Availableonlineatwww.sciencedirect.com
ScienceDirect
JournalofElectricalSystemsandInformationTechnology2(2015)296–313
Two-phase
hybrid
cryptography
algorithm
for
wireless
sensor
networks
Rawya
Rizk
∗,
Yasmin
Alkady
ElectricalEngineeringDepartment,PortSaidUniversity,PortSaid,Egypt
Received25May2015;receivedinrevisedform25November2015;accepted25November2015
Availableonline8December2015
Abstract
Forachievingsecurityinwirelesssensornetworks(WSNs),cryptographyplaysanimportantrole.Inthispaper,anewsecurity algorithmusingcombinationofbothsymmetricandasymmetriccryptographictechniquesisproposedtoprovidehighsecuritywith minimizedkeymaintenance.Itguaranteesthreecryptographicprimitives,integrity,confidentialityandauthentication.Elliptical CurveCryptography(ECC)andAdvancedEncryptionStandard(AES)arecombinedtoprovideencryption.XOR-DUALRSA algorithmisconsideredforauthenticationandMessageDigest-5(MD5)forintegrity.Theresultsshowthattheproposedhybrid algorithmgivesbetterperformanceintermsofcomputationtime,thesizeofciphertext,andtheenergyconsumptioninWSN.Itis alsorobustagainstdifferenttypesofattacksinthecaseofimageencryption.
©2015TheAuthors.ProductionandhostingbyElsevierB.V.onbehalfofElectronicsResearchInstitute(ERI).Thisisanopen accessarticleundertheCCBY-NC-NDlicense(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Keywords:AdvancedEncryptionStandard;Cryptography;EllipticCurve;MessageDigest-5;XOR-DualRSA
1. Introduction
Wirelesssensornetworks(WSNs)haveagreatvulnerabilityduetothebroadcastnatureanddangerousenvironment. Correspondingly,therearemanysolutionsforthesecurityissuessuchasroutingsecurity(Fouchaletal.,2014;Hayajneh etal.,2013;Laslaetal.,2014;Farouketal.,2014),securelocalization(Yuetal.,2013),andkeymanagementand cryptography(MaryAnitaetal.,2015).Cryptographicalgorithmsareanessentialpartofthesecurityarchitectureof WSNs.
WSNssufferfrommanyconstraintssuchaslowbatterylifeandsmallmemory.Duetotheselimitations,WSNis notabletodealwithtraditionalcryptographicalgorithms.Twomainproblemsrelatedtosecurityalgorithmsarisein WSNs.First,theoverloadthatsecurityalgorithmsintroduceinmessagesshouldbereducedataminimum;everybit
∗Correspondingauthor.Tel.:+201009067030.
E-mailaddresses:r.rizk@eng.psu.edu.eg(R.Rizk),engyasminalkady@yahoo.com(Y.Alkady).
PeerreviewundertheresponsibilityofElectronicsResearchInstitute(ERI).
http://dx.doi.org/10.1016/j.jesit.2015.11.005
2314-7172/©2015TheAuthors.ProductionandhostingbyElsevierB.V.onbehalfofElectronicsResearchInstitute(ERI).Thisisanopenaccess
thesensorsendsconsumesenergyand,consequently,reducesthelifeofthedevice.Second,thememorysizewhich referstosizeofanencryptedmessageandthekeysizeshouldalsobereduced(FayeandMyoupo,2013).
VariouscryptographicalgorithmshavebeenproposedtoachievethesecurityrequirementssuchasAuthentication, Confidentiality,andIntegrity.Authenticationmeanspreventingunauthorizedpartiesfromparticipatinginthenetwork. Confidentialitymeanskeepinginformationsecretfromunauthorizedparties.Integrityensuresthereceiverthatthe receiveddataisnotalteredintransitbyanadversary.Dataauthenticationcanprovidedataintegrityalso.
Encryptionistheprocessofencodinginformationinsuchawaythathackerscannotreadit.Therearetwotypes ofencryptiontechniques;symmetricandasymmetric.Symmetriccryptography,alsocalledprivate-keycryptography usesonlyonekeyforencryptionanddecryption.CommonsymmetricencryptionalgorithmsincludeDataEncryption Standard(DES)(SinghandSupriya,2013)andAdvancedEncryptionStandard(AES)(Burr,2003).Asymmetrickey cryptography,alsocalledpublic-keycryptographyrequiresspecialkeystoencryptanddecryptmessages.Common asymmetricencryptionalgorithmsincludeRSA(FrunzaandAsachi,2007)andEllipticCurveCryptography(ECC) (KodaliandSarma,2013).ECDSA–EllipticCurveDigitalSignatureAlgorithm(Balitanas,2009)andECDH–Elliptic CurveDiffieHellman(Johnsonetal.,2001)arebasedonECC.
Bothsymmetricandasymmetriccryptographictechniquesofferadvantagesanddisadvantages.Symmetric encryp-tiontechniquesprovidecost-effectiveandefficientmethodsofsecuringdatawithoutcompromisingsecurityhowever; sharingthesecretkeyisaproblem.Ontheotherhand,asymmetrictechniquessolvetheproblemofdistributingthe keyforencryptionhowever;theyareslowcomparedtosymmetricencryptionandconsumemorecomputerresources. Therefore,the bestpossible solutionfor encryption isthe complementaryuseof bothsymmetric andasymmetric encryptiontechniques.Hybridencryptionattemptstoexploittheadvantagesofbothkindsoftechniqueswhile avoid-ingtheirdisadvantages.Hashingcreatesaunique,fixed-lengthsignatureforamessageordataset.Itiscommonlyused tocheckdataintegrity.MessageDigest-5(MD5)(Hossainetal.,2012)algorithmisawidelyusedcryptographichash functionthatproducesa128-bit(16-byte)hashvalue.Ithasbeenutilizedinawidevarietyofsecurityapplications.
Inthispaper,ahybridcryptographyalgorithmisproposedandpresented.Itisdesignedtoprovidedatasecurityand usersauthenticity.Itincludestwophasesworkatthesametime.InPhaseI,ittakestheadvantagesofthecombination ofbothsymmetricandasymmetriccryptographictechniquesusingbothAESandECCalgorithms.InPhaseII, XOR-DUALRSAisusedsinceitismorerobustandcannotbeeasilyattacked.Inaddition,Hashingisalsousedfordata integrityusingMD5tobeensuredthattheoriginaltextisnotbeingalteredinthecommunicationmedium.Theproposed algorithmhashighoperationspeed,highsecurityperformanceandstrongusability.
