Encryption Overhead in Embedded Systems and Sensor Network
Encryption Overhead in Embedded Systems and Sensor Network Nodes: Modeling and Analysis Prasanth Ganesan, Ramnath Venugopalan, Pushkin Peddabachagari, Alexander Dean, Frank Mueller, Mihail Sichitiu Center for Embedded Systems Research Departments of Computer Science / Electrical and Computer Engineering North Carolina State University 1
Motivation l Embedded devices (8 bit processors) l Security concerns (wireless / RF) l Need for encryption (PDAs, sensor networks) l Ø Ø Feasible? — Too much computational overhead for low-end devices? — How about sensor networks? Assess overhead for — Different architectures — Different encryption schemes Derive analytical model, allows estimation for — New algorithms — New architecture 2
Encryption Schemes Algorithm Type |key/hash| |Block| RC 4 stream 128 bits IDEA block 128 bits 64 bits RC 5 block 64 bits MD 5 1 -way hash 128 bits 512 bits SHA 1 1 -way hash 128 bits 512 bits 3
Hardware Platforms Platform Word Size Clock Freq. I/D-Cache Atmega 103 8 bits 4 MHz none Atmega 128 8 bits 16 MHz none M 16 C/10 16 bits 16 MHz none SA-1110 32 bits 206 MHz 16/8 KB PXA 250 32 bits 400 MHz 32/32 KB 64/32 bits 440 MHz 16/16 KB Ultra. Sparc 2 4
Execution Times 5
Clock Cycles 6
Normalized Overhead for the Algorithms 7
Code Size 8
Performance Model – Why? l Feasibility algorithm A on platform P Ø derived from performance evaluation on a different platform Q l Asses encryption overhead based on architectural parameters Ø derive minimum requirements l New encryption schemes can be evaluated on a single hardware platform Ø extrapolated to other platforms 9
Base Performance Model Algorithm a b blocksize(bits) MD 5 203656 86298 512 SHA 1 77337 233082 512 RC 5 init/encrypt 352114 40061 64 RC 5 init/decrypt 352114 39981 64 IDEA encrypt 68289 79977 64 IDEA decrypt 385713 105430 64 RC 4 69240 13743 8 10
Refinements for the ISA/architecture l Multiply support: l a. MUL b. MUL with MUL instr. 17002 -1326 without MUL instr. -14438 -8729 RICS vs CISC: a. RISC b. RISC -38579 38968 CISC 77175 -103593 11
Model vs. Measurements for MD 5 12
Performance Model – Why? l Feasibility algorithm A on platform P Ø derived from performance evaluation on a different platform Q l Asses encryption overhead based on architectural parameters Ø derive minimum requirements l New encryption schemes can be evaluated on a single hardware platform Ø extrapolated to other platforms 13
Variance of Execution (SHA-1) l Important for real-time scheduling 14
Related Work l l l Brown et al. : PGP in wireless feasible (USENIX’ 00) Lu et al. : RSA on smartcards costly ~20 secs @ 3. 57 MHz (SAC’ 00) Perrig et al. : SPINS (Mobi. Com’ 02) Touch: Crypto overhead on general-purpose machines (SIGCOMM’ 95) Little work on embedded systems: — Freeman/Miller: M 68 k (MASCOTS’ 99) — Dai: Celeron results for Cryto++ 4. 0 benchmarks 15
Conclusion l Survey — computational requirements — for cryptographic algorithms — and embedded architectures l Experiments — mostly uniform cycle overhead for each word size (8/16/32 bits) — but differences among classes — Parameters that matter: text length, block size, architectural (few) l Uniformity Approximate Model — Derive minimum requirements — predict performance on new hardware 16
- Slides: 16