Two-phase hybrid cryptography algorithm for wireless sensor networks

(1)

Availableonlineatwww.sciencedirect.com

ScienceDirect

JournalofElectricalSystemsandInformationTechnology2(2015)296–313

Two-phase

hybrid

cryptography

algorithm

for

wireless

sensor

networks

Rawya

Rizk

∗

,

Yasmin

Alkady

ElectricalEngineeringDepartment,PortSaidUniversity,PortSaid,Egypt

Received25May2015;receivedinrevisedform25November2015;accepted25November2015

Availableonline8December2015

Abstract

Forachievingsecurityinwirelesssensornetworks(WSNs),cryptographyplaysanimportantrole.Inthispaper,anewsecurity algorithmusingcombinationofbothsymmetricandasymmetriccryptographictechniquesisproposedtoprovidehighsecuritywith minimizedkeymaintenance.Itguaranteesthreecryptographicprimitives,integrity,confidentialityandauthentication.Elliptical CurveCryptography(ECC)andAdvancedEncryptionStandard(AES)arecombinedtoprovideencryption.XOR-DUALRSA algorithmisconsideredforauthenticationandMessageDigest-5(MD5)forintegrity.Theresultsshowthattheproposedhybrid algorithmgivesbetterperformanceintermsofcomputationtime,thesizeofciphertext,andtheenergyconsumptioninWSN.Itis alsorobustagainstdifferenttypesofattacksinthecaseofimageencryption.

Keywords:AdvancedEncryptionStandard;Cryptography;EllipticCurve;MessageDigest-5;XOR-DualRSA

1. Introduction

Wirelesssensornetworks(WSNs)haveagreatvulnerabilityduetothebroadcastnatureanddangerousenvironment. Correspondingly,therearemanysolutionsforthesecurityissuessuchasroutingsecurity(Fouchaletal.,2014;Hayajneh etal.,2013;Laslaetal.,2014;Farouketal.,2014),securelocalization(Yuetal.,2013),andkeymanagementand cryptography(MaryAnitaetal.,2015).Cryptographicalgorithmsareanessentialpartofthesecurityarchitectureof WSNs.

WSNssufferfrommanyconstraintssuchaslowbatterylifeandsmallmemory.Duetotheselimitations,WSNis notabletodealwithtraditionalcryptographicalgorithms.Twomainproblemsrelatedtosecurityalgorithmsarisein WSNs.First,theoverloadthatsecurityalgorithmsintroduceinmessagesshouldbereducedataminimum;everybit

∗_{Corresponding}_author._Tel.:₊₂₀_1009067030.

E-mailaddresses:r.rizk@eng.psu.edu.eg(R.Rizk),engyasminalkady@yahoo.com(Y.Alkady).

PeerreviewundertheresponsibilityofElectronicsResearchInstitute(ERI).

http://dx.doi.org/10.1016/j.jesit.2015.11.005

(2)

thesensorsendsconsumesenergyand,consequently,reducesthelifeofthedevice.Second,thememorysizewhich referstosizeofanencryptedmessageandthekeysizeshouldalsobereduced(FayeandMyoupo,2013).

VariouscryptographicalgorithmshavebeenproposedtoachievethesecurityrequirementssuchasAuthentication, Confidentiality,andIntegrity.Authenticationmeanspreventingunauthorizedpartiesfromparticipatinginthenetwork. Confidentialitymeanskeepinginformationsecretfromunauthorizedparties.Integrityensuresthereceiverthatthe receiveddataisnotalteredintransitbyanadversary.Dataauthenticationcanprovidedataintegrityalso.

Encryptionistheprocessofencodinginformationinsuchawaythathackerscannotreadit.Therearetwotypes ofencryptiontechniques;symmetricandasymmetric.Symmetriccryptography,alsocalledprivate-keycryptography usesonlyonekeyforencryptionanddecryption.CommonsymmetricencryptionalgorithmsincludeDataEncryption Standard(DES)(SinghandSupriya,2013)andAdvancedEncryptionStandard(AES)(Burr,2003).Asymmetrickey cryptography,alsocalledpublic-keycryptographyrequiresspecialkeystoencryptanddecryptmessages.Common asymmetricencryptionalgorithmsincludeRSA(FrunzaandAsachi,2007)andEllipticCurveCryptography(ECC) (KodaliandSarma,2013).ECDSA–EllipticCurveDigitalSignatureAlgorithm(Balitanas,2009)andECDH–Elliptic CurveDiffieHellman(Johnsonetal.,2001)arebasedonECC.

Bothsymmetricandasymmetriccryptographictechniquesofferadvantagesanddisadvantages.Symmetric encryp-tiontechniquesprovidecost-effectiveandefficientmethodsofsecuringdatawithoutcompromisingsecurityhowever; sharingthesecretkeyisaproblem.Ontheotherhand,asymmetrictechniquessolvetheproblemofdistributingthe keyforencryptionhowever;theyareslowcomparedtosymmetricencryptionandconsumemorecomputerresources. Therefore,the bestpossible solutionfor encryption isthe complementaryuseof bothsymmetric andasymmetric encryptiontechniques.Hybridencryptionattemptstoexploittheadvantagesofbothkindsoftechniqueswhile avoid-ingtheirdisadvantages.Hashingcreatesaunique,fixed-lengthsignatureforamessageordataset.Itiscommonlyused tocheckdataintegrity.MessageDigest-5(MD5)(Hossainetal.,2012)algorithmisawidelyusedcryptographichash functionthatproducesa128-bit(16-byte)hashvalue.Ithasbeenutilizedinawidevarietyofsecurityapplications.

Inthispaper,ahybridcryptographyalgorithmisproposedandpresented.Itisdesignedtoprovidedatasecurityand usersauthenticity.Itincludestwophasesworkatthesametime.InPhaseI,ittakestheadvantagesofthecombination ofbothsymmetricandasymmetriccryptographictechniquesusingbothAESandECCalgorithms.InPhaseII, XOR-DUALRSAisusedsinceitismorerobustandcannotbeeasilyattacked.Inaddition,Hashingisalsousedfordata integrityusingMD5tobeensuredthattheoriginaltextisnotbeingalteredinthecommunicationmedium.Theproposed algorithmhashighoperationspeed,highsecurityperformanceandstrongusability.