The organization of thispaper is as follows: Brief overviewsof related works of some existing protocolsare presentedinSection2.TheproposedhybridencryptionalgorithmisintroducedinSection3.Sections4and5present thenumericalresultsandthesimulationresultsoftheproposedalgorithminWSNs;respectively.Section6presents the implementationofthe proposedalgorithminthe imageprotectionapplication. Finally,themain conclusionis presentedinSection7.
2. Relatedwork
Todate,manycryptographyalgorithmshavebeenproposedbutalotofthemarenotcompletesuitableforWSNs. InSubasreeandSakthivel(2010),asecurityalgorithmarchitectureisproposedbySubasree.Inthisalgorithm,the givenplaintextisencryptedusingECCandthederivedciphertextiscommunicatedtothedestinationthroughsecured channel.Simultaneously,theHashvalueiscalculatedthroughMD5forthesameplaintext,andthenencryptedwith
DUALRSA.Theencryptedmessageofthishashvalueisalsosenttothedestination.Inthisalgorithm,itisdifficult toextracttheplaintextfromtheciphertext,becausethehashvalueisencryptedwithDUALRSAandtheplaintextis encryptedwithECC.ThenewhashvalueiscalculatedwithMD5andthenitiscomparedwithdecryptedhashmessage foritsintegrity.Bywhich,itisensuredthateithertheoriginaltextbeingalteredornotinthecommunicationmedium. Thisistheprimitivefeatureofthisalgorithmhowever,therearetwodisadvantages.First,themessageisencryptedby asymmetricencryptionalgorithms(ECCandDUALRSA)thatareslowcomparedtosymmetricencryption.Second, ifanattackerdeterminesaperson’sprivatekey,hisorherentiremessagescanberead.
InDubalsecurityalgorithmarchitecture(Dubaletal.,2011),thegivenplaintextisencryptedwithakeythatis generatedbyECDH.Theencryptionalgorithmused isDUALRSA.Thederived ciphertextisappended withthe digital signatureformoreauthentications, generatedbytheECDSA algorithm.Simultaneously,theHashvalueof thisencryptedciphertextistakenthroughtheMD5algorithm.Then,thegeneratedciphertextandthesignatureare
communicatedtothedestinationthroughsecuredchannel.Ontheotherside,i.e.,ondecryptionend,thehashvalueis firstevaluatedandintegrated.Thisiscomparedwiththesignature,fortheverificationofthedigitalsignatureappended attheendofmessage.Thereafter,thedecryptionofciphertextisdonebyDUALRSA(Sunetal.,2007).Hence,the plaintextcanbederived.In thisalgorithm,theintrudermaybetrappedbyboththeencryptionbytheDUALRSA
withthekeygeneratedbyECDHalgorithmandtheappendedsignature.Hence,themessagecanbecommunicated tothedestinationwithhighlysecuredmanner.However,theusedasymmetricencryptionalgorithms(DUALRSAand
ECDH)areslowcomparedtosymmetricencryption.Inaddition,theattackermayreadthemessages ifhe/shecan determinetheprivatekey.
AhybridalgorithmarchitectureisproposedbyKumar(2012).Inthisalgorithm,thegivenplaintextisencrypted firstwithAESalgorithmandthenwithECCalgorithm.Thehashvalueofthisencryptedciphertextistakenthrough theMD5.Ontheotherside,theHashvalueisfirstevaluatedandintegrated.Thereafter,thedecryptionofciphertext isdonebyAESandECCdecryptionalgorithms.Hence,theplaintextcanbederived.Thisalgorithmisacombination ofbothsymmetricandasymmetriccryptographictechniques.However,theexecutiontimeofthisalgorithmislong becausetheplaintextisencryptedsequentiallybybothAESandECC.
InRenandMiao(2010),ahybridalgorithmisproposed.Inthisalgorithm,DESalgorithmisusedfordata transmis-sionbecauseofitshigherefficiencyinblockencryption,andRSAalgorithmisusedfortheencryptionofthekeyofthe
DESbecauseofitsmanagementadvantagesinkeycipher.Duringtheprocessofsendingencryptedinformation,the randomnumbergeneratoruses64-bitDESsessionkeyonlyonce.Itencryptstheplaintexttoproducetheciphertext. Ontheotherhand,thesendergetspublickeyfrompublickeymanagementcenter,andthenusesRSAtoencryptsession key.Finally,thecombinationofthesessionkeyfromRSAencryption(BonehandDurfee,2000)andtheciphertext fromDESencryptionaresentout.ThisalgorithmisconsideredweaksinceusingDESwithRSAaffectsthesecurity level.
In Zhu(2011), ahybrid algorithmarchitecture ispresented. The plaintextis encrypted withsymmetric cipher algorithm,and the key and digital signaturebelonged to the symmetric encryptionalgorithm are encryptedwith asymmetrickeyalgorithm.ThesenderencryptstheplaintextwiththekeybelongedtotheAESalgorithm.Toensure thesecurityofthecipheralgorithmandsimplifythekeymanagement,thesenderusesthekeyonlyonce.Thereceiver obtainstheoriginalinformationaftersignatureverification.Thisalgorithmsuffersfromlowsecuritylevelsincethat themessageisencryptedinasinglephasewhichleadstolesscomplexity.
Fromthepreviousstudiesit’sshownthatthesecurityalgorithmsthatdependonasymmetricencryptionalgorithms
suchas SubasreeandDubal havecriticalweakness pointssincetheyare slowcomparedtosymmetricencryption
algorithmsandconsumehugepowertoencryptallplaintextbypublickey.Inaddition,ifanattackerdeterminesa person’sprivatekey,hisorherentiremessagescanberead.AlthoughKumarsecurityalgorithmisahybridalgorithm, ithasacriticalweaknesspoint.Itwastesalotoftimeforencryptionanddecryptionprocessessinceitencryptsthe plaintextsequentiallyfirstbyAESandagainbyECC.RenandZhusecurityalgorithmsaresufferingfromlowsecurity levelsinceusingDESwithRSAinRenaffectsthesecuritylevelandusingasinglephaseinZhuleadstolesscomplexity. DuetothehardconstrainsofWSNs,theycannotbeabletodealwiththemajorityofsuchsecurityalgorithms.
