5
Performance Analysis of ID-Based Authentication On Zigbee Transceiver Roszainiza Rosli 1 , Yusnani Mohd Yusoff 2 , Habibah Hashim 3 Faculty of Electrical Engineering Universiti Teknologi MARA Shah Alam, Malaysia [email protected], (yusna227, habib350)@salam.uitm.edu.my AbstractIt is widely recognized that wireless sensors are not only resource constrained but are vulnerable to outsider and insider attacks. As such wireless sensor networks (WSNs) have to be designed using low energy wireless sensor devices as well be implemented with due consideration for the security of the network. In a previous work, we have identified IBE as one of the most suitable protocol for WSN. In this paper, we present an implementation of the IBE-Trust protocol on workstations, which then, communicate with each other through Zigbee transceivers (XBee). Energy comparison based on different data size input between RSA-1024, conventional ECC-160 and IBE- Trust protocol are identified. Experimental and theoretical results of IBE-Trust protocol communication also are compared. It was found, IBE-Trust protocol consumes less energy compare to RSA-1024, but, more energy consumption than ECC-160. We believe the code design and distance are the major factors that lead to high energy consumption. Keywords-Identity-Based; secure; energy consumption; Transmission; Reception I. INTRODUCTION Wireless Sensor Networks (WSNs) are being applied in various areas in our life such as medical monitoring, traffic monitoring, environment monitoring and others [1][2][3]. It generally consists of a forest of sensor nodes and base station as a root of every tree which communicates. Sensor nodes basic activities which are detection, data transmission and data processing consumes a lot of energy and contributes most to loss of battery energy and node lifetime. The physical structure and the remote assignment of the sensor node itself make it vulnerable to outsider and insider attacks [4]. Although sensor networks platforms have been designed to overcome many of the disadvantages mentioned above, there is a need to develop an efficient authentication protocol that could further enhance the security of communication in WSNs while reducing the energy required providing these security services. A simple method of authentication in unicast communication the sender to be assured that the received message is from the claimed sender by checking on the message authentication code (MAC) [5][6]. However in broadcast communication, symmetric MAC is impracticable due to disclosure information of MAC key in the network[7]. If any of the receivers knows the MAC key, it could impersonate the sender and forward messages to other receivers. Therefore an asymmetric mechanism is important for a more secured broadcast communication. A conventional algorithm of Public Key Cryptography (PKC), e.g. RSA/DSA has also been found inadequate for WSNs due to the energy consumption and memory usage. Finally, in [8][9], the idea on using Elliptic Curve Cryptography (ECC) have proven that ECC is feasible in WSNs. An energy analysis of public key on wireless devices was comprehensively discussed in [10][11][12]. They showed that ECC is entails less computation and less memory usage compared to RSA without affecting on the security level. Nevertheless, for an efficient deployment of ECC in WSNs, Public Key Infra-Structure (PKI) is required to prevent from man-in-the-middle attacks, although it does not solve the problem of still relying on the existence third party certificate authorities (CA) within the network. Inspired by this particular problem, Shamir [13] proposed an Identity-Based Encryption (IBE) by using unique ID to generate a public key. A fully functional IBE was developed by applying pairing in the algorithm. Applying an ID-based authentication for WSN nodes is an energy-saving method for mitigating attacks against secure communication. This paper provides a description of the implementation of IBE-Trust protocol on communication using Zigbee transceivers. A detailed discussion on the authentication, IBE protocol and IBE-Trust protocol will be discussed in Section II. Section III presents the implementation of IBE-Trust protocol on Zigbee transceiver. Then in Section IV is the experimental outcomes are discussed with respect to analytical results. Next, a summary of the paper is provided in Section V and finally, future works are proposed in Section VI. II. PRELIMINARIES A. Identity-Based Encryption (IBE) IBE proposed by Shamir [13] was designed to overcome some of the problems in conventional PKI. It removes the need for certificate issuance by a third party CA to obtain recipient’s public key by only using the recipient’s unique ID (e.g. an email address) to generate them and encrypt messages for given entities. Only the legitimate entities can decode the message. This scheme consists of four algorithms which are: 2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia 978-1-4673-2210-2/12/$31.00 ©2012 IEEE 187

[IEEE 2012 IEEE Symposium on Wireless Technology & Applications (ISWTA) - Bandung, Indonesia (2012.09.23-2012.09.26)] 2012 IEEE Symposium on Wireless Technology and Applications (ISWTA)