The organization of thispaper is as follows: Brief overviewsof related works of some existing protocolsare presentedinSection2.TheproposedhybridencryptionalgorithmisintroducedinSection3.Sections4and5present thenumericalresultsandthesimulationresultsoftheproposedalgorithminWSNs;respectively.Section6presents the implementationofthe proposedalgorithminthe imageprotectionapplication. Finally,themain conclusionis presentedinSection7.

2. Relatedwork

Todate,manycryptographyalgorithmshavebeenproposedbutalotofthemarenotcompletesuitableforWSNs. InSubasreeandSakthivel(2010),asecurityalgorithmarchitectureisproposedbySubasree.Inthisalgorithm,the givenplaintextisencryptedusingECCandthederivedciphertextiscommunicatedtothedestinationthroughsecured channel.Simultaneously,theHashvalueiscalculatedthroughMD5forthesameplaintext,andthenencryptedwith

DUALRSA.Theencryptedmessageofthishashvalueisalsosenttothedestination.Inthisalgorithm,itisdifficult toextracttheplaintextfromtheciphertext,becausethehashvalueisencryptedwithDUALRSAandtheplaintextis encryptedwithECC.ThenewhashvalueiscalculatedwithMD5andthenitiscomparedwithdecryptedhashmessage foritsintegrity.Bywhich,itisensuredthateithertheoriginaltextbeingalteredornotinthecommunicationmedium. Thisistheprimitivefeatureofthisalgorithmhowever,therearetwodisadvantages.First,themessageisencryptedby asymmetricencryptionalgorithms(ECCandDUALRSA)thatareslowcomparedtosymmetricencryption.Second, ifanattackerdeterminesaperson’sprivatekey,hisorherentiremessagescanberead.

InDubalsecurityalgorithmarchitecture(Dubaletal.,2011),thegivenplaintextisencryptedwithakeythatis generatedbyECDH.Theencryptionalgorithmused isDUALRSA.Thederived ciphertextisappended withthe digital signatureformoreauthentications, generatedbytheECDSA algorithm.Simultaneously,theHashvalueof thisencryptedciphertextistakenthroughtheMD5algorithm.Then,thegeneratedciphertextandthesignatureare

(3)

communicatedtothedestinationthroughsecuredchannel.Ontheotherside,i.e.,ondecryptionend,thehashvalueis firstevaluatedandintegrated.Thisiscomparedwiththesignature,fortheverificationofthedigitalsignatureappended attheendofmessage.Thereafter,thedecryptionofciphertextisdonebyDUALRSA(Sunetal.,2007).Hence,the plaintextcanbederived.In thisalgorithm,theintrudermaybetrappedbyboththeencryptionbytheDUALRSA

withthekeygeneratedbyECDHalgorithmandtheappendedsignature.Hence,themessagecanbecommunicated tothedestinationwithhighlysecuredmanner.However,theusedasymmetricencryptionalgorithms(DUALRSAand

ECDH)areslowcomparedtosymmetricencryption.Inaddition,theattackermayreadthemessages ifhe/shecan determinetheprivatekey.

AhybridalgorithmarchitectureisproposedbyKumar(2012).Inthisalgorithm,thegivenplaintextisencrypted firstwithAESalgorithmandthenwithECCalgorithm.Thehashvalueofthisencryptedciphertextistakenthrough theMD5.Ontheotherside,theHashvalueisfirstevaluatedandintegrated.Thereafter,thedecryptionofciphertext isdonebyAESandECCdecryptionalgorithms.Hence,theplaintextcanbederived.Thisalgorithmisacombination ofbothsymmetricandasymmetriccryptographictechniques.However,theexecutiontimeofthisalgorithmislong becausetheplaintextisencryptedsequentiallybybothAESandECC.

InRenandMiao(2010),ahybridalgorithmisproposed.Inthisalgorithm,DESalgorithmisusedfordata transmis-sionbecauseofitshigherefficiencyinblockencryption,andRSAalgorithmisusedfortheencryptionofthekeyofthe

DESbecauseofitsmanagementadvantagesinkeycipher.Duringtheprocessofsendingencryptedinformation,the randomnumbergeneratoruses64-bitDESsessionkeyonlyonce.Itencryptstheplaintexttoproducetheciphertext. Ontheotherhand,thesendergetspublickeyfrompublickeymanagementcenter,andthenusesRSAtoencryptsession key.Finally,thecombinationofthesessionkeyfromRSAencryption(BonehandDurfee,2000)andtheciphertext fromDESencryptionaresentout.ThisalgorithmisconsideredweaksinceusingDESwithRSAaffectsthesecurity level.

In Zhu(2011), ahybrid algorithmarchitecture ispresented. The plaintextis encrypted withsymmetric cipher algorithm,and the key and digital signaturebelonged to the symmetric encryptionalgorithm are encryptedwith asymmetrickeyalgorithm.ThesenderencryptstheplaintextwiththekeybelongedtotheAESalgorithm.Toensure thesecurityofthecipheralgorithmandsimplifythekeymanagement,thesenderusesthekeyonlyonce.Thereceiver obtainstheoriginalinformationaftersignatureverification.Thisalgorithmsuffersfromlowsecuritylevelsincethat themessageisencryptedinasinglephasewhichleadstolesscomplexity.

Fromthepreviousstudiesit’sshownthatthesecurityalgorithmsthatdependonasymmetricencryptionalgorithms

suchas SubasreeandDubal havecriticalweakness pointssincetheyare slowcomparedtosymmetricencryption

algorithmsandconsumehugepowertoencryptallplaintextbypublickey.Inaddition,ifanattackerdeterminesa person’sprivatekey,hisorherentiremessagescanberead.AlthoughKumarsecurityalgorithmisahybridalgorithm, ithasacriticalweaknesspoint.Itwastesalotoftimeforencryptionanddecryptionprocessessinceitencryptsthe plaintextsequentiallyfirstbyAESandagainbyECC.RenandZhusecurityalgorithmsaresufferingfromlowsecurity levelsinceusingDESwithRSAinRenaffectsthesecuritylevelandusingasinglephaseinZhuleadstolesscomplexity. DuetothehardconstrainsofWSNs,theycannotbeabletodealwiththemajorityofsuchsecurityalgorithms.