3. Theproposedtwo-phasehybridcryptographyalgorithm(THCA)
In thissection, the proposed THCA ispresented. It introduces a newmethod of mergingboth symmetricand asymmetrictechniquesbyperformingtwoparallelphases.Thesephasesavoidthedisadvantagesoftheexistinghybrid algorithmsbyachievinghighsecuritylevelwithoutincreasingtheexecutiontime.
3.1. Encryptionprocess
IntheEncryption,theplaintextisdividedintonblocksBi.Eachblockconsistsof128bits.Then,itisdividedinto
twopartsmi (0:n/2–1)blocks,andMi(n/2:n−1) blocks.Ifnisnotanintegernumberandhasafraction,THCA
algorithmusespaddingwithnullforthelastblocktobe128bits.Theencryptionprocessisdividedintotwophases. InPhaseI,Thefirstn/2blocksareencryptedusing(AESandECC)hybridencryptionalgorithm.ECCalgorithm is used for protectingsecret key since it is the highest secure public key algorithm. Moreover,according to the mathematicalproblemonwhichECCcanbesolvedbyfullyexponentialratherthansub-exponentialforotherpublic keysystems,ECCneedssmallerkeysizethanotheralgorithmsandthatreferstolessmemorysize(KodaliandSarma,
2013).Itallowsthecommunicationnodestohandlealargernumberofrequestswiththesmallestnumberofdropped packet.SincethatECCconsumesmorepowerthansymmetricalgorithm,using AESalgorithmreducesthe power consumptionandraisesthesystemperformance(Lenstra,2001).WhenusingAESwithECC,we areabletosave power,andachievespeedupto25%forencryptionandnearly20%fordecryption(TillichandGroßschädl,2005).
Thefirstn/2blocksareencryptedasthefollowing:
miisencryptedusingAESbythekeykiwhichisthesecretkeyofAESencryptionalgorithmwithsize128bits.ki
isencryptedbyECCtoproduceKjwithlengthL.
mi= i=n/2−1
i=0
(Bi) 0≤i≤n/2−1 (1)
Kj=ECCenc(TCPK,ki−1) 0≤j≤L−1 (2)
whereECCencisEllipticCurveencryptionfunction.Itcipherstheinputwithtrustcenterpublickey(TCPK)whichis
usedasafunctiontoauthenticatethekey.
Ci =EAES(Kj,Bi) (3)
whereEAESistheAESencryptionfunction.
PhaseIIisperformedinparallelofPhaseIinordertoincreasethesecuritylevelwithoutincreasingtheexecution time.InPhaseII,theremainingn/2blocksareencryptedusingXOR-DUALRSAalgorithm.DUALRSAallowsfor extremelyfastencryptionanddecryptionthatisatmostfourtimesfasterthanstandardRSA.TheXOREncryption algorithmisasymmetricencryptionalgorithmthatusesthesamekeyforbothencryptionanddecryption.XOR-DUAL RSAalgorithmguaranteesdevelopingastrongeralgorithm,asfollows:
Mi= i=n−1
i=n/2
(Bi) n/2≤i≤n−1 (4)
Inthisalgorithm,twolargeprimenumbersarechosenrandomly;pandq.Then,x=p×q,φ(x)=(p−1)×(q−1).
Anumberrelativelyprimetoφischosen;d.Then,eiscalculatedsuchthate×d=1modφ(x),andPublickey(e,x) isusedforencryption.
Ri=(Bi)emodx (5)
ASCIIfor(Bi)isgetandconvertedtobinary
Li =ASCII(Bi) (6)
whereLiisafunctionusedtoconvertmessageblocktoASCII.RiisacipheredtextusingDUALRSA.
Ci =(Ri)XOR(Li) (7)
MD5isappliedtotheciphertextsciandCi.Itisthebestperformanceofhashingfunctionsecurity(Tillichand
Großschädl,2005).
di=MD5(ci) (8)
Di=MD5(Ci) (9)
Atthefinalstageoftheencryptionprocess,thetwon/2blocksareintegratedtogenerateciphertextofnblocksand itissenttothesinknode.Thecorrespondinghashvalues(diandDi)withsize128bitsforeachoneareconcatenated
andsenttothesinknodeatthesametime.
Q=ci+Ci (10)
TheencryptionalgorithmisdescribedinAlgorithm1.
Algorithm1.
TheProposedEncryptionAlgorithm.
Input:P(Plaintext),k(secretkeyofAESencryption),s(128bitsizeofblock);
Output:Q(Ciphertext),ci(encryptedtextusingAESwithECC),Ci(encryptedtextusingXORDUALRSA),H(hashingvalueofciphertext);
1. n=P/s; 2. leti=0; 3. do{ 4. mi=
i=n/2−1
i=0 (Bi)firstpartofplaintext; 5. for(j=0;j<=n−1;j++) 6. { 7. Kj=ECCenc(TCPK,ki−1); 8. } 9. ci=EAES(Kj,Bi); 10. di=MD5(ci); 11. i++; 12. } 13. while(i<n/2); 14. i=(n/2)
15. Letpandqtwolargeprimenumbers 16. x=p×q
17. φ(x)=(p−1)×(q−1)
18. Letdarelativelyprimenumbertoφ
19. e×d=1modφ(x)
20. Let(e,x)publickeyofDUALRSA. 21. do{
22. Mi= i=n
i=n/2(Bi)secondpartofplaintext; 23. Ri=(Bi)emodx; 24. Li=ASCII(Bi); 25. Ci=(Ri)XOR(Li); 26. Di=MD5(Ci); 27. i++; 28. } 29. while(i<n); 30. Q=ci+Ci; 31. H=di+Di; 3.2. Decryptionprocess
Inthedecryption,thecipher textQisdividedinton blockseachblockconsists of128 bits,Then,it isdivided intotwopartsci(0:n/2−1)blocksandCi(n/2:n−1)blocks.Hashingisusedinordertoidentifywhetherthesink
nodereceivesthesameciphertextornot.Thehashvaluesinbothphasesarecompared.Iftheyarethesame,thenthe algorithmproceedsthedecryptionprocess.Else,itdiscardsthemessage.