  • Upload
    habibah

  • View
    215

  • Download
    3

Embed Size (px)

Citation preview

Performance Analysis of ID-Based Authentication

On Zigbee Transceiver

Roszainiza Rosli1, Yusnani Mohd Yusoff2, Habibah Hashim3 Faculty of Electrical Engineering

Universiti Teknologi MARA Shah Alam, Malaysia

[email protected], (yusna227, habib350)@salam.uitm.edu.my Abstract— It is widely recognized that wireless sensors are not only resource constrained but are vulnerable to outsider and insider attacks. As such wireless sensor networks (WSNs) have to be designed using low energy wireless sensor devices as well be implemented with due consideration for the security of the network. In a previous work, we have identified IBE as one of the most suitable protocol for WSN. In this paper, we present an implementation of the IBE-Trust protocol on workstations, which then, communicate with each other through Zigbee transceivers (XBee). Energy comparison based on different data size input between RSA-1024, conventional ECC-160 and IBE-Trust protocol are identified. Experimental and theoretical results of IBE-Trust protocol communication also are compared. It was found, IBE-Trust protocol consumes less energy compare to RSA-1024, but, more energy consumption than ECC-160. We believe the code design and distance are the major factors that lead to high energy consumption.

Keywords-Identity-Based; secure; energy consumption; Transmission; Reception

I. INTRODUCTION Wireless Sensor Networks (WSNs) are being applied in

various areas in our life such as medical monitoring, traffic monitoring, environment monitoring and others [1][2][3]. It generally consists of a forest of sensor nodes and base station as a root of every tree which communicates. Sensor nodes basic activities which are detection, data transmission and data processing consumes a lot of energy and contributes most to loss of battery energy and node lifetime. The physical structure and the remote assignment of the sensor node itself make it vulnerable to outsider and insider attacks [4]. Although sensor networks platforms have been designed to overcome many of the disadvantages mentioned above, there is a need to develop an efficient authentication protocol that could further enhance the security of communication in WSNs while reducing the energy required providing these security services.

A simple method of authentication in unicast communication the sender to be assured that the received message is from the claimed sender by checking on the message authentication code (MAC) [5][6]. However in broadcast communication, symmetric MAC is impracticable due to disclosure information of MAC key in the network[7]. If any of the receivers knows the MAC key, it could

impersonate the sender and forward messages to other receivers. Therefore an asymmetric mechanism is important for a more secured broadcast communication. A conventional algorithm of Public Key Cryptography (PKC), e.g. RSA/DSA has also been found inadequate for WSNs due to the energy consumption and memory usage. Finally, in [8][9], the idea on using Elliptic Curve Cryptography (ECC) have proven that ECC is feasible in WSNs. An energy analysis of public key on wireless devices was comprehensively discussed in [10][11][12]. They showed that ECC is entails less computation and less memory usage compared to RSA without affecting on the security level.

Nevertheless, for an efficient deployment of ECC in WSNs, Public Key Infra-Structure (PKI) is required to prevent from man-in-the-middle attacks, although it does not solve the problem of still relying on the existence third party certificate authorities (CA) within the network. Inspired by this particular problem, Shamir [13] proposed an Identity-Based Encryption (IBE) by using unique ID to generate a public key. A fully functional IBE was developed by applying pairing in the algorithm.

Applying an ID-based authentication for WSN nodes is an energy-saving method for mitigating attacks against secure communication. This paper provides a description of the implementation of IBE-Trust protocol on communication using Zigbee transceivers. A detailed discussion on the authentication, IBE protocol and IBE-Trust protocol will be discussed in Section II. Section III presents the implementation of IBE-Trust protocol on Zigbee transceiver. Then in Section IV is the experimental outcomes are discussed with respect to analytical results. Next, a summary of the paper is provided in Section V and finally, future works are proposed in Section VI.

II. PRELIMINARIES A. Identity-Based Encryption (IBE)

IBE proposed by Shamir [13] was designed to overcome some of the problems in conventional PKI. It removes the need for certificate issuance by a third party CA to obtain recipient’s public key by only using the recipient’s unique ID (e.g. an email address) to generate them and encrypt messages for given entities. Only the legitimate entities can decode the message. This scheme consists of four algorithms which are:

2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia

978-1-4673-2210-2/12/$31.00 ©2012 IEEE 187

1. SETUP – with a security parameter ts, SETUP generates the global system parameters tg and a secret value, i.e. master key. The system parameters include a description of a finite message space M, and a description of a finite chipertext space C. In WSNs, SETUP is performed by the base station. System parameters tg are published to public while master key is kept secret in base station.

