Energy Efficient Security Services for Limited - IEEE Xplore

Download PDF
2 downloads 457 Views 4MB Size Report
Comment
transmission, security services are of paramount importance to sufficiently protects information while minimizing ... paramount importance in wireless networks.
Energy Efficient Security Services for Limited Wireless Devices Phongsak Keeratiwintakorn' and Prashant Krishnamurthy2, Member, IEEE Abstract-Due to broadcast nature of wireless radio transmission, security services are of paramount importance to protect information exchanged in a wireless network. However,

providing security services increases the computation and hence energy consumption due to cryptographic algorithms. Energy

tends to be a very limited resource for wireless devices operating on battery. Thus, energy efficient security services are necessary to operate limited wireless devices securely. In this paper, we propose Tunable Security Model (TSM) to minimize energy consumption while providing security services such that the user's security level requirement is satisfied. From our experiments in IEEE 802.11 wireless networks, it is shown that using TSM can save up to 8% energy for low-level security, and up to 43% energy for high-level security.

Index Terms-energy, efficient, security, limited, wireless

I. INTRODUCTION Pervasive computing requires devices to be "disappeared" [1]. To be disappeared or invisible, devices typically are small and wireless, and hence have very limited power such as from a small battery. Therefore, energy efficiency has been an important issue in pervasive computing. Security is also of paramount importance in wireless networks. Devices in wireless networks are vulnerable to attacks such as eavesdropping because of the exposure of the radio transmission signal. However, providing security requires intensive computation and high energy consumption; hence, it is unlikely employed in the devices. It is very challenging to provide security for devices in pervasive computing, which have limited battery power. In this paper, we propose a new energy efficient security service for the devices at a packet level to provide packet encryption and/or message authentication in IEEE 802.11 networks. The new energy efficient security service enables users to have an optimal security level that minimizes the energy consumption and also meet users' security requirement. In our previous work, we measure energy consumption of each cryptographic function such as encryption and propose an energy model for each cryptographic algorithm such as AES and RC5 [2]. We also proposed a simple energy efficient security service for Wireless Local Area Networks (WLANs). From our previous work, it is possible to provide security 1 p. Keeratiwintakorn is with the Department of Electrical Engineering, King Mongkut's Institute of Technology, North Bangkok, Bangkok, Thailand (corresponding author to provide phone: ±66 2 9132500; fax: ±66 2 913 2500 ext. 8518; e-mail: [email protected]). 2 p* Krishnamurthy is with University of Pittsburgh, Pittsburgh, PA 15260 USA. (e-mail: [email protected]).

O-7803-9410-O/06/$20.OO ©C2006 IEEE.

services such as encryption in pervasive networks such that it sufficiently protects information while minimizing the energy cost. We trade off energy consumption with the strength of

servcs The str of secrityoservice n be adjusted based on the number of years information needed to be protected. For example, using 128-bit ABS can provide protection for 70 years or until year 2075 [3], and requires 23.27 mJ to encrypt 1 MB of data using our measurement method [2]. We assume that the data packet size is 64 bytes. security

By reducing the protection to 20 years, it only requires 17.55 mJ or about 25% of energy reduction. This work is based on assumption that users know how many years the information

exchanged is to be protected. In this paper, we will discuss related work in Section II and Tunable Security Model (TSM) that a security level can be adjusted such that it meets a minimum security requirement in Section III. In addition, we will describe our energy consumption models of security functions and algorithms in Section IV. We will evaluate our work using TSM model and compare with the fixed-level security standard for IEEE 802.11 networks in Section V, and conclude our work in Section VI.