Inthecaseofthehashvaluesarethesameatthesourceandsinknodes,thefirstn/2blocksaredecryptedusing
AESandECCalgorithmsasfollows: ci = i=n/2−1 i=0 (Bi) 0≤i≤n/2−1 (12) ki=ECCdec(TCPK,Kj−1) 0≤i≤n/2−1 0≤j≤L−1 (13)
ThekeyofAESkjwithlengthLofbitsisdecryptedbyECCtoproducekiwhichhasusedtodecryptthecipher
textusingAESdecryptionschemebyDAES(AESdecryptionfunction).
mi=DAES(Kj,ci) (14)
miisthefirstpartoftheplaintext.Theremainingn/2blocksaredecryptedusingXNOR-DUALRSAalgorithmas
follows: Ci =
i=n−1
i=n/2
(Bi) n/2≤i≤n−1 (15)
PrivateKey(d,p,q)isusedfordecryption.Tomakedecryption,firstsomeparametersarecomputeddp=dmod
(p−1),dq=dmod(q−1),Rpi=Ridpmodp,Rqi=Ridqmodq,
S0=(Rqi−Cpi)p−1modq (16)
Si=Rpi+S0P (17)
ASCIIfor(Ci)isconvertedtobinary.
Wi=ASCII(Ci) (18)
whereLiisafunctionusedtoconvertblockofciphertexttoASCII.
Mi=SiXNORWi (19)
Miisthesecondpartoftheplaintext.Atthefinalstageofthedecryptionprocess,thetwon/2blocksareintegrated
toproduceplaintextofnblocks.
P =mi+Mi (20)
ThedecryptionalgorithmisdescribedinAlgorithm2.
Algorithm2.
TheProposedDecryptionAlgorithm.
Input:Q(Ciphertext),H(Hashingvalueofciphertext),s(128bitsizeofblock),L(keylength),di,Di,K(encryptedkeyusingECC);
Output:P(Plaintext);
1. n=C/s; 2. leti=0; 3. do{ 4. ci= i=n/2−1 i=0
(Bi)firstpartofciphertext;
5. di=MD5(ci); 6. Di=MD5(Ci); 7. if(di =di)&(Di=Di) 8. { 9. for(j=0;j<=L−1;j++) 10. { 11. ki=ECCdec(TCPK,Kj−1); 12. } 13. mi=DAES(Kj,ci); 14. i++; 15. } 16. } 17. while(i<n/2); 18. i=n/2;
Algorithm2(Continued) 19. Give(d,p,q); 20. dp=dmod(p−1); 21. dq=dmod(q−1); 22. do{ 23. Ci= i=n−1 i=n/2
(Bi)secondpartofciphertext;
24. Rpi=Ridpmodp; 25. Rqi=Ridqmodq; 26. S0=(Rqi−Cpi).p−1modq; 27. Siv=Rpi+S0.P; 28. Wi=ASCII(Ci); 29. Mi=SiXNORWi 30. i++; 31. } 32. while(i<n); 33. P=mi+Mi; 3.3. StrengthofTHCA
Thestrengthofanycryptographicalgorithmisbasedonseveralfactors:thecomputationalmethodsandtheused keyaretwoofthem.Innormalcryptographicapproachtheintrudersmaybeabletoidentifyciphertextpatternsthatare transmittedtothedestinationside.Byanalyzingthesequenceofbitpatterns;itispossiblefortheintrudertoidentify whichtypeofencryptionalgorithmisusedortheywillidentifythekeyusedforencryption/decryptionprocess.
InTHCA,splittingtheplaintextimprovesthestrengthoftheproposedalgorithm.Theintruderwillnotbeableto identifywhichtypeofspecificalgorithmisappliedtogeneratetheciphertext.Thus,itisimpossibletodecryptthe ciphertext.Inaddition,thetwohalvesoftheplaintextareencryptedinparallelatthesametimewhichreducesthe timeofbothencryptionanddecryption.
Whenmixing AES with ECC inthe first half of the plain text, the encryption processis done by symmetric algorithm(AES)whichisfasterthanasymmetricalgorithm.ThesecretkeyofAESisencryptedbyECCwhichis morecomplicatedandthenmoresecure.Sothatweobtaintimereductionandpowersavingthataretheadvantagesof symmetricencryptiontechniquesinadditiontothecomplexitywhichisthemainadvantageofasymmetricencryption techniques.UsingXOR-DUALRSAinthesecondhalfoftheplaintextallowsourhybridalgorithmtobemorerobust andcannotbeeasilyattacked.
Inaddition,HashingisalsousedfordataintegrityusingMD5tobeensuredthattheoriginaltextisnotbeingaltered inthecommunicationmedium.Then,theproposedalgorithmhashighoperationspeed,highsecurityperformanceand strongusability.So,wecansaythatTHCAisthetruemeaningofhybridsecurityalgorithm.
4. Numericalresults
Inthissection,the performanceof theproposedTHCA ismeasuredintermsof sizeof thecipher text,timeof encryptionanddecryption processes,andtimecomplexity. Theproposed algorithmis comparedwiththe already existingalgorithmsthatare presentedinSection2,Subasree (SubasreeandSakthivel,2010),Dubal(Dubaletal.,
2011),Kumar(Kumar,2012),Ren(RenandMiao,2010),andZhu(Zhu,2011).
4.1. Sizeofciphertext
Table1describestheoutputoftheencryptionprocess.Itshowsthesizeoftheciphertextinbytes.Itisshownthat
Kumaralgorithmhasalargestsizeofciphertextwhereastheotheralgorithmsgiveaciphertextsizesthatareequalor veryclosetothesizeoftheplaintext.
Table1
Sizeofciphertext(byte).
Sizeofplaintext(bytes) Subasree Dubal Kumar Ren Zhu THCA
609 609 673 846 602 609 641
25,615 25,615 25,645 35,142 25,610 25,615 25,647
35,080 35,080 35,192 48,226 35,070 35,080 35,112
61,386 61,386 61,486 84,340 61,369 61,386 61,418
184,162 184,162 184,262 253,008 184,143 184,162 184,194
4.2. Timeofencryptionanddecryptionprocesses
Theencryptiontimeisthetimethatanencryptionalgorithmtakestoproduceaciphertextfromaplaintext.The decryptiontimeisthetimethatandecryptionalgorithmtakestoproduceaplaintextfromaciphertext.