3. Theproposedtwo-phasehybridcryptographyalgorithm(THCA)

In thissection, the proposed THCA ispresented. It introduces a newmethod of mergingboth symmetricand asymmetrictechniquesbyperformingtwoparallelphases.Thesephasesavoidthedisadvantagesoftheexistinghybrid algorithmsbyachievinghighsecuritylevelwithoutincreasingtheexecutiontime.

3.1. Encryptionprocess

IntheEncryption,theplaintextisdividedintonblocksBi.Eachblockconsistsof128bits.Then,itisdividedinto

twopartsmi (0:n/2–1)blocks,andMi(n/2:n−1) blocks.Ifnisnotanintegernumberandhasafraction,THCA

algorithmusespaddingwithnullforthelastblocktobe128bits.Theencryptionprocessisdividedintotwophases. InPhaseI,Thefirstn/2blocksareencryptedusing(AESandECC)hybridencryptionalgorithm.ECCalgorithm is used for protectingsecret key since it is the highest secure public key algorithm. Moreover,according to the mathematicalproblemonwhichECCcanbesolvedbyfullyexponentialratherthansub-exponentialforotherpublic keysystems,ECCneedssmallerkeysizethanotheralgorithmsandthatreferstolessmemorysize(KodaliandSarma,

(4)

2013).Itallowsthecommunicationnodestohandlealargernumberofrequestswiththesmallestnumberofdropped packet.SincethatECCconsumesmorepowerthansymmetricalgorithm,using AESalgorithmreducesthe power consumptionandraisesthesystemperformance(Lenstra,2001).WhenusingAESwithECC,we areabletosave power,andachievespeedupto25%forencryptionandnearly20%fordecryption(TillichandGroßschädl,2005).

Thefirstn/2blocksareencryptedasthefollowing:

miisencryptedusingAESbythekeykiwhichisthesecretkeyofAESencryptionalgorithmwithsize128bits.ki

isencryptedbyECCtoproduceKjwithlengthL.

mi= i=n/2−1

i=0

(Bi) 0≤i≤n/2−1 (1)

Kj=ECCenc(TCPK,ki−1) 0≤j≤L−1 (2)

whereECCencisEllipticCurveencryptionfunction.Itcipherstheinputwithtrustcenterpublickey(TCPK)whichis

usedasafunctiontoauthenticatethekey.

Ci =EAES(Kj,Bi) (3)

whereEAESistheAESencryptionfunction.

PhaseIIisperformedinparallelofPhaseIinordertoincreasethesecuritylevelwithoutincreasingtheexecution time.InPhaseII,theremainingn/2blocksareencryptedusingXOR-DUALRSAalgorithm.DUALRSAallowsfor extremelyfastencryptionanddecryptionthatisatmostfourtimesfasterthanstandardRSA.TheXOREncryption algorithmisasymmetricencryptionalgorithmthatusesthesamekeyforbothencryptionanddecryption.XOR-DUAL RSAalgorithmguaranteesdevelopingastrongeralgorithm,asfollows:

Mi= i=n−1

i=n/2

(Bi) n/2≤i≤n−1 (4)

Inthisalgorithm,twolargeprimenumbersarechosenrandomly;pandq.Then,x=p×q,φ(x)=(p−1)×(q−1).

Anumberrelativelyprimetoφischosen;d.Then,eiscalculatedsuchthate×d=1modφ(x),andPublickey(e,x) isusedforencryption.

Ri=(Bi)emodx (5)

ASCIIfor(Bi)isgetandconvertedtobinary

Li =ASCII(Bi) (6)

whereLiisafunctionusedtoconvertmessageblocktoASCII.RiisacipheredtextusingDUALRSA.

Ci =(Ri)XOR(Li) (7)

MD5isappliedtotheciphertextsciandCi.Itisthebestperformanceofhashingfunctionsecurity(Tillichand

Großschädl,2005).

di=MD5(ci) (8)

Di=MD5(Ci) (9)

Atthefinalstageoftheencryptionprocess,thetwon/2blocksareintegratedtogenerateciphertextofnblocksand itissenttothesinknode.Thecorrespondinghashvalues(diandDi)withsize128bitsforeachoneareconcatenated

andsenttothesinknodeatthesametime.

Q=ci+Ci (10)

(5)

TheencryptionalgorithmisdescribedinAlgorithm1.

Algorithm1.

TheProposedEncryptionAlgorithm.

Input:P(Plaintext),k(secretkeyofAESencryption),s(128bitsizeofblock);

Output:Q(Ciphertext),ci(encryptedtextusingAESwithECC),Ci(encryptedtextusingXORDUALRSA),H(hashingvalueofciphertext);

1. n=P/s; 2. leti=0; 3. do{ 4. mi=

i=n/2−1

i=0 (Bi)firstpartofplaintext; 5. for(j=0;j<=n−1;j++) 6. { 7. Kj=ECCenc(TCPK,ki−1); 8. } 9. ci=EAES(Kj,Bi); 10. di=MD5(ci); 11. i++; 12. } 13. while(i<n/2); 14. i=(n/2)

15. Letpandqtwolargeprimenumbers 16. x=p×q

17. φ(x)=(p−1)×(q−1)

18. Letdarelativelyprimenumbertoφ

19. e×d=1modφ(x)

20. Let(e,x)publickeyofDUALRSA. 21. do{

22. Mi= i=n

i=n/2(Bi)secondpartofplaintext; 23. Ri=(Bi)emodx; 24. Li=ASCII(Bi); 25. Ci=(Ri)XOR(Li); 26. Di=MD5(Ci); 27. i++; 28. } 29. while(i<n); 30. Q=ci+Ci; 31. H=di+Di; 3.2. Decryptionprocess

Inthedecryption,thecipher textQisdividedinton blockseachblockconsists of128 bits,Then,it isdivided intotwopartsci(0:n/2−1)blocksandCi(n/2:n−1)blocks.Hashingisusedinordertoidentifywhetherthesink

nodereceivesthesameciphertextornot.Thehashvaluesinbothphasesarecompared.Iftheyarethesame,thenthe algorithmproceedsthedecryptionprocess.Else,itdiscardsthemessage.