II. RELATED WORK Security services have been introduced to pervasive networks such as sensor networks in TinySec project [4]. The purpose of this project is to employ a standard cipher such as Skipjack or RC5 into sensor motes [5]. However, the project utilizes a fixed level of security. For example, a 64-bit RC5 is utilized to encrypt all data packets. In [6], it is shown that the amount of computation due to security functions is varied because of the difference in security algorithms used to provide security services for sensor networks. In [7], the code optimization techniques are used to reduce the amount of computation of several encryption algorithms. It is shown that no encryption algorithm performs best. For example, AES requires more memory, but performs faster than RC5. Additionally, RC5 key setup overhead is more than that of ABS. This makes RC5 inferior to short packet transmission. By using our proposed scheme, we can adjust the level of security (by reducing computation) that satisfies specific security requirements, and utilize different security algorithms based on transmission packet size to further minimize energy consumption of wireless devices. The level adjustment and the algorithm selection are described in Tunable Security Model.

III. TUNABLE SECURITY MODEL In Tunable Security Model (TSM), we make use of the fact that different encryption schemes consume different levels of energy depending on packet size and security level. In [2], we have shown that the energy consumption of security services such as encryption and message authentication can be different due to factors such as key size, number of operational rounds, type of ciphers as well as the data packet size. The energy consumption of cryptographic primitives can be best captured using the cycle counting method [2, 8-10]. In [11], we have modeled the energy consumption of a variety of ciphers varying several parameters based on extensive experimental results some of which are available in [2]. The goal of TSM is to make the security protocol be tunable depending on the type of packet that is being transmitted so that there is a sufficient level of security at the packet level. Our goal is to find a sufficient security level based on network packet types and to provide security services according to the security level instead of a fixed security level. To be able to determine the security level, we need to identify "sufficient security" in a quantitative manner that can be converted to parameters that can be mapped to cipher algorithms. A. Interpretation of Security Level Generally, security level is very abstract and it can only be qualitatively determined. Other previous works have proposed ways to qualitatively indicate the security level. In [12], the security level is simply classified as low, medium, and high. For each level, security is numerically assigned based on a fixed key size and integrity rate for security. For example, low security means using 56-bit keys and providing message integrity to 60% of all packets. Similarly, in [13], the security level is called a class, each of which uses different algorithms and protocols. In fact, we cannot provide security based on an abstract level, and we need an understandable and quantitative a the security leve level. Wewecanwantitately quantitatively way toto specfy e security based on the cost data we want to protect provide security of security, it is is "unbreakable" provide to Since it impossible it breaking of cost on the based common to define security more than the benefit from it or the being gained breaking value of the data being compromised. The value of data is naturally time-sensitive; for example, data we want to protect may be worth a lot today, but may be worthless after 20 days or 100 years. Thus, we propose to define the security level based on the time we need to protect any information or data. B. Calculating Security Module Parameters In the previous section, we proposed to use the number of years as a measure of the security level to provide security services to packets. We need to map the number of years to appropriate key sizes and the number of operational rounds of different ciphers. Commonly, the security levelis only defined in term Of thle key size. The longer thle key size, thle highler thle security level. However, this assumes that the number of operational rounds is fixed at a level that the cryptanalysis

attack is completely impossible. Using only the key size, we may not be able to provide a "true" different security level, which in fact also relies on the number of operational rounds of a cipher. It is commonly known [11, 14] that increasing the number of rounds provides higher cipher robustness thus yielding a higher security level against cryptanalysis attacks. Cryptanalysis attacks (not brute force key search) on block ciphers require large amounts of plaintext-ciphertext data. As the input goes through more rounds, it is harder to trace back from the output to input; hence, providing strong encryption. As the number of rounds reduces, the amount of data and the number of operations (both of which translate into time) required to break a cipher also reduces thereby reducing the security level. However, an increase in the number of rounds increases the amount of energy consumed by the cryptographic primitive. Therefore, we propose to utilize both the key size and the number of operational rounds as parameters for adjusting the security level. For easy understanding, we will call both the key size and the number of operational rounds as TSMParameters. Fig. 1 shows how we calculate the TSM Parameters. From the number of years and data needed for protection, we calculate the appropriate key size using the security model proposed by Lenstra and Verheul [3]. The key size (KS) is calculated using the following formula: KS = 56 + (y + y'- 1982) x (121m +