Tables2and3showthetimeofencryptionanddecryptionprocessesfordifferentsizesofplaintext;respectively. Itisclearthat,THCAachievestheleasttimeforbothencryptionanddecryption.Thisisduetothattheplaintextof theproposedalgorithmissplitintotwodifferentpartsandthesepartsareencryptedanddecryptedsimeltaneously. Thetimesshowninthetablesarethemaximumtimeofprocessingthetwoparts.ItisshownthatZhualgorithmhas thesametimeof THCAsincethatthe messageinthisalgorithmisencryptedinasinglephasewhichleadstoless securitylevel.Achievinglessencryptiontimeresultsinhighestthroughputsincethatthethroughputofencryptioncan becalculatedasthetotalplaintextovertheencryptiontime.Then,THCAcanrealizethehighestthroughput.
4.3. Timecomplexity
InTHCA,thetimecomplexityofencryptionprocessiscalculatedasfollows:Max[O(log2(n+1)+2n+√n+ 8)ANDO(log(n2)+log(n)+3n+6)] that is equal to O(log(n2)+log(n)+3n+6) which is the integration of
O(log(n2)+log(n)+n+2n+2+1+3).Itconsists of seven terms. Thefirst term (log(n2))denotestime complex-ityofDUALRSA(Sunetal.,2007).Thesecondandthirdterms(log(n)+n)refertotimecomplexityofXOR.The forthandfifthterms(2n+2)refertotimecomplexityoftwoforloops.Thesixthterm(1)referstotimecomplexity ofMD5.Itisaconstantvaluesinceitisaprobabilisticcomparisonalgorithm(Erickson,2008).Theseventhterm(3)
referstothevariables.Itcanbeneglectedsinceitisverysmallwithrespectton.Then,thetotaltimecomplexityof encryptioncanbesummerizedtoO(log(n2)+log(n)+3n)thatcanbereducedfurthertoO(n).
Table2
Timeofencryption(ms).
Sizeofplaintext(bytes) Subasree Dubal Kumar Ren Zhu THCA
609 2063 2032 1500 1432 998 998 25,615 3683 6305 1518 1490 1022 1022 35,080 5651 15,643 1526 1468 1059 1059 61,386 15,351 120,608 4219 3019 3143 3143 184,162 105,889 198,700 5752 4970 3814 3814 Table3 Timeofdecryption(ms).
Sizeofplaintext(bytes) Subasree Dubal Kumar Ren Zhu THCA
609 1078 1016 966 756 562 562
25,615 1085 4053 972 821 713 713
35,080 1082 13,227 980 953 824 824
61,386 1197 13,227 991 864 891 891
Table4
Timecomplexityofencryptionanddecryption.
Algorithm Encryptionprocess Decryptionprocess
Subasree O(log(n2)+4n) O(log(2n3)+4n)
Dubal O(log(n2)+log2(n)+√n+4n) O(log(2n3)+log2(n)+√n+4n)) Kumar O(log2(n+1)+√n+4n) O(log2(n+1)+√n+5n)
Ren O(log(n2)+√n+4n) O(log(n3)+√n+4n)
Zhu O(log2(2n+1)+√n+4n) O(log2(2n+1)+√n+4n)
THCA O(log(n2)+log(n)+3n) O(log(n)+log(2n3)+2n)
ThetimecomplexityofdecryptionprocessofTHCAiscalculatedasfollows:Max[O(log2(n+1)+2n+√n+ 10)ANDO(log(n)+log(2n3)+3n+7)] that isequal toO(log(n)+log(2n3)+2n+6) whichis theintegration of
O(log(2n3)+log(n)+n+2n+2+1+4).Itconsistsofseventerms.Thefirstterm(log(2n3))denotestimecomplexity ofdecryptionofDUALRSA,thesecondandthirdterms(log(n)+n)refertotimecomplexityofXNOR,theforthand fifthterms(2n+2)referstotimecomplexityoftwoforloops,thesixthterm(1)referstotimecomplexityofMD5,the seventhterm(7)referstotimecomplexityofthevariables.Then,itcanbesummerizedtoO(log(n)+log(2n3)+2n) thatcanalsobereducedfurthertoO(n).
Table4showsthetimecomplexityofTHCAcomparedwiththeexistingalgorithmsforencryptionanddecryption process.NotethatthetimecomplexityshowninthetablebeforefinalabbreviationthatyieldstoO(n)inallalgorithms. However,itisshownthatTHCAhastheleastamountofprocessingtimebecauseofthatboththetwophasesofthe algorithmareencryptedanddecryptedsimultaneously.
5. SimulationResultsofWSN
Inordertoprovetheresultsoftheproposedprotocol,itistestedasthesecurityprotocolinWSN.Thesimulation isdoneusingthenetworksimulatorNS2.
5.1. Simulationenvironment
ItisassumedinthetopologyoftheWSNthatitconsistsoftwentynodes.Thenodesarelocatedrandomlyinthe network.Differentscenariosareassumedfortransmissionofdatabetweendifferentnodes.Eachnodemusthavethe informationabouttheothernodespresentintheWSN.Thisinformationisfirsttransmittedintheformofsmallpacket. Thispacketcontainstheinformationaboutthesourceaddress.Ifanyintermediatenodereceivesapacket,itforwards thispackettothenextneighboringnode.Whenthispacketreachesthefinalnodeitchecksalltheaddresspresentinthis packetandthentransmitsreplybacktothesourcenode.Thesizeofthepacketincreasesgraduallyastheintermediate nodesaddtheiraddresstothepacket.Aftertransmissionofpacket,everysensornodehastheideaofthelocationof everyothersensornodeinthenetwork.Therefore,thecommunicationcanbedonefromonenodetotheothernode.
Insomesituations,thelinkspresentbetweenthesensorsnodesfailor thesensornodesmovefromtheiractual locationandtherebyresultinginbreakageofthelink.Insomeothercases,improperpacketsmaybepropagatedover thelinkbetweenanytwonodes.Inaddition,somepacketsmaybedroppedduetodelayofexecutiontime(timeout). Whensuchinsecurepacketsaredropped,thelinkwillnotbeusedforacertaintimeandthenetworkusesanalternate path.