2. EXTRACT – take as input of global system parameters tg and master key which obtain during SETUP, with arbitrary string ID∈{0,1}* , base station generates private key K. In PKI, an issued certificate contains the validity of period, while in IBE, expiration key system can be done by cascading the arbitrary string ID with specific period of time, e.g. “[email protected]||year2012”. Bob requests and authenticates himself to base station to obtain his private key K which is valid for use in 2012 only. By performing the same method of validation, it enables postdating of messages for future decryption and enables automatic message expiration.

3. ENCRYPT –using the generated global system parameters tg in SETUP and corresponding public key ID KID to generate chipertext C from plaintext M. Recipient’s public key certificate is no more necessary and pre-enrollment is no more required to encrypt messages in IBE scheme.

4. DECRYPT - decode chipertext using requested private key K which obtained during EXTRACT.

sender. In [6], Perrig et al. discussed the basic requirements of authentication protocol in WSN. The basic requirements of authentication protocol in WSN are:

• Data confidentiality – Private information of sensor node need to keep secure

• Mutual Authentication – Original identity of each entity who involve in the communication need to be recognized by each other to prevent cloning attack.

• Anonymity – Information of sensor node must anonymous.

• Data Integrity – Received data is guarantee unaltered by any replay attack.

• Instant Authentication – Quick authentication process. • Data Freshness – The received data is ensured

recent data and no adversary replay old message.

Authentication between sensor node and base station is a crucial step since the base station is the getway of the sensor node to the outside world. Therefore, it is imperative to ensure that all sensor nodes under the base station are trusted nodes. C. IBE-Trust Protocol

The IBE-Trust protocol is an identity-based key distribution scheme to establish a secure communication platform. This protocol is composed of offline and online stages.

In the offline stage, global system parameters and public key are stored in every sensor node in the network, while, each sensor node’s unique ID and trust value in the network are stored in base station’s trust list. Trust value is a value that is a result of platform measurement performed during boot up process of the sensor node.

Figure 1. Identity-Based Encryption (IBE). B. Authentication in WSNs

Authentication is an activity of validating the authenticity of an entity in the communication. Since WSNs are open communication networks, which are exposing to passive attacks such as, eavesdropping, man-in-the middle, replay attack and cloning attack, it is vitally necessary to develop authentication protocol in the communication. Authentication protocol is required to enable sensor node to authenticate broadcast messages from base station, to enable base station to authenticate messages from sensor node, and to enable authentication among sensor nodes. Thus, it assists in guaranteeing the received packet is truly from the legitimate

Figure 2. Offline stage of IBE-Trust protocol

In the online stage, sensor node reboots to generate the trust value which is expected to be equal with the value obtained during offline phase. It then generates a nonce. We encrypt the trust value and the nonce with the base station public key to prevent the information being exposed. Next, the sensor node sends the encrypted value with its ID. After receiving this message from the sensor node, the base station firstly checks the sensor node ID to see whether it is listed in the trust list. If the ID does not exist, the packet will be

2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia

188

discarded. Otherwise, the base station decrypts the chipertext and verifies the received trust value with the one existed in a trust list.

Finally, the base station responds to the sensor node to inform it that authentication process has been successfully completed by generating a new nonce based from the nonce that received earlier from sensor node. The total transmission from sensor node to base station, during online stage is 280 bytes of payload. The 280 bytes of payload is consists of 3 bytes of sensor node’s ID, 259 bytes of key file and 18 bytes of chipertext. While total transmission data size from base station to sensor node are 2 bytes payload of nonce.

Figure 3. Online stage of IBE-Trust protocol

III. EXPERIMENT AND RESULTS

We implemented the IBE-Trust protocol on two HP xw4550 workstations, with 2.59GHz and 2.0GB of RAM, which act as a sensor node and a base station respectively. Via Zigbee transceiver and serial port programming, data transmission between two entities is successfully done. Energy consumption of data transmission is measured by multiplying the operating energy of the Zigbee transceiver by transmission time. Transmission time is obtained from the clock setup in a serial port programming. Table I below shows the specifications of Zigbee transceiver [14].