Inthecaseofthehashvaluesarethesameatthesourceandsinknodes,thefirstn/2blocksaredecryptedusing

AESandECCalgorithmsasfollows: ci = i=n/2₋1 i=0 (Bi) 0≤i≤n/2−1 (12) ki=ECCdec(TCPK,Kj−1) 0≤i≤n/2−1 0≤j≤L−1 (13)

(6)

ThekeyofAESkjwithlengthLofbitsisdecryptedbyECCtoproducekiwhichhasusedtodecryptthecipher

textusingAESdecryptionschemebyDAES(AESdecryptionfunction).

mi=DAES(Kj,ci) (14)

miisthefirstpartoftheplaintext.Theremainingn/2blocksaredecryptedusingXNOR-DUALRSAalgorithmas

follows: Ci =

i=n−1

i=n/2

(Bi) n/2≤i≤n−1 (15)

PrivateKey(d,p,q)isusedfordecryption.Tomakedecryption,firstsomeparametersarecomputeddp=dmod

(p−1),dq=dmod(q−1),Rpi=Ridpmodp,Rqi=Ridqmodq,

S0=(Rqi−Cpi)p−1modq (16)

Si=Rpi+S0P (17)

ASCIIfor(Ci)isconvertedtobinary.

Wi=ASCII(Ci) (18)

whereLiisafunctionusedtoconvertblockofciphertexttoASCII.

Mi=SiXNORWi (19)

Miisthesecondpartoftheplaintext.Atthefinalstageofthedecryptionprocess,thetwon/2blocksareintegrated

toproduceplaintextofnblocks.

P =mi+Mi (20)

ThedecryptionalgorithmisdescribedinAlgorithm2.

Algorithm2.

TheProposedDecryptionAlgorithm.

Input:Q(Ciphertext),H(Hashingvalueofciphertext),s(128bitsizeofblock),L(keylength),di,Di,K(encryptedkeyusingECC);

Output:P(Plaintext);

1. n=C/s; 2. leti=0; 3. do{ 4. ci= i=n/2−1 i=0

(Bi)ﬁrstpartofciphertext;

5. di=MD5(ci); 6. Di=MD5(Ci); 7. if(di =di)&(Di=Di) 8. { 9. for(j=0;j<=L−1;j++) 10. { 11. ki=ECCdec(TCPK,Kj−1); 12. } 13. mi=DAES(Kj,ci); 14. i++; 15. } 16. } 17. while(i<n/2); 18. i=n/2;

(7)

Algorithm2(Continued) 19. Give(d,p,q); 20. dp=dmod(p−1); 21. dq=dmod(q−1); 22. do{ 23. Ci= i=n−1 i=n/2

(Bi)secondpartofciphertext;

24. Rpi=Ridpmodp; 25. Rqi=Ridqmodq; 26. S0=(Rqi−Cpi).p−1modq; 27. Siv=Rpi+S0.P; 28. Wi=ASCII(Ci); 29. Mi=SiXNORWi 30. i++; 31. } 32. while(i<n); 33. P=mi+Mi; 3.3. StrengthofTHCA

Thestrengthofanycryptographicalgorithmisbasedonseveralfactors:thecomputationalmethodsandtheused keyaretwoofthem.Innormalcryptographicapproachtheintrudersmaybeabletoidentifyciphertextpatternsthatare transmittedtothedestinationside.Byanalyzingthesequenceofbitpatterns;itispossiblefortheintrudertoidentify whichtypeofencryptionalgorithmisusedortheywillidentifythekeyusedforencryption/decryptionprocess.

InTHCA,splittingtheplaintextimprovesthestrengthoftheproposedalgorithm.Theintruderwillnotbeableto identifywhichtypeofspecificalgorithmisappliedtogeneratetheciphertext.Thus,itisimpossibletodecryptthe ciphertext.Inaddition,thetwohalvesoftheplaintextareencryptedinparallelatthesametimewhichreducesthe timeofbothencryptionanddecryption.

Whenmixing AES with ECC inthe first half of the plain text, the encryption processis done by symmetric algorithm(AES)whichisfasterthanasymmetricalgorithm.ThesecretkeyofAESisencryptedbyECCwhichis morecomplicatedandthenmoresecure.Sothatweobtaintimereductionandpowersavingthataretheadvantagesof symmetricencryptiontechniquesinadditiontothecomplexitywhichisthemainadvantageofasymmetricencryption techniques.UsingXOR-DUALRSAinthesecondhalfoftheplaintextallowsourhybridalgorithmtobemorerobust andcannotbeeasilyattacked.

Inaddition,HashingisalsousedfordataintegrityusingMD5tobeensuredthattheoriginaltextisnotbeingaltered inthecommunicationmedium.Then,theproposedalgorithmhashighoperationspeed,highsecurityperformanceand strongusability.So,wecansaythatTHCAisthetruemeaningofhybridsecurityalgorithm.

4. Numericalresults

Inthissection,the performanceof theproposedTHCA ismeasuredintermsof sizeof thecipher text,timeof encryptionanddecryption processes,andtimecomplexity. Theproposed algorithmis comparedwiththe already existingalgorithmsthatare presentedinSection2,Subasree (SubasreeandSakthivel,2010),Dubal(Dubaletal.,

2011),Kumar(Kumar,2012),Ren(RenandMiao,2010),andZhu(Zhu,2011).

4.1. Sizeofciphertext

Table1describestheoutputoftheencryptionprocess.Itshowsthesizeoftheciphertextinbytes.Itisshownthat

Kumaralgorithmhasalargestsizeofciphertextwhereastheotheralgorithmsgiveaciphertextsizesthatareequalor veryclosetothesizeoftheplaintext.

(8)

Table1

Sizeofciphertext(byte).