5.2. Energyconsumption
Becauseofthe powersource limitationof WSNs,allprocesses andcommunication protocolsregardingsensor networksmustminimize energyconsumptionsothatsensor lifetimemaybemaximized.Theevaluationof energy consumptionconsidersboththeenergyconsumedduringtheexecutionofcryptographicalgorithmsandtheenergyof communication.Theenergyrequiredforthecalculationofcryptographyalgorithmissimplytheproductoftheaverage powerconsumptionandtheexecutiontimeofthisalgorithm.Theexecutiontimewasdeterminedthroughsimulations.
Fig.1.EnergyconsumptionofTHCAwiththecomparisonoftheotheralgorithms.
Fig.2.RateofdroppedpacketsofTHCAandtheexistingalgorithms.
Communicationenergydependsonthedistancebetweensendingandreceivingnodesandthetimerequiredforsending theciphertext,whichitisproportionaltothesizeoftheplaintext.
Fig.1showstheenergy consumptionofTHCAcomparedtotheotheralgorithms.Itconsumesabout10(mJ)at 184,162plaintextsize(byte)asopposedto63,31,544,290(mJ)forRen,Kumar,Dubal,andSubasree;respectively. ItisshownthattheTHCAachievestheleastenergyconsumptionwhichisthedemandtoguaranteethelifetimeof sensornetworks.
5.3. Rateofdroppedpackets
Fig.2shows therateof droppedpackets. ItisshownthattheTHCA achievestheleast rateof packetdropping comparedtotheotherprotocols. Thisis duetothat,the proposedTHCAchecksauthenticationusingDUALRSA
andthenprotectsthenetworkfromunsecurednodes.Inaddition,thenumberofdroppedpacketsduetotimeoutis decreasedintheTHCAsinceithastheleastexecution.
6. ImplementationofTHCAonimages
Inthissection,theproposedTHCAistestedonimageencryptiontoproveitsrobustnessagainstdifferenttypesof attacks.Itisappliedonimageprotectionapplicationusingmagiccubetheory.Themagiccube(Bashiretal.,2012) dividestheoriginalimageintosixsub-imagesandthesesub-imagesaredividedintoanumberofblocksandattached tothefacesofamagiccubeasshowninFig.3.ThentheattachedimageisfedtoTHCAwhichisappliedtothepixels oftheimagetoencryptthescrambledimage.
Fig.3.Mappingthesixsub-imagesonthemagiccubefaces.
6.1. Descriptionofthecubemapping
1. TheoriginalimageisresizedtoasizeofM×Nsothattheresizedimagecanbedividedintosixsub-imagesofthe samesizeandwithnooverlapping.
2. Thesub-imageshavethesize(M/3)×(N/2).ThesixfacesaremarkedasUp(U),Front(F),Right(R),Left(L), Down(D)andBack(B).
3. Thesixsub-imagesaredividedintoanumberofblockswiththesamenumberofpixels.
4. AccordingtotheimplementationofTHCA,Thesub-images(U,D,F)areencryptedbyfirstpartofTHCAwhich uses(AESwithECC)forencryption whilesub-images(B,L,R)are encryptedbythesecond part whichuses (XOR-DUALRSA).
5. Atthereceiverside,theoriginalimageisretrievedbymappingofthesixsub-imagesonthemagiccubefaces.
6.2. Securityanalysis
Agoodencryptionprocedureshouldberobustagainstallkindsofattacks.Somesecurityanalysiswasperformed ontheproposedTHCAinthecaseofusingimage,includingthemostimportantlikestatisticalanalysisandkeyspace analysis.
6.2.1. Statisticalanalysis
Anidealciphershouldberobustagainstanystatisticalattack.Toprovetherobustnessoftheproposedalgorithm, weperformedstatisticalanalysisbycalculatingthehistogramsandthecorrelationsoftwoadjacentpixelsintheplain image/cipherimage.
6.2.1.1. Histogramsanalysis. Thehistogramoftheimageshowshowpixelsintheoriginalimagesaredistributedby
graphingthenumberofpixelsateachgraylevel(Abderrahimetal.,2012;Ahmedetal.,2007).Acolorhistogram representsthenumberofpixelsthathavecolorsineachofafixedlistofcolorrangesthatusedforthree-dimensional spacelikeRGBchannels.Wecalculatedandanalyzedthehistogramsoftheseveraloriginalandencryptedimagesthat havewidelydifferentcontents.
Fig.4showsthehistogramofManplainimageandtheManencryptedimage.Itisshownthattheyaresignificantly different.Fig.5showsthehistogramofLenaplainimage.Fig.5(e), (g)and(i)illustratetheHistogramofLena’s imageofRed,GreenandBluechannelsrespectively.ThehistogramsofthecipherimagesareshowninFig.5(d),(f), (h)and(j).Itisalsoshownthattheyaresignificantlydifferentfromthatoftheoriginalimagesandhavenostatistical resemblancetotheplainimages.
Itisclearthatthehistogramoftheencryptedimagesaresignificantlydifferentfromtherespectivehistogramofthe originalimagesandhencedoesnotprovideanycluetoemployanystatisticalattackontheproposedTHCAinthecase ofusingimage.
6.2.1.2. Correlation coefficient analysis. In addition to the histogram analysis, we also analyzed the correlation
Fig.4.Histogramsoftheplainimageandthecorrespondingcipherimage.
image/cipherimage;respectively.First,werandomlyselected2000pairsoftwoadjacentpixelsfromanimage.Then, wecalculatedtheircorrelationcoefficient(rxy)usingthefollowingformula(Abderrahimetal.,2012):
rxy= Cov (x,y) D(x)√D(y) (21) where Cov(x,y)= N i=1 (xi−x)(y−y) (22) x= 1 N N i=1 xi (23) y= 1 N N I=1 yi (24) D(x)= N i=1 (xi−x)2 (25) D(y)= N i=1 (yi−y)2 (26)
wherexiistheintensityoftheithpixelinoriginalimage,yiistheintensityoftheithpixelincipheredimage,x is
themeanintensityoforiginalimage(thesumvaluesdividedbynumberofselectedpixels),yisthemeanintensityof cipheredimage,andNisthenumberofselectedpixels.
Table5
Correlationanalysisinmanplainimage/mancipherimage.