TABLE I. SPECIFICATION OF ZIGBEE TRANSCEIVER XBee® ZB Transceiver

RF Data Rate 250 Kbps

Interface Data Rate Up to 115.2 Kbps

Transmit Current 35 mA @ 3.3VDC

Receive Current 50 mA @ 3.3VDC

As mentioned earlier in section II C, the client transmits 280

bytes of payload to base station, while, the base station transmits 2 bytes of payload to the sensor node. For XBee Series 1 with 64-bit addressing, node is enables to send data up to 100 bytes of payload and 25 bytes of header. Hence, the total

size of data transmission from client to base station is 355 bytes, and 27 bytes from base station to sensor node.

TABLE II. DATA SIZE OF TRANSMISSION Transmission Payload Packet Total data

(byte) size (byte)Sensor Node 280 3 355→Base Station

Base Station 2 1 27→ Sensor node

A. Result

With the help of the Zigbee transceiver (XBee Series 1), it takes 0.1985 seconds to transmit 355 bytes of data size from sensor node to base station. Thus, it had taken 8.984µWs energy consumption to transmit a bit. However, it takes around 6.5 times longer to receive the same amount of data which ensuing 58.616µWs per bit. Table III presented the energy consumption for 355 bytes and 27 bytes of data transmission and reception between sensor node and base station.

TABLE III. ENERGY CONSUMPTION FOR 355 BYTES OF DATA TRANSMIT AND DATA RECEIVE DURING ONLINE STAGE OF IBE-TRUST PROTOCOL VIA ZIGBEE

TRANSCEIVER (XBEE) Current Volt Time Energy Energy

(mA) (V) (s) (mWs) / bit

(mWs/

bit)

Transmit 35 3.3 0.1985 22.92 0.008

Receive 50 3.3 0.9066 149.589 0.053

To reply to a sensor node, the base station only needs to

sends 27 bytes of data size which consumes 1.848 mWs energy for data transmission. It takes 0.531 seconds for the sensor node to receive the data hence consuming 87.615 mWs for this event.

TABLE IV. ENERGY CONSUMPTION FOR 27 BYTES OF DATA TRANSMIT AND RECEIVE DURING ONLINE STAGE OF IBE-TRUST PROTOCOL VIA ZIGBEE

TRANSCEIVER (XBEE) Current Volt Time Energy Energy /

(mA) (V) (s) (mWs) bit

(mWs/bit)

Transmit 35 3.3 0.016 1.848 0.009

Receive 50 3.3 0.531 87.615 0.406

Based on the result that we have obtained, it was found that

it takes a longer time to receive data compared transmitting data. The graph in Figure 4 shows the comparison of energy consumption between transmission and reception.

2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia

189

Figure 4. Comparison of energy consumption between transmit and receive of IBE-Trust protocol at 3.3V supply volt.

IV. COMPARISON

In [15], the authors stated that RSA-1024 requires a client to transmit 490 bytes of payload and a server to transmit 314 bytes of payload which results in 5 packets of data transmission from client to server and 4 packets from server to client. However, with ECC-160, client and server transmit 138 bytes of payload each. Having considered that the energy consumption per bit (energy divide by RF data rate) for transmission at 3.3V supply voltage is 0.462 µWs/bit, therefore, the total energy consumption of 5 packets and 4 packets transmission respectively for RSA are 2.469 mWs and 1.353 mWs. The entire data transmission consumed 3.822 mWs. In the case of ECC-160, it would have consumed 0.606 mWs for both client and server. By deploying an IBE-Trust protocol which takes only 3 packets to send from sensor node to base station and 1 packet in the opposite way, the total energy consumption of client’s data transmission are 1.179 mWs and 0.077 mWs from base station to sensor node. Altogether, 1.256 mWs energy consumption for the entire data transmission. The graph in Figure 5 shows that IBE-Trust can save around 62% of energy consumption of data transmission compare to RSA-1024. Nevertheless, IBE-Trust protocol consumed around 16% more energy compare to ECC for total data transmission.

In addition, we compare the energy consumption during transmit 280 bytes of payload of IBE-Trust protocol between experimental with the theoretical. The graph in Figure 6 shows a considerable disagreement between energy consumption of data transmission in experiment and the value obtained through calculation. In best condition, we able to transmit the 280 bytes of payload without delay, while, in worst condition, delays are exist and waiting for Clear Channel Assessment (CCA) to clear, looping till 4 times [16]. We realize that programming overhead is the major factor which leads to heavy energy consumption and need to be considered in the future work.

Figure 5. Comparison of energy consumption of data transmit between RSA-1024, ECC-160 and IBE-Trust at 3.3 V with 250 kbit/s RF data rate. Figure 6. Comparison of energy consumption for transmit of 280 bytes of payload data between experimental and theoretical at 250 kbps RF data rate, maximum 115.2 interface data rate and via experiment.