1/b)

(1)

where y is the number of years needed for security, y' is the crnth year (ye 20) Here mit average numbr of months that the CPU speed and available memory are doubled. According to Moore's law, we let m =18. The b is the number of years that the available budget for attacking is doubled, and we define b =10 as described in detail in [3]. After having the needed key size for a cipher, it is easy to compute the Message Authentication Code (MAC) size. The needed MAC size can be derived using Birthday Paradox

attack where only 22 operations are needed to break the

MAC where n is the MAC size in bits. Note that we require 2

operations for key searching attack, where n is the number of the key to provide an equivalent security level of MAC to the cipher, the MAC size should be twice as long as the cipher key size. of

ebits

Therefore,

MAC size

-I

|

Avilbl mt K _ft~

-lData

1: RoutEs

I)F-toa( Roundsr

Fig. 1lTheTISM Parameter Space

outputs of 160, 256, 384, and 512 bits. The CBC-MAC algorithm generates a MAC output using a block cipher. In our study, we choose to use 128-bit AES with the CBC-MAC which generates a 128-bit output. To generate longer outputs, we use HMAC with SHA algorithm. HMAC can be used with any hash function such as MD5 or SHA. The MD5 algorithm, known to be more efficient than SHA, but it is not as secure as SHA [17]. The SHA algorithm is also known to have weakness, but the weakness is not as severe as that in MD5. However, a recent debate suggests that the use of MD5 and AMMY= 0.5 X 2(Y'+ Y -]982)(]2 m+-/b) (2) SHA with HMAC is secure in spite of the weakness [18]. Despite the attack and the debate, we choose SHA because where AMMY is the available MMY that is possible to have SH istadrze byNT,ndtiswelue. Aditionally,zSH prouc arb ot sizesyofs160 in year y' + y. This calculation is based on the MMY margin ~~Additionally, SHA ca can produce variable output sizes of 160, MMYthis incase) case) [3].25,34an51bis [3]. (0.5 MMY(0.5 in this Then, we need to compute the possible amount of data 256, 384, and 512 bits. IV. ENERGY CONSUMPTION OF SECURITY FUNCTIONS available for cryptanalysis attack. The amount of data depends on the available packet rate and the key lifetime. The key lifetime says how long a session key will be used to provide To calculate energy consumption of cryptographic functions such as encryption, we use energy consumption Along key letim emaes th protocol more vulnerable. Based on the key lifetime, we models as proposed in [11]. We summarize the relevant the energy consumption models based on the results from [2, 11]. the the In all cases, it is possible to represent the energy consumed by Usin rate and the key lifetime. Using the possible amount of data ob rporpi rmtv akto available and the MMY as the number of possible operations, a cryptographic primitive for a packet of x bytes to be we calculate the "robustness" in Fig. 1 as their product. From encrypted as the robustness, we derive the number of operational rounds E(x) a ± fix ± yIn x (Joules) (3) using the robustness model that we proposed in [11]. At this where the a is the fixed energy consumption independent of point, we have the needed key size and MAC size (derived from the key size) as well as the number of operational the packet or data size, 6 is the linear factor that is the rounds. These parameters will be used by a cipher to provide additional energy consumed for each byte and . is the suba just needed security level. linear factor that also increases the energy consumed for each C. Creating Tunable Security-Level Modules byte. Some values of a, 6, and y for the cryptographic Once we have the TSM parameters, we can create one or primitives, AES and RC5, are enumerated in TABLE I. Note more security modules to provide security services. The that AES has a small a but a larger 6 for any given key security module is an adjustable cipher such as AES or RC5 size/number of rounds compared to RC5. Consequently, AES or a MAC algorithm such as HMAC. There is no limitation on is better for encrypting short packets and RC5 is better for the number of security modules that can be created. The longer packets (where the fixed overhead is spread over number of cipher modules can be limited if mobile devices several bytes). I. MODELS FOR ENERGY CONSUMPTION OF SOME CRYPTOGRAPHIC have limited memory resources, or it is defined by users or TABLE ' ~~~~~~~~~~~~~~~~~PRIMITIVES Primitives applications. However, we believe that the memory resources are not as limited as the available energy for small devices as 0.02154839 -0.00014295 0.20503607 AES the memory capacity could be doubled approximately every 0.00679013 0.00207147 RC5 0.93627905 For our experiments, we determine the level of security as 18 months according to advanced memory chip technologies and Moore's Law [15, 16]. Note that each security module needed by users, and then calculate the TSM parameters as an needs to use its own key. The keys can be derived from the input to tunable security modules such as AES or RC5. Based same master key or transient key, but should not be reversible. on the parameters of AES or RC5 and our energy model as We do not explore this part in this paper. shown in Equation 3, we calculate the energy consumption of We choose AES and RC5 as our adjustable ciphers because encryption. of two reasons. First, AES and RC5 provide flexibility in changing the parameters such as key size, rounds, and block V.EXPERIMENTS AND RESULTS size. Second, they are known to be secure and demonstrate different efficiencies in term of computation and energy A. Pre-defined Security Levels In this section, we study TSM for IEEE 802.11 Wireless consumption as the packet size changes. We choose CBC-MAC to provide 128-bit MAC outputs Local Area Networks (WLANs). We define 5 security and HMAC with SHA (HTMAC-SHA) to provide MAC schemes for packet-level security, each of which defines