AlgorithmDirectionofadjacentpixels Plainimage Cipherimage
Horizontal −0.0468 0.2951
Vertical −0.0488 0.09935
Diagonal −0.0353 0.09614
Table6
Correlationanalysisinlenaplainimage/lenacipherimage.
Algorithmdirectionofadjacentpixels Plainimage Cipherimage
Horizontal 0.9898 0.0303
Vertical 0.9805 0.0302
Diagonal 0.9769 0.0311
The correlationcoefficient has the value 1 if the two images are absolutely identical, 0 or very near to zero if theyare completely uncorrelated, or -1 if theyare completely anti-correlated, for example if oneimage isthe negativeof the other.It is clearfrom Table5 that the cipher Man imageis highlyindependent of the Man plain image.
InTable6,thecorrelationcoefficientsoftwohorizontallyadjacentpixelsare0.9898and0.0303;respectivelyfor bothLenaplainimage/LenacipherimageofTHCA.Similarresultsforverticalanddiagonaldirectionsareobtained.It isclearfromTable6thatthereisanegligiblecorrelationbetweenthetwoadjacentpixelsinthecipherimage.However, thetwoadjacentpixelsintheplainimagearehighlycorrelatedasshownintheFig.6.
Fig.6.Correlationoftwoadjacentpixels:(a)distributionoftwohorizontallyadjacentpixelsintheManplainimage,(b)distributionoftwo
horizontallyadjacentpixelsintheManencryptedimage,(c)distributionoftwohorizontallyadjacentpixelsinLenaPlainimage,(d)distributionof
Fig.7.KeysensitiveTest(1)withTHCA.
6.2.2. Keyspaceanalysis
Agoodimageencryptionalgorithmshouldbesensitivetothecipherkeys,andthekeyspaceshouldbelargeenough tomakebrute-forceattacksinfeasible.THCAhastwotypesofkeys,thefirstkeyisthesecurekeywhichisusedto encryptthefirsthalfof plainimageandthesecond keyisthepublic keywhichusedtoencryptthesecond halfof plainimage.Then,fortheproposedTHCA,keyspaceanalysisandtestinghavetobecarefullyperformed.Thechange ofasinglebitinthesecretkeyorprivatekeyshouldproduceacompletelydifferentencryptedimage,whichmeans thatthecipherimagecannotbedecryptedcorrectlyalthoughthereisonlyaslightdifferencebetweenencryptionand decryptionkeys.ThisguaranteesthesecurityofTHCAagainstbrute-forceattackstosomeextent.Fortestingthekey sensitivityofTHCA,thefollowingstepswereperformedinTest(1)showninFig.7:
1. First,theoriginalimage(Fig.7(a))isencryptedbyusingthetestsecurekey“1551917990046475381”whichis equivalentto“1589853085422475”(inhexadecimal)andpublickey(3, 33).Theresultantimageisreferred as encryptedimageAasshowninFig.7(b).
2. Then,themostsignificantbitofthesecretkey(inhexadecimal)ischanged,sothattheoriginalsecretkeybecomes, say“2704839494653322357”whichisequivalentto“2589853085422475”(inhexadecimal)andthesamepublic key(3,33).TheresultantimageisreferredasencryptedimageBasshowninFig.7(c).
3. Then,theleastsignificantbitofthesecretkey(inhexadecimal)ischanged,sothattheoriginalsecretkeybecomes, say“1551917990046475380”whichisequivalentto“1589853085422474”(inhexadecimal)andthesamepublic key(3,33).TheresultantimageisreferredasencryptedimageCasshowninFig.7(d).
Table7
Correlationcoefficientsbetweenthecorrespondingpixelsofthethreedifferentencryptedimagesobtainedbyusingslightlydifferentsecretkeys.
Image1 Image2 Correlationcoefficient
EncryptedimageAFig.7(b) EncryptedimageBFig.7(c) 0.0309
EncryptedimageBFig.7(c) EncryptedimageCFig.7(d) 0.0358
EncryptedimageCFig.7(d) EncryptedimageAFig.7(b) 0.0342
Fig.7showstheoriginalimageaswellasthethreeencryptedimagesproducedintheabovesteps.Itisnoteasy tocomparetheencryptedimagesbysimplyobservingtheseimages.Soforcomparison,thecorrelationcoefficients betweenthecorrespondingpixelsofthethreeencryptedimageshavetobecompared.Forthiscalculation,theformula in(21)isusedexceptthatinthiscasexandyarethevaluesofcorrespondingpixelsinthetwoencryptedimagesto becompared.Table7showstheresultsofthecorrelationcoefficientsbetweenthecorrespondingpixelsofthethree encryptedimagesA,BandC.Itisclearfromthetablethatthereisnocorrelationexistsamongthethreeencrypted imageseventhoughthesehavebeenproducedbyusingslightlydifferentsecretkeys.Keysensitivityanalysisshows thatchangingonebitinencryptionkeywillresultinacompletelydifferentcipherimage.
Moreover,Fig.8showstheresultsofTest(2)thatpresentssomeattemptstodecryptanencryptedimagewithslightly differentsecretkeysthantheoneusedfortheencryptionoftheoriginalimage.Fig.8(a)and(b)showstheoriginal imageandtheencryptedimageproducedusingthesecretkey“1589853085422475”(inhexadecimal)andprivatekey (7,3,11),respectively.WhereasFig.8(c)and(d)showstheimagesafterthedecryptionoftheencryptedimagewith thesamesecretkey“1589853085422475”(inhexadecimal)andtheslightlydifferentsecretkey“1589853085422474”
(inhexadecimal);respectively.Itisclearthatthedecryptionwithaslightlydifferentkeyfailscompletelyandhence theproposedTHCAishighlykeysensitive.
