Title: Encryption Overhead in Embedded Systems and Sensor Network Nodes: Modeling and Analysis
1Encryption Overhead in Embedded Systems and
Sensor Network Nodes Modeling and Analysis
- Prasanth Ganesan, Ramnath Venugopalan, Pushkin
Peddabachagari, - Alexander Dean, Frank Mueller, Mihail Sichitiu
- Center for Embedded Systems Research
- Departments of Computer Science / Electrical and
Computer Engineering - North Carolina State University
2Motivation
- Embedded devices (8 bit processors)
- Security concerns (wireless / RF)
- Need for encryption (PDAs, sensor networks)
- Feasible?
- Too much computational overhead for low-end
devices? - How about sensor networks?
- Assess overhead for
- Different architectures
- Different encryption schemes
- Derive analytical model, allows estimation for
- New algorithms
- New architecture
3Encryption Schemes
Algorithm Type key/hash Block
RC4 stream 128 bits 8 bits
IDEA block 128 bits 64 bits
RC5 block 64 bits 64 bits
MD5 1-way hash 128 bits 512 bits
SHA1 1-way hash 128 bits 512 bits
4Hardware Platforms
Platform Word Size Clock Freq. I/D-Cache
Atmega 103 8 bits 4 MHz none
Atmega 128 8 bits 16 MHz none
M16C/10 16 bits 16 MHz none
SA-1110 32 bits 206 MHz 16/8KB
PXA250 32 bits 400 MHz 32/32KB
UltraSparc2 64/32 bits 440 MHz 16/16KB
5Execution Times
6Clock Cycles
7Normalized Overhead for the Algorithms
8Code Size
9Performance Model Why?
- Feasibility algorithm A on platform P
- derived from performance evaluation on a
different platform Q - Asses encryption overhead based on architectural
parameters - derive minimum requirements
- New encryption schemes can be evaluated on a
single hardware platform - extrapolated to other platforms
10Base Performance Model
Algorithm a b blocksize(bits)
MD5 203656 86298 512
SHA1 77337 233082 512
RC5 init/encrypt 352114 40061 64
RC5 init/decrypt 352114 39981 64
IDEA encrypt 68289 79977 64
IDEA decrypt 385713 105430 64
RC4 69240 13743 8
11Refinements for the ISA/architecture
aMUL bMUL
with MUL instr. 17002 -1326
without MUL instr. -14438 -8729
aRISC bRISC
RISC -38579 38968
CISC 77175 -103593
12Model vs. Measurements for MD5
13Performance Model Why?
- Feasibility algorithm A on platform P
- derived from performance evaluation on a
different platform Q - Asses encryption overhead based on architectural
parameters - derive minimum requirements
- New encryption schemes can be evaluated on a
single hardware platform - extrapolated to other platforms
14Variance of Execution (SHA-1)
- Important for real-time scheduling
15Related Work
- Brown et al. PGP in wireless feasible
(USENIX00) - Lu et al. RSA on smartcards costly ? 20 secs _at_
3.57 MHz (SAC00) - Perrig et al. SPINS (MobiCom02)
- Touch Crypto overhead on general-purpose
machines (SIGCOMM95) - Little work on embedded systems
- Freeman/Miller M68k (MASCOTS99)
- Dai Celeron results for Cryto 4.0 benchmarks
16Conclusion
- Survey
- computational requirements
- for cryptographic algorithms
- and embedded architectures
- Experiments
- mostly uniform cycle overhead for each word size
(8/16/32 bits) - but differences among classes
- Parameters that matter text length, block size,
architectural (few) - Uniformity ? Approximate Model
- Derive minimum requirements
- predict performance on new hardware