motivation

• Embedded devices (8 bit processors)
• Security concerns (wireless / RF)
• Need for encryption (PDAs, sensor networks)
• Feasible?
• Too much computational overhead for low-end
  devices?
• How about sensor networks?
• Assess overhead for
• Different architectures
• Different encryption schemes
• Derive analytical model, allows estimation for
• New algorithms
• New architecture

3
Encryption Schemes
Algorithm Type key/hash Block
RC4 stream 128 bits 8 bits
IDEA block 128 bits 64 bits
RC5 block 64 bits 64 bits
MD5 1-way hash 128 bits 512 bits
SHA1 1-way hash 128 bits 512 bits
4
Hardware Platforms
Platform Word Size Clock Freq. I/D-Cache
Atmega 103 8 bits 4 MHz none
Atmega 128 8 bits 16 MHz none
M16C/10 16 bits 16 MHz none
SA-1110 32 bits 206 MHz 16/8KB
PXA250 32 bits 400 MHz 32/32KB
UltraSparc2 64/32 bits 440 MHz 16/16KB
5
Execution Times
6
Clock Cycles
7
Normalized Overhead for the Algorithms
8
Code Size
9
Performance Model Why?

• Feasibility algorithm A on platform P
• derived from performance evaluation on a
  different platform Q
• Asses encryption overhead based on architectural
  parameters
• derive minimum requirements
• New encryption schemes can be evaluated on a
  single hardware platform
• extrapolated to other platforms

10
Base Performance Model
Algorithm a b blocksize(bits)
MD5 203656 86298 512
SHA1 77337 233082 512
RC5 init/encrypt 352114 40061 64
RC5 init/decrypt 352114 39981 64
IDEA encrypt 68289 79977 64
IDEA decrypt 385713 105430 64
RC4 69240 13743 8
11
Refinements for the ISA/architecture

• Multiply support

• RICS vs CISC

aMUL bMUL
with MUL instr. 17002 -1326
without MUL instr. -14438 -8729
aRISC bRISC
RISC -38579 38968
CISC 77175 -103593
12
Model vs. Measurements for MD5
13
Performance Model Why?

• Feasibility algorithm A on platform P
• derived from performance evaluation on a
  different platform Q
• Asses encryption overhead based on architectural
  parameters
• derive minimum requirements
• New encryption schemes can be evaluated on a
  single hardware platform
• extrapolated to other platforms

14
Variance of Execution (SHA-1)

• Important for real-time scheduling

15
Related Work

• Brown et al. PGP in wireless feasible
  (USENIX00)
• Lu et al. RSA on smartcards costly ? 20 secs _at_
  3.57 MHz (SAC00)
• Perrig et al. SPINS (MobiCom02)
• Touch Crypto overhead on general-purpose
  machines (SIGCOMM95)
• Little work on embedded systems
• Freeman/Miller M68k (MASCOTS99)
• Dai Celeron results for Cryto 4.0 benchmarks

16
Conclusion

• Survey
• computational requirements
• for cryptographic algorithms
• and embedded architectures
• Experiments
• mostly uniform cycle overhead for each word size
  (8/16/32 bits)
• but differences among classes
• Parameters that matter text length, block size,
  architectural (few)
• Uniformity ? Approximate Model
• Derive minimum requirements
• predict performance on new hardware