To calculate the number of operational rounds required, first we need to compute Cipher Robustness. We propose the definition of the Robustness as the product of the number of operations and the amount of data required for breaking the cipher for that many number of rounds. Based on the number of years the data needs to be secured, we can calculate how much computing power is available in terms of million MIPS years (MMYs). As derived in Lenstra and Verheul [3], the available MMYs can be computed as:

scrvit sifeurit serviesh.o esotimat threavailnable.a Bastedmultiplicationnof packmet ratemand keyilablfetime muipsibcamiounofth odaceta

a

o

ye

TABLE II.

Type

THE NUMBER OF YEARS FOR DATA PROTECTION FOR PACKET-LEVEL SECURITY IN IEEE 802.11 NETWORKS

Packet

Services

High 20 20 20 20 5 5 5 5 5 40 5 5 5 5 5 5 5 5 100 100 100 100 20 20 20 20

(1) Management Assoc Req (1) Assoc Resp (1) ReAssoc Req (1) ReAssoc Resp (1) Probe Req (1) Probe Resp (1) Beacon (1) ATIM (1) DisAssoc (1) Authen (1) DeAuthen (1) Control Action (1) PS-poll (1) RTS CTS (1) (1) Ack CF-End (1) CF-End+Ack (1) (1,2) Data Data (1,2) Data+CF-Ack (1,2) Data+CF-Poll (1,2) Data+CF-Ack/Poll Null (1) Null+CF-Ack (1) Null+CF-Poll (1) Null+CF-Ack/Poll (1) (1) Message Authentication service (2) Encryption service

a different security level for each packet type defined in the IEEE 802.11 standard. TABLE II shows these five security schemes and levels in term of the number of years the data should be protected for each scheme, for each packet type. In this table, we define three levels: low, medium and high, that provides different security levels for different packet types. We also define two fixed-security schemes, fixed-low and fixed-high, where all packet types have the same security level. From the years needed for data protection in the table, we interpret the number of years into parameters (rounds, key size, and MAC size) for ciphers and MAC functions to provide just enough security level. We also provide different security services to different packet types. In the table, Service (1) means Message Authentication service, and Service (2) means Confidentiality or Encryption. For example, we may provide both encryption and message authentication to Data. However, we may provide only message authentication to Management and

Conrovideonlypc etssu astBeaticassociatioMan/sas taton, eontc. sickeththey scnai secrets. However, all of thi1s etc. since contain no seacrets.iHowevr,allofithis

depends on the users or application requirements that define such services. We only provide here an example for packets weca xpcti atyialWLN In addition to five different security schemes, we also use three different cipher schemes for providing security services, Thtre sheesar uig nl AS iper(ALAS only RC5 cipher (ALLRC5), and using both ABS and RC5