7. Conclusion
Inthispaper,arobusthybrid securityalgorithmfor WSNsisproposed.Itisdesigned inordertosolveseveral problemsaspractical implementation,shortresponsetime,efficientcomputationandthestrengthof cryptosystem. TheproposedTHCAtriestotraptheintruderbysplittingtheplaintextandthenappliestwodifferenttechniques.First, ittakestheadvantagesofthecombinationofbothsymmetricandasymmetriccryptographictechniquesusingboth
AESandECCalgorithms.Second,XOR-DUALRSAisusedsinceitismorerobustandcannotbeeasilyattacked. Inaddition,HashingisalsousedfordataintegrityusingMD5tobeensuredthattheoriginaltextisnotbeingaltered inthe communicationmedium.TheperformanceofTHCA iscomparedwithotherexisting securityalgorithms.It offersbettersecurityforashorterencryptionanddecryptiontimeandsmallestciphertextsize.Thereby,itdecreases theprocessingoverheadandachieveslowerenergyconsumptionthat isappropriateforallWSNapplications.The proposedTHCAisimplementedinthecaseofimageencryption.Itisshownthatitisrobustagainstdifferenttypesof attacks.
References
Abderrahim,N.,Benmansour,F.,Seddiki,O.,2012.Integrationofchaoticsequencesuniformlydistributedinanewimageencryptionalgorithm.
Int.J.Comput.Sci.(IJCSI)9(2).
Ahmed,H.,Kalash,H.,FaragAllah,O.,2007.AnEfficientChaos-BasedFeedbackStreamCipher(ECBFSC)forimageencryptionanddecryption.
Informatica31(1),121–129.
Balitanas,M.,2009.WiFiprotectedaccess-pre-sharedkeyhybridalgorithm.Int.J.Adv.Sci.Technol.12.
Bashir,A.,Basari,A.,Almangush,H.,2012.NovelImageEncryptionusinganIntegrationTechniqueofBlocksRotationbasedontheMagiccube
andtheAESAlgorithm.IntJ.Comput.Sci.9(4).
Boneh,D.,Durfee,G.,2000.CryptanalysisofRSAwithprivatekeydlessthanN.IEEETrans.Inf.Theory46(4),1339–1349.
Burr,W.,2003.Selectingtheadvancedencryptionstandard.IEEESecur.Priv.1(2),43–52.
Dubal,M.J.,Mahesh,T.R.,Ghosh,P.A.,2011.Designofanewsecurityprotocolusinghybridcryptographyarchitecture.In:Proceedingsof3rd
InternationalConferenceonElectronicsComputerTechnology(ICECT),vol.5,India.
Erickson,J.,2008.Hacking:TheArtofExploitation,ch.7,2nded.W.PollockofPublisher,USA,pp.393–450.
Farouk,F.,Rizk,R.,Zaki,F.W.,2014.Multi-levelstableandenergyefficientclusteringprotocolinheterogeneouswirelesssensornetwork.IET
Wirel.Sens.Syst.4(4),159–169,http://dx.doi.org/10.1049/iet-wss.2014.0051.
Faye,S.,Myoupo,J.F.,2013.Secureandenergy-efficientgeocastprotocolsforwirelesssensornetworksbasedonahierarchicalclusteredstructure.
Int.J.Netw.Secur.15(1),121–130.
Fouchal,H.,Hunel,P.,Ramassamy,C.,2014.Towardsefficientdeploymentofwirelesssensornetworks.Secur.Commun.Netw.,http://dx.doi.org/
10.1002/sec.1059.
Frunza,M.,Asachi,Gh.,2007.ImprovedRSAencryptionalgorithmforincreasedsecurityofwirelessnetworks.In:ISSCSInternationalSymposium,
vol.2.
Hayajneh,T.,Doomun,R.,Almashaqbeh,G.,Mohd,B.J.,2013.Anenergy-efficientandsecurityawarerouteselectionprotocolforwirelesssensor
networks.Secur.Commun.Netw.,http://dx.doi.org/10.1002/sec.915.
Hossain,Md.A.,Islam,Md.K.,Das,S.K.,Nashiry,Md.A.,2012.CryptanalyzingofmessagedigestalgorithmsMD4andMD5.Int.J.Cryptogr.Inf.
Secur.(IJCIS)2(1).
Johnson,D.,Menezes,A.,Vanstone,S.,2001.Theellipticcurvedigitalsignaturealgorithm(ECDSA).Int.J.Inf.Secur.1(1),36–63.
Kodali,R.,Sarma,N.,2013.EnergyefficientECCencryptionusingECDH.In:EmergingResearchinElectronics,ComputerScienceandTechnology,
LectureNotesinElectricalEngineering,vol.248.Springer,pp.471–478.
Kumar,N.,2012.ASecureCommunicationWirelessSensorNetworksThroughHybrid(AES+ECC)Algorithm,vol.386.vonLAPLAMBERT
AcademicPublishing.
Lasla,N.,Derhab,A.,Ouadjaout,A.,Bagaa,M.,Challal,Y.,2014.SMART:securemlti-pathsroutingforwirelesssensornetworks.In:Ad-hoc,
Mobile,andWirelessNetworks,LectureNotesinComputerScience,vol.8487,pp.332–345.
Lenstra,A.,2001.UnbelievablesecuritymatchingAESsecurityusingpublickeysystems.Adv.Cryptol.ASIACRYPT2248,67–86.
MaryAnita,E.A.,Geetha,R.,Kannan,E.,2015.Anovelhybridkeymanagementschemeforestablishingsecurecommunicationinwirelesssensor
networks.Wirel.Pers.Commun.,http://dx.doi.org/10.1007/s11277-015-2290-9.
Ren,W.,Miao,Z.,2010.AhybridencryptionalgorithmbasedonDESandRSAinbluetoothcommunication.In:Proceedingsofthe2ndInternational
ConferenceonModeling,SimulationandVisualizationMethods,China,pp.221–225.
Singh,G.,Supriya,2013.Astudyofencryptionalgorithms(RSA,DES,3DESandAES)forinformationsecurity.Int.J.Comput.Appl.67(19),
33–38.
Sun,H.,etal.,2007.DualRSAanditssecurityanalysis.IEEETrans.Inf.Theory,2922–2933.
Tillich,S.,Großschädl,J.,2005.AcceleratingAESusinginstructionsetextensionsforEllipticCurvecryptography.In:ComputationalScienceand
ItsApplications–ICCSA,vol.3481.,pp.665–675.
Yu, N.,Zhang,L., Ren,Y., 2013.AnovelD–S basedsecurelocalizationalgorithm forwirelesssensornetworks.Secur.Commun.Netw.,
http://dx.doi.org/10.1002/sec.909.
Zhu,S.,2011.Researchofhybridcipheralgorithmapplicationtohydraulicinformationtransmission.In:ProceedingsofInternationalConference