Sizeofplaintext(bytes) Subasree Dubal Kumar Ren Zhu THCA

609 609 673 846 602 609 641

25,615 25,615 25,645 35,142 25,610 25,615 25,647

35,080 35,080 35,192 48,226 35,070 35,080 35,112

61,386 61,386 61,486 84,340 61,369 61,386 61,418

184,162 184,162 184,262 253,008 184,143 184,162 184,194

4.2. Timeofencryptionanddecryptionprocesses

Theencryptiontimeisthetimethatanencryptionalgorithmtakestoproduceaciphertextfromaplaintext.The decryptiontimeisthetimethatandecryptionalgorithmtakestoproduceaplaintextfromaciphertext.

Tables2and3showthetimeofencryptionanddecryptionprocessesfordifferentsizesofplaintext;respectively. Itisclearthat,THCAachievestheleasttimeforbothencryptionanddecryption.Thisisduetothattheplaintextof theproposedalgorithmissplitintotwodifferentpartsandthesepartsareencryptedanddecryptedsimeltaneously. Thetimesshowninthetablesarethemaximumtimeofprocessingthetwoparts.ItisshownthatZhualgorithmhas thesametimeof THCAsincethatthe messageinthisalgorithmisencryptedinasinglephasewhichleadstoless securitylevel.Achievinglessencryptiontimeresultsinhighestthroughputsincethatthethroughputofencryptioncan becalculatedasthetotalplaintextovertheencryptiontime.Then,THCAcanrealizethehighestthroughput.

4.3. Timecomplexity

InTHCA,thetimecomplexityofencryptionprocessiscalculatedasfollows:Max[O(log₂(n+1)+2n+√n+ 8)ANDO(log(n2)+log(n)+3n+6)] that is equal to O(log(n2)+log(n)+3n+6) which is the integration of

O(log(n2)+log(n)+n+2n+2+1+3).Itconsists of seven terms. Thefirst term (log(n2))denotestime complex-ityofDUALRSA(Sunetal.,2007).Thesecondandthirdterms(log(n)+n)refertotimecomplexityofXOR.The forthandfifthterms(2n+2)refertotimecomplexityoftwoforloops.Thesixthterm(1)referstotimecomplexity ofMD5.Itisaconstantvaluesinceitisaprobabilisticcomparisonalgorithm(Erickson,2008).Theseventhterm(3)

referstothevariables.Itcanbeneglectedsinceitisverysmallwithrespectton.Then,thetotaltimecomplexityof encryptioncanbesummerizedtoO(log(n2)+log(n)+3n)thatcanbereducedfurthertoO(n).

Table2

Timeofencryption(ms).

609 2063 2032 1500 1432 998 998 25,615 3683 6305 1518 1490 1022 1022 35,080 5651 15,643 1526 1468 1059 1059 61,386 15,351 120,608 4219 3019 3143 3143 184,162 105,889 198,700 5752 4970 3814 3814 Table3 Timeofdecryption(ms).

609 1078 1016 966 756 562 562

25,615 1085 4053 972 821 713 713

35,080 1082 13,227 980 953 824 824

61,386 1197 13,227 991 864 891 891

(9)

Table4

Timecomplexityofencryptionanddecryption.

Algorithm Encryptionprocess Decryptionprocess

Subasree O(log(n2₎₊_4n₎ _O_(log(_2n3₎₊_4n₎

Dubal O(log(n2₎₊_log₂₍_n₎₊√_n₊₄_n₎ _O_(log(2_n3₎₊_log₂₍_n₎₊√_n₊₄_n₎₎ Kumar O(log2(n+1)+√n+4n) O(log2(n+1)+√n+5n)

Ren O(log(n2₎₊√_n₊₄_n₎ _O_(log(_n3₎₊√_n₊₄_n₎

Zhu O(log2(2n+1)+√n+4n) O(log2(2n+1)+√n+4n)

THCA O(log(n2₎₊_log(_n₎₊_3n₎ _O_(log(_n₎₊_log(_2n3₎₊_2n₎

ThetimecomplexityofdecryptionprocessofTHCAiscalculatedasfollows:Max[O(log₂(n+1)+2n+√n+ 10)ANDO(log(n)+log(2n3)+3n+7)] that isequal toO(log(n)+log(2n3)+2n+6) whichis theintegration of

O(log(2n3)+log(n)+n+2n+2+1+4).Itconsistsofseventerms.Thefirstterm(log(2n3))denotestimecomplexity ofdecryptionofDUALRSA,thesecondandthirdterms(log(n)+n)refertotimecomplexityofXNOR,theforthand fifthterms(2n+2)referstotimecomplexityoftwoforloops,thesixthterm(1)referstotimecomplexityofMD5,the seventhterm(7)referstotimecomplexityofthevariables.Then,itcanbesummerizedtoO(log(n)+log(2n3)+2n) thatcanalsobereducedfurthertoO(n).

Table4showsthetimecomplexityofTHCAcomparedwiththeexistingalgorithmsforencryptionanddecryption process.NotethatthetimecomplexityshowninthetablebeforefinalabbreviationthatyieldstoO(n)inallalgorithms. However,itisshownthatTHCAhastheleastamountofprocessingtimebecauseofthatboththetwophasesofthe algorithmareencryptedanddecryptedsimultaneously.

5. SimulationResultsofWSN

Inordertoprovetheresultsoftheproposedprotocol,itistestedasthesecurityprotocolinWSN.Thesimulation isdoneusingthenetworksimulatorNS2.

5.1. Simulationenvironment

ItisassumedinthetopologyoftheWSNthatitconsistsoftwentynodes.Thenodesarelocatedrandomlyinthe network.Differentscenariosareassumedfortransmissionofdatabetweendifferentnodes.Eachnodemusthavethe informationabouttheothernodespresentintheWSN.Thisinformationisfirsttransmittedintheformofsmallpacket. Thispacketcontainstheinformationaboutthesourceaddress.Ifanyintermediatenodereceivesapacket,itforwards thispackettothenextneighboringnode.Whenthispacketreachesthefinalnodeitchecksalltheaddresspresentinthis packetandthentransmitsreplybacktothesourcenode.Thesizeofthepacketincreasesgraduallyastheintermediate nodesaddtheiraddresstothepacket.Aftertransmissionofpacket,everysensornodehastheideaofthelocationof everyothersensornodeinthenetwork.Therefore,thecommunicationcanbedonefromonenodetotheothernode.