Medium 10 10 10 10 3 3 3 3 3 20 3 3 3 3 3 3 3 3 50 50 50 50 10 10 10 10

Years Protected Fixed High Low 100 5 100 5 100 5 100 5 2 100 2 100 2 100 2 100 100 2 100 10 100 2 2 100 100 2 100 2 100 2 100 2 100 2 100 2 100 25 100 25 100 25 100 25 100 5 100 5 100 5 100 5

Fixed Low 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25

(BOTH). The last scheme is a feature of TSM in which we can add more than one security module such as AES and RC5 cipher modules. We use AES and RC5 because from our study [2], it is shown that for packet sizes of less than 100 bytes, AES consumes less energy than RC5. Therefore, we use AES for packets whose size is less than 100 bytes; otherwise, we use RC5. For providing message authentication service, we use one MAC algorithm, HMAC-SHA, for the scheme that uses only one cipher, ALLAES and ALLRC5. However, when using the BOTH scheme, we use both CBCMAC and HMAC-SHA. We utilize CBC-MAC to provide 128-bit MAC output, and HMAC-SHA to provide 160, 256, 384, and 512 bits of MAC outputs. B Pak T

In the TSM performance study, our goal is to find how much energy can be saved in typical WLAN environments. We collected packet traces (over 6 hours at different time) using an 802.11 sniffer. Each packet trace contains packets that have been sent and received by a client or a mobile station. It also includes packets that are broadcast to clients for network management purposes. Such packets are Beacon and CTS/RTS packets for collision avoidance, etc. The traces inld al id fpces aagmn,CnrladDt packets according to the IEEE 802.11 standard [19]. We collected the traces in 3 different network locations to provide diversity in our test environments. We collected traces in a home network, at Hillman library, and in the School of

Information Science (SIS) building in the University of Pittsburgh, which have three different characteristics. In the home network, there is only one access point (AP) and few mobile devices. In the library, there are several APs and more client devices, and the physical environment is a big hall room in which the received signal strength (RSS) at client devices is probably high, and a typical packet loss rate is low. In the SIS building, the physical environment is a multi-floor office building, which also has several APs and client devices. We have collected 12 traces for each location and the summary of traces is shown in TABLE III. Fig. 2 shows the Cumulative Distribution Functions (CDF) of the packet sizes of the traces at three locations. It can be seen that all three locations have similar packet size distributions in which there are more short packets than long packets. TABLE III.

Location Home Library SIS Building

C. Packet-level Security Performance Results In this section, we show the performance results of using TSM with five security schemes, three cipher schemes, and at three locations. Fig. 3 shows the average energy consumption of using fixed and variable security levels with different cipher schemes for the Hillman library network. The bar height shows the average normalized energy consumption (in gJ/byte), and the lines on the bars show the 95% confidence interval over the 12 traces. We calculate only the energy consumption due to the cryptographic operations for comparison of using fixed-level and tunable security protocols. We do not consider the energy consumption due to the transmission/reception because it is the same in both fixedlevel and variable security protocols at the packet level.

A SUMMARY OF PACKET TRACES

Traces 12 12 12

Total Packets

Total Bytes

0.045

2,831,383

292,323,060

- 0 04 0 0.035

65,669,596

286,307

1,248,565

375,997,034 E

At Hilman Library- Packet Size CDF

At Hillman Library

*ALLRC5

40.

0.03

0

>-O 0.02

08l

------002

0-7

2~04

0.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~(U3

0 . ........-4

0.1.~~~~~~~~~~~~~~~~~~~~~~~~~ ---

--------

.0

Low

01l.

200

0

400

600

800

1000

Packet Size (bytes)

1200

1400

.--

-

.7

---

~ ~ ~ ~ ~ ~~ 07 I ---

---

---

1600

-I 1 l

- .. ...

