1 encryption overhead in embedded systems and sensor network nodes: modeling and analysis prasanth...
TRANSCRIPT
1
Encryption Overhead in Embedded Systems and Encryption Overhead in Embedded Systems and Sensor Network Nodes: Modeling and AnalysisSensor Network Nodes: Modeling and Analysis
Prasanth Ganesan, Ramnath Venugopalan, Pushkin Peddabachagari,
Alexander Dean, Frank Mueller, Mihail Sichitiu
Center for Embedded Systems ResearchDepartments of Computer Science / Electrical and Computer Engineering
North Carolina State University
2
Motivation
Embedded devices (8 bit processors)
Security concerns (wireless / RF)
Need for encryption (PDAs, sensor networks)
Feasible?— Too much computational overhead for low-end devices?— How about sensor networks?
Assess overhead for— Different architectures— Different encryption schemes
Derive analytical model, allows estimation for— New algorithms— New architecture
3
Encryption Schemes
Algorithm Type |key/hash| |Block|
RC4 stream 128 bits 8 bits
IDEA block 128 bits 64 bits
RC5 block 64 bits 64 bits
MD5 1-way hash 128 bits 512 bits
SHA1 1-way hash 128 bits 512 bits
4
Hardware Platforms
Platform Word Size Clock Freq. I/D-Cache
Atmega 103 8 bits 4 MHz none
Atmega 128 8 bits 16 MHz none
M16C/10 16 bits 16 MHz none
SA-1110 32 bits 206 MHz 16/8KB
PXA250 32 bits 400 MHz 32/32KB
UltraSparc2 64/32 bits 440 MHz 16/16KB
5
Execution Times
6
Clock Cycles
7
Normalized Overhead for the Algorithms
8
Code Size
9
Performance Model – Why?
Feasibility algorithm A on platform P derived from performance evaluation on a different platform Q
Asses encryption overhead based on architectural parameters derive minimum requirements
New encryption schemes can be evaluated on a single hardware platform extrapolated to other platforms
10
Base Performance Model
Algorithm a b blocksize(bits)
MD5 203656 86298 512
SHA1 77337 233082 512
RC5 init/encrypt 352114 40061 64
RC5 init/decrypt 352114 39981 64
IDEA encrypt 68289 79977 64
IDEA decrypt 385713 105430 64
RC4 69240 13743 8
11
Refinements for the ISA/architecture
Multiply support: RICS vs CISC:
aMUL bMUL
with MUL instr. 17002 -1326
without MUL instr. -14438 -8729
aRISC bRISC
RISC -38579 38968
CISC 77175 -103593
12
Model vs. Measurements for MD5
0 10 20 30 40 50 60 70 8010
1
102
103
104
105
Plaintext [bytes]
Exe
cutio
n t
ime
[mic
rose
cond
s]Atmega103 measuredAtmega103 predictedM16C/10 measuredM16C/10 predictedXScale200 measuredXScale200 predictedSparc440 measuredSparc440 predicted
13
Performance Model – Why?
Feasibility algorithm A on platform P derived from performance evaluation on a different platform Q
Asses encryption overhead based on architectural parameters derive minimum requirements
New encryption schemes can be evaluated on a single hardware platform extrapolated to other platforms
14
Variance of Execution (SHA-1)
Important for real-time scheduling
35 595
1155 17
15 2275 28
35 3395 39
55 4515 50
75 5635 61
95 6755
S1
S25
S49
0
100
200
300
400
500
600
700
800
900
1000
Time (us)MessageSize
900-1000
800-900
700-800
600-700
500-600
400-500
300-400
200-300
100-200
0-100
15
Related Work
Brown et al.: PGP in wireless feasible (USENIX’00)
Lu et al.: RSA on smartcards costly ~20 secs @ 3.57 MHz (SAC’00)
Perrig et al.: SPINS (MobiCom’02)
Touch: Crypto overhead on general-purpose machines (SIGCOMM’95)
Little work on embedded systems:— Freeman/Miller: M68k (MASCOTS’99)— Dai: Celeron results for Cryto++ 4.0 benchmarks
16
Conclusion
Survey
— computational requirements
— for cryptographic algorithms
— and embedded architectures
Experiments
— mostly uniform cycle overhead for each word size (8/16/32 bits)
— but differences among classes
— Parameters that matter: text length, block size, architectural (few)
Uniformity Approximate Model
— Derive minimum requirements
— predict performance on new hardware