Insomesituations,thelinkspresentbetweenthesensorsnodesfailor thesensornodesmovefromtheiractual locationandtherebyresultinginbreakageofthelink.Insomeothercases,improperpacketsmaybepropagatedover thelinkbetweenanytwonodes.Inaddition,somepacketsmaybedroppedduetodelayofexecutiontime(timeout). Whensuchinsecurepacketsaredropped,thelinkwillnotbeusedforacertaintimeandthenetworkusesanalternate path.

5.2. Energyconsumption

Becauseofthe powersource limitationof WSNs,allprocesses andcommunication protocolsregardingsensor networksmustminimize energyconsumptionsothatsensor lifetimemaybemaximized.Theevaluationof energy consumptionconsidersboththeenergyconsumedduringtheexecutionofcryptographicalgorithmsandtheenergyof communication.Theenergyrequiredforthecalculationofcryptographyalgorithmissimplytheproductoftheaverage powerconsumptionandtheexecutiontimeofthisalgorithm.Theexecutiontimewasdeterminedthroughsimulations.

(10)

Fig.1.EnergyconsumptionofTHCAwiththecomparisonoftheotheralgorithms.

Fig.2.RateofdroppedpacketsofTHCAandtheexistingalgorithms.

Communicationenergydependsonthedistancebetweensendingandreceivingnodesandthetimerequiredforsending theciphertext,whichitisproportionaltothesizeoftheplaintext.

Fig.1showstheenergy consumptionofTHCAcomparedtotheotheralgorithms.Itconsumesabout10(mJ)at 184,162plaintextsize(byte)asopposedto63,31,544,290(mJ)forRen,Kumar,Dubal,andSubasree;respectively. ItisshownthattheTHCAachievestheleastenergyconsumptionwhichisthedemandtoguaranteethelifetimeof sensornetworks.

5.3. Rateofdroppedpackets

Fig.2shows therateof droppedpackets. ItisshownthattheTHCA achievestheleast rateof packetdropping comparedtotheotherprotocols. Thisis duetothat,the proposedTHCAchecksauthenticationusingDUALRSA

andthenprotectsthenetworkfromunsecurednodes.Inaddition,thenumberofdroppedpacketsduetotimeoutis decreasedintheTHCAsinceithastheleastexecution.

6. ImplementationofTHCAonimages

Inthissection,theproposedTHCAistestedonimageencryptiontoproveitsrobustnessagainstdifferenttypesof attacks.Itisappliedonimageprotectionapplicationusingmagiccubetheory.Themagiccube(Bashiretal.,2012) dividestheoriginalimageintosixsub-imagesandthesesub-imagesaredividedintoanumberofblocksandattached tothefacesofamagiccubeasshowninFig.3.ThentheattachedimageisfedtoTHCAwhichisappliedtothepixels oftheimagetoencryptthescrambledimage.

(11)

Fig.3.Mappingthesixsub-imagesonthemagiccubefaces.

6.1. Descriptionofthecubemapping

1. TheoriginalimageisresizedtoasizeofM×Nsothattheresizedimagecanbedividedintosixsub-imagesofthe samesizeandwithnooverlapping.

2. Thesub-imageshavethesize(M/3)×(N/2).ThesixfacesaremarkedasUp(U),Front(F),Right(R),Left(L), Down(D)andBack(B).

3. Thesixsub-imagesaredividedintoanumberofblockswiththesamenumberofpixels.

4. AccordingtotheimplementationofTHCA,Thesub-images(U,D,F)areencryptedbyfirstpartofTHCAwhich uses(AESwithECC)forencryption whilesub-images(B,L,R)are encryptedbythesecond part whichuses (XOR-DUALRSA).

5. Atthereceiverside,theoriginalimageisretrievedbymappingofthesixsub-imagesonthemagiccubefaces.

6.2. Securityanalysis

Agoodencryptionprocedureshouldberobustagainstallkindsofattacks.Somesecurityanalysiswasperformed ontheproposedTHCAinthecaseofusingimage,includingthemostimportantlikestatisticalanalysisandkeyspace analysis.

6.2.1. Statisticalanalysis

Anidealciphershouldberobustagainstanystatisticalattack.Toprovetherobustnessoftheproposedalgorithm, weperformedstatisticalanalysisbycalculatingthehistogramsandthecorrelationsoftwoadjacentpixelsintheplain image/cipherimage.

6.2.1.1. Histogramsanalysis. Thehistogramoftheimageshowshowpixelsintheoriginalimagesaredistributedby

graphingthenumberofpixelsateachgraylevel(Abderrahimetal.,2012;Ahmedetal.,2007).Acolorhistogram representsthenumberofpixelsthathavecolorsineachofafixedlistofcolorrangesthatusedforthree-dimensional spacelikeRGBchannels.Wecalculatedandanalyzedthehistogramsoftheseveraloriginalandencryptedimagesthat havewidelydifferentcontents.

Fig.4showsthehistogramofManplainimageandtheManencryptedimage.Itisshownthattheyaresignificantly different.Fig.5showsthehistogramofLenaplainimage.Fig.5(e), (g)and(i)illustratetheHistogramofLena’s imageofRed,GreenandBluechannelsrespectively.ThehistogramsofthecipherimagesareshowninFig.5(d),(f), (h)and(j).Itisalsoshownthattheyaresignificantlydifferentfromthatoftheoriginalimagesandhavenostatistical resemblancetotheplainimages.

Itisclearthatthehistogramoftheencryptedimagesaresignificantlydifferentfromtherespectivehistogramofthe originalimagesandhencedoesnotprovideanycluetoemployanystatisticalattackontheproposedTHCAinthecase ofusingimage.