--

0

02-- ----- - - ---

-- -- --

o1- - ---.----.-------- -- - --

0l

20

40

60 120 Packet Size (bytes)

High

Fixed High

Fig. 3 Comparison of Different Security Levels for the Hillman Library

---

300

Medium

Network

0.2- 2 4---- - ---0 -00 0-----0.1 200__ _ _ _ _ _ _ _ o Boo 200 400 600 1000 1200 1400 1600 Packet Size (bytes) At Home: Packet Size CDF __ ___

0

Fixed Low

Security Level

At SIS Building: Packet Size CDF

0.|081

i

W~~~~~~~~~~~~~~~~ ~)0.015

06

0

Fig. 2 The CDF of Packet Size in Different Locations

-

F

From the figure, we see that using TSM can save energy in both the low and high security scenarios compared to the fixed Ilow and high scenarios. The amount of savings using TSM in the high security scenario is more than that in the low security scenario. This is because, in the high security scenario, the amount of computation for security is intensive due to the high security requirement, and using TSM can leverage the -10 10- reduced computation that saves energy. When comparing between the cipher schemes, ALLAES scheme consumes more energy than the ALLRC5 scheme. This is because the size of data packets is more than 100 bytes on the average in the network. Note that both schemes use the same MAC function, HMAC-SHA, for authentication of management and control packets whose sizes are typically smaller than that of data packets. However, the BOTH , -I-scheme which utilizes both ABS and RC5 cipher s as well as both CBC-MAC and HMAC-SHA, can save more energy although it is not statistically significant in this case. Fig. 4 and Fig. 5 show the average energy consumption of using fixed and variable security levels for the SIS building network and the Home network, respectively. When we compare the three different networks or locations, the energy

consumption at the Hillman library location (as shown in Fig. 3) is higher than that in the SIS building and that in the Home network because there are more short packets or management packets due to more access points are seen in one network area. 0.025 c)* Al LAES At SIS Building F T IM *ALLRC5 t D] BOTH n 0.02

services needed for the devices. The Tunable Security Model is proposed to minimize the energy consumption by providing security services at the level enough to protect information as determined by users or network operators and by selecting security algorithms based on transmission packet size. In our future work, we will extend the TSM to provide security services for sensor networks such as IEEE 802.15.4 to minimize the energy consumption which is the most critical factor for sensor network design.

0

REFERENCES

E 0.015

[1] M. Weiser, "The Computer of the 21st Century," Scientific American,

T

0

>%

vol. 265, no. 3, pp. 66-75, 1991. P. Prasithsangaree and P. Krishnamurthy, "On a Framework for Energy-

~~~~~~~~~~~~~~[2] Efficient Security Protocols in Wireless Networks," Elsevier Computer

0.01

w O0 0.005 >

Low

Fixed Low

Low

Medium

High

Fixed High

Security Level

~~~~~~~~~~~~~~~~~~~Communications, vol. 27, no. 17, pp. 1716-1729, 2004. [3] A. K. Lenstra and E. R. Verheul, "Selecting Cryptographic Key sizes," Journal ofCryptology, vol. 14, no. 4, pp. 255-293, 2001. C. Karlof, N. Sastry, and D. Wagner, "TinySec: A Link Layer Security ~~~~~~~~~~~~~~~~~[4] Architecture for Wireless Sensor Networks," in Proceedings of the

Second ACM Conference on Embedded Networked Sensor Systems

(SenSys 2004), November 2004.