V. CONCLUSION In this paper, firstly we identified the best cryptography

algorithm which suitable for WSN. Instead of choosing ECC-160, we choose IBE scheme to eliminate the existence of certificate authority.

We conducted IBE-Trust protocol on two HP workstations and two Zigbee transceivers (XBee). We found that data sending is not a bigger factor that contributes to heavy energy consumption compare to receiving of data. Based on the different data size input, we measured overall energy consumption during data transmission and data receiving of IBE-Trust protocol. By using the same method, we calculated energy consumption of RSA-1024 and ECC-160 for data transmitting and data receiving then compared the result with IBE-Trust protocol. As a result, IBE-Trust protocol is less energy consuming than RSA-1024, but, incurs more energy than ECC-160.

Our main contribution in this paper is the implementation of IBE-Trust protocol and analytical performance comparison of conventional public key cryptography and ID-based cryptography.

2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia

190

VI. FUTURE WORK In the future, we suggest improving on the programming

technique and implementing the protocol on a sensor network application in order to obtain the total energy consumption related to cryptography computation overhead for entire data transmission.

ACKNOWLEDGEMENT

The authors would like to thank Research Management Institute, Universiti Teknologi MARA for financial support and members WSN and Trusted Computing team for their ideas and helpful feedback.

REFERENCES

[1] Z. Rasin, “Water Quality Monitoring System Using Zigbee Based Wireless Sensor Network,” International Journal of Engineering.

[2] R. Mittal and M. P. S. Bhatia, “Wireless Sensor Networks for Monitoring the Environmental Activities,” Analysis, 2010.

[3] N. Mohamed, I. Jawhar, and J. Al-Jaroodi, “Monitoring Underwater PIpelines Using Sensor Networks,” 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC), pp. 346-353, Sep. 2010.

[4] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “Wireless sensor networks�: a survey,” Computer Networks, vol. 38, pp. 393-422, 2002.

[5] D. LIU and P. Ning, “Multi-Level µTESLA: Broadcast Authentication for Distributed Sensor Networks,” 2005.

[6] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler, “SPINS�: Security Protocols for Sensor Networks,” Design, pp. 521-534, 2002.

[7] Kui Ren, Kai Zeng, Wenjing Lou, and Patrick J. Moran, “On Broadcast Authentication in Wireless Sensor Networks,” Sensors (Basel, Switzerland), vol. 10, no. 9, pp. 8683-8695, Jan. 2010.

[8] H. Wang, B. Sheng, and Q. Li, “Elliptic curve cryptography-based access control in sensor networks,” International Journal of Security and Networks, vol. 1, no. 3/4, p. 127, 2006.

[9] E.-oliver Blaß and M. Zitterbart, “Efficient Implementation of Elliptic Curve Cryptography for Wireless Sensor Networks,” Advances in Mathematics of Communications, vol. 4, no. TM-2005-1, pp. 169-187, 2005.

[10] N. Gura, A. Patel, and A. Wander, “Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs,” in Cryptographic Hardware and Embedded Systems - CHES 2004, vol. 3156, no. Computer Science, M. Joye and J.-J. Quisquater, Eds. Springer Berlin / Heidelberg, 2004, pp. 925-943.

[11] K. Piotrowski, P. Langendoerfer, F. Oder, S. Peter, and D. S. Engineering, “How Public Key Cryptography Influences Wireless Sensor,” Time, pp. 169-176, 2006.

[12] A. S.Wander, N. Gura, H. Eberle, and Vipul Gupta, “Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks,” Third IEEE International Conference on Pervasive Computing and Communications, pp. 324-328.

[13] A. Shamir, “Identity-Based Cryptosystems and signature schemes.pdf.” Springer, pp. 47-53, 1984.

[14] X. X.-pro R. F. Modules, “XBee ® / XBee-PRO ® RF Modules,” East, 2009. [Online]. Available: http://ftp1.digi.com/support/documentation/90000982_B.pdf.

[15] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, “Energy Analysis of Public -Key Cryptography on Small Wireless Devices,” pp. 1-16.

[16] "Sending data through 802.15.4 network latency timing. Knowledge Base Article - Digi Online. Available : http://www.digi.com/support/kbase/ kbaseresultdetl?id=3065.

2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), September 23-26, 2012, Bandung, Indonesia

191