6.2.1.2. Correlation coefﬁcient analysis. In addition to the histogram analysis, we also analyzed the correlation

(12)

Fig.4.Histogramsoftheplainimageandthecorrespondingcipherimage.

image/cipherimage;respectively.First,werandomlyselected2000pairsoftwoadjacentpixelsfromanimage.Then, wecalculatedtheircorrelationcoefficient(rxy)usingthefollowingformula(Abderrahimetal.,2012):

rxy= Cov (x,y) D(x)√D(y) (21) where Cov(x,y)= N i=1 (xi−x)(y−y) (22) x= 1 N N i=1 xi (23) y= 1 N N I=1 yi (24) D(x)= N i=1 (xi−x)2 (25) D(y)= N i=1 (yi−y)2 (26)

wherexiistheintensityoftheithpixelinoriginalimage,yiistheintensityoftheithpixelincipheredimage,x is

themeanintensityoforiginalimage(thesumvaluesdividedbynumberofselectedpixels),yisthemeanintensityof cipheredimage,andNisthenumberofselectedpixels.

(13)

(14)

Table5

Correlationanalysisinmanplainimage/mancipherimage.

AlgorithmDirectionofadjacentpixels Plainimage Cipherimage

Horizontal −0.0468 0.2951

Vertical −0.0488 0.09935

Diagonal −0.0353 0.09614

Table6

Correlationanalysisinlenaplainimage/lenacipherimage.

Algorithmdirectionofadjacentpixels Plainimage Cipherimage

Horizontal 0.9898 0.0303

Vertical 0.9805 0.0302

Diagonal 0.9769 0.0311

The correlationcoefficient has the value 1 if the two images are absolutely identical, 0 or very near to zero if theyare completely uncorrelated, or -1 if theyare completely anti-correlated, for example if oneimage isthe negativeof the other.It is clearfrom Table5 that the cipher Man imageis highlyindependent of the Man plain image.

InTable6,thecorrelationcoefficientsoftwohorizontallyadjacentpixelsare0.9898and0.0303;respectivelyfor bothLenaplainimage/LenacipherimageofTHCA.Similarresultsforverticalanddiagonaldirectionsareobtained.It isclearfromTable6thatthereisanegligiblecorrelationbetweenthetwoadjacentpixelsinthecipherimage.However, thetwoadjacentpixelsintheplainimagearehighlycorrelatedasshownintheFig.6.

Fig.6.Correlationoftwoadjacentpixels:(a)distributionoftwohorizontallyadjacentpixelsintheManplainimage,(b)distributionoftwo

horizontallyadjacentpixelsintheManencryptedimage,(c)distributionoftwohorizontallyadjacentpixelsinLenaPlainimage,(d)distributionof

(15)

Fig.7.KeysensitiveTest(1)withTHCA.

6.2.2. Keyspaceanalysis

Agoodimageencryptionalgorithmshouldbesensitivetothecipherkeys,andthekeyspaceshouldbelargeenough tomakebrute-forceattacksinfeasible.THCAhastwotypesofkeys,thefirstkeyisthesecurekeywhichisusedto encryptthefirsthalfof plainimageandthesecond keyisthepublic keywhichusedtoencryptthesecond halfof plainimage.Then,fortheproposedTHCA,keyspaceanalysisandtestinghavetobecarefullyperformed.Thechange ofasinglebitinthesecretkeyorprivatekeyshouldproduceacompletelydifferentencryptedimage,whichmeans thatthecipherimagecannotbedecryptedcorrectlyalthoughthereisonlyaslightdifferencebetweenencryptionand decryptionkeys.ThisguaranteesthesecurityofTHCAagainstbrute-forceattackstosomeextent.Fortestingthekey sensitivityofTHCA,thefollowingstepswereperformedinTest(1)showninFig.7:

1. First,theoriginalimage(Fig.7(a))isencryptedbyusingthetestsecurekey“1551917990046475381”whichis equivalentto“1589853085422475”(inhexadecimal)andpublickey(3, 33).Theresultantimageisreferred as encryptedimageAasshowninFig.7(b).

2. Then,themostsignificantbitofthesecretkey(inhexadecimal)ischanged,sothattheoriginalsecretkeybecomes, say“2704839494653322357”whichisequivalentto“2589853085422475”(inhexadecimal)andthesamepublic key(3,33).TheresultantimageisreferredasencryptedimageBasshowninFig.7(c).

3. Then,theleastsignificantbitofthesecretkey(inhexadecimal)ischanged,sothattheoriginalsecretkeybecomes, say“1551917990046475380”whichisequivalentto“1589853085422474”(inhexadecimal)andthesamepublic key(3,33).TheresultantimageisreferredasencryptedimageCasshowninFig.7(d).

(16)

Table7

Correlationcoefficientsbetweenthecorrespondingpixelsofthethreedifferentencryptedimagesobtainedbyusingslightlydifferentsecretkeys.

Image1 Image2 Correlationcoefficient

EncryptedimageAFig.7(b) EncryptedimageBFig.7(c) 0.0309

EncryptedimageBFig.7(c) EncryptedimageCFig.7(d) 0.0358

EncryptedimageCFig.7(d) EncryptedimageAFig.7(b) 0.0342

Fig.7showstheoriginalimageaswellasthethreeencryptedimagesproducedintheabovesteps.Itisnoteasy tocomparetheencryptedimagesbysimplyobservingtheseimages.Soforcomparison,thecorrelationcoefficients betweenthecorrespondingpixelsofthethreeencryptedimageshavetobecompared.Forthiscalculation,theformula in(21)isusedexceptthatinthiscasexandyarethevaluesofcorrespondingpixelsinthetwoencryptedimagesto becompared.Table7showstheresultsofthecorrelationcoefficientsbetweenthecorrespondingpixelsofthethree encryptedimagesA,BandC.Itisclearfromthetablethatthereisnocorrelationexistsamongthethreeencrypted imageseventhoughthesehavebeenproducedbyusingslightlydifferentsecretkeys.Keysensitivityanalysisshows thatchangingonebitinencryptionkeywillresultinacompletelydifferentcipherimage.

Moreover,Fig.8showstheresultsofTest(2)thatpresentssomeattemptstodecryptanencryptedimagewithslightly differentsecretkeysthantheoneusedfortheencryptionoftheoriginalimage.Fig.8(a)and(b)showstheoriginal imageandtheencryptedimageproducedusingthesecretkey“1589853085422475”(inhexadecimal)andprivatekey (7,3,11),respectively.WhereasFig.8(c)and(d)showstheimagesafterthedecryptionoftheencryptedimagewith thesamesecretkey“1589853085422475”(inhexadecimal)andtheslightlydifferentsecretkey“1589853085422474”

(17)

(inhexadecimal);respectively.Itisclearthatthedecryptionwithaslightlydifferentkeyfailscompletelyandhence theproposedTHCAishighlykeysensitive.

7. Conclusion

Inthispaper,arobusthybrid securityalgorithmfor WSNsisproposed.Itisdesigned inordertosolveseveral problemsaspractical implementation,shortresponsetime,efficientcomputationandthestrengthof cryptosystem. TheproposedTHCAtriestotraptheintruderbysplittingtheplaintextandthenappliestwodifferenttechniques.First, ittakestheadvantagesofthecombinationofbothsymmetricandasymmetriccryptographictechniquesusingboth

AESandECCalgorithms.Second,XOR-DUALRSAisusedsinceitismorerobustandcannotbeeasilyattacked. Inaddition,HashingisalsousedfordataintegrityusingMD5tobeensuredthattheoriginaltextisnotbeingaltered inthe communicationmedium.TheperformanceofTHCA iscomparedwithotherexisting securityalgorithms.It offersbettersecurityforashorterencryptionanddecryptiontimeandsmallestciphertextsize.Thereby,itdecreases theprocessingoverheadandachieveslowerenergyconsumptionthat isappropriateforallWSNapplications.The proposedTHCAisimplementedinthecaseofimageencryption.Itisshownthatitisrobustagainstdifferenttypesof attacks.

References

Abderrahim,N.,Benmansour,F.,Seddiki,O.,2012.Integrationofchaoticsequencesuniformlydistributedinanewimageencryptionalgorithm.

Int.J.Comput.Sci.(IJCSI)9(2).

Ahmed,H.,Kalash,H.,FaragAllah,O.,2007.AnEfficientChaos-BasedFeedbackStreamCipher(ECBFSC)forimageencryptionanddecryption.

Informatica31(1),121–129.

Balitanas,M.,2009.WiFiprotectedaccess-pre-sharedkeyhybridalgorithm.Int.J.Adv.Sci.Technol.12.

Bashir,A.,Basari,A.,Almangush,H.,2012.NovelImageEncryptionusinganIntegrationTechniqueofBlocksRotationbasedontheMagiccube

andtheAESAlgorithm.IntJ.Comput.Sci.9(4).

Boneh,D.,Durfee,G.,2000.CryptanalysisofRSAwithprivatekeydlessthanN.IEEETrans.Inf.Theory46(4),1339–1349.

Burr,W.,2003.Selectingtheadvancedencryptionstandard.IEEESecur.Priv.1(2),43–52.

Dubal,M.J.,Mahesh,T.R.,Ghosh,P.A.,2011.Designofanewsecurityprotocolusinghybridcryptographyarchitecture.In:Proceedingsof3rd

InternationalConferenceonElectronicsComputerTechnology(ICECT),vol.5,India.

Erickson,J.,2008.Hacking:TheArtofExploitation,ch.7,2nded.W.PollockofPublisher,USA,pp.393–450.

Farouk,F.,Rizk,R.,Zaki,F.W.,2014.Multi-levelstableandenergyefficientclusteringprotocolinheterogeneouswirelesssensornetwork.IET

Wirel.Sens.Syst.4(4),159–169,http://dx.doi.org/10.1049/iet-wss.2014.0051.

Faye,S.,Myoupo,J.F.,2013.Secureandenergy-efficientgeocastprotocolsforwirelesssensornetworksbasedonahierarchicalclusteredstructure.

Int.J.Netw.Secur.15(1),121–130.

Fouchal,H.,Hunel,P.,Ramassamy,C.,2014.Towardsefficientdeploymentofwirelesssensornetworks.Secur.Commun.Netw.,http://dx.doi.org/

10.1002/sec.1059.

Frunza,M.,Asachi,Gh.,2007.ImprovedRSAencryptionalgorithmforincreasedsecurityofwirelessnetworks.In:ISSCSInternationalSymposium,

vol.2.

Hayajneh,T.,Doomun,R.,Almashaqbeh,G.,Mohd,B.J.,2013.Anenergy-efficientandsecurityawarerouteselectionprotocolforwirelesssensor

networks.Secur.Commun.Netw.,http://dx.doi.org/10.1002/sec.915.

Hossain,Md.A.,Islam,Md.K.,Das,S.K.,Nashiry,Md.A.,2012.CryptanalyzingofmessagedigestalgorithmsMD4andMD5.Int.J.Cryptogr.Inf.

Secur.(IJCIS)2(1).

Johnson,D.,Menezes,A.,Vanstone,S.,2001.Theellipticcurvedigitalsignaturealgorithm(ECDSA).Int.J.Inf.Secur.1(1),36–63.

Kodali,R.,Sarma,N.,2013.EnergyefficientECCencryptionusingECDH.In:EmergingResearchinElectronics,ComputerScienceandTechnology,

LectureNotesinElectricalEngineering,vol.248.Springer,pp.471–478.

Kumar,N.,2012.ASecureCommunicationWirelessSensorNetworksThroughHybrid(AES+ECC)Algorithm,vol.386.vonLAPLAMBERT

AcademicPublishing.

Lasla,N.,Derhab,A.,Ouadjaout,A.,Bagaa,M.,Challal,Y.,2014.SMART:securemlti-pathsroutingforwirelesssensornetworks.In:Ad-hoc,

Mobile,andWirelessNetworks,LectureNotesinComputerScience,vol.8487,pp.332–345.

Lenstra,A.,2001.UnbelievablesecuritymatchingAESsecurityusingpublickeysystems.Adv.Cryptol.ASIACRYPT2248,67–86.

MaryAnita,E.A.,Geetha,R.,Kannan,E.,