[5] J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. Culler, and K. Pister, "System architecture directions for network sensors," in Proceedings of ASPLOS, Boston, MA, USA, 2000, pp. 93-104. [6] P. Ganesan, R. Venugopalan, P. Peddabachagari, A. Dean, F. Mueller, and M. Sichitiu, "Analyzing and Modeling Encryption Overhead for 0.025 Sensor Network Nodes," in Proceedings of Workshop on Wireless At Home *ALLAES O Sensor Networks and Applications (WSNA '03), San Diego, CA, USA, 1 o I -/\LLRC5 2003. *'0.02[7] Y. W. Law, J. M. Doumen, and P. H. Hartel, "Survey and Benchmark of El BOTH W Block Ciphers for Wireless Sensor Networks," in Proceedings of The 1 st HL T ° IEEE Int. Conf on Mobile Ad-hoc and Sensor Systems (MASS), Fort h 1 T E 0.015 Lauderdale, Florida, USA, 2004. [8] J. Nechvatal, E. Barker, L. Bassham, W. Burr, M. Dworkin, J. Foti, and o E. Roback, "Report on the Development of the Advanced Encryption Standard (AES)," Computer Security Division, Information Technology 0.01 Laboratory, National Institute of Standards and Technology (NIST) FixedOctober 2, 2000. Low 0.005 Implementaton Strategies or [9] K. Naik and D. S. L. Wei, "Software Power-Conscious Systems," Mobile Networks andApplications, vol. 6, ennsyvanino. Fig. 5 Comariso of Dfferet SeurityLevel for he Hme Nework 3, pp. 291-305, 2001. [10] D. W. Carmen, P. 5. Kruus, and B. J. Matt, "Constraints and Approaches 0T for Distributed Sensor Network Security," NAI Labs, Technical Report Low Fixed Low Medium Fixed High High 00-0B10, 2000. [11] P. Kiratiwintakom, "Energy Efficient Security Framework for Wireless Security Level Area Networks," University of Pittsburgh, Pittsburgh, Fig 5 omprisn Difernt ecuityLevls he Fig. ComarisnofDiffeent ecurty Lvels or te Hoe NeworkPennsylvania, Ph.D. Dissertation 2005. [12] C. Irvine and T. Levin, "Quality of security service," in Proceedings of TABLE IV shows the amount of energy consumption (in the 2000 workshop on New security paradigms (NSPW '00), Ballycotton, County Cork, Ireland, 2000, pp. 91--99. gJ/byte) which is a comparison between the fixed security W. Tak and E. K. Park, "Adaptive secure software architecture for level and TSM and the percentage of energy savings with [13] 5.electronic commerce," Software: Practice and Experience, vol. 33, no.

Fig. 4 Comparison of Different Security Levels for the SIS Building Network

%

o

or

omeNetorkLocal

different settings. We can save up to 8% energy for low-level security, and up to 43% energy for high-level security.

14, pp. 1343-1357, 2003. [14] A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of

VI. CONCLUSION AND FUTURE WORK

August 22, 2004. [19] IEEE-P802. 11-working-group, IEEE 802.11 Standard Part 11: Wireless

applied cryptography. Boca Raton: CRC Press, 1997. [15] R. D. Isaac, "The future of CMOS technology," IBM Journal of R&D, vol. 44, no. 3, pp. 369-378, 2000. [16] L. D. Paulson, "Will Fuel Cells Replace Batteries in Mobile Devices?," Computer, no., 2003. ALLRC5 0.011331 |0.024120 |0.010433 |0.014130 |7.927 |41.416 |[17] H. Dobbertin, "The Status of MD5 after a Recent Attack," PSA Labs' Kacy, ET Emi Arhv, vilbe t lBOTH l0.011025 l0.023266 l0.010127 l0.013276 l8.148 l42.937 [18H. at [18] H. THE PERCENTAGE OF AVERAGE ENERGY SAVING USING EESP TSM Energy Energy Consumption (PJ/byte) Scheme Saving (%) TSM Fixed Low Low Low High High High A K K 6 204 38 371 ALLAES 0 014479 0 026034 0n 013581 I0 016044

TABLE IV.

Kawczy,or/ni1acIETF

//ww

In this work, we have shown that energy consumption of

limited wireless devices can be saved by utilizing different security algorithms in different ways to provide security

E/web/crgcurrent/msgOO527t

LAN Medium Access Control (MAC) and Physical Layer (PHY)

Specifications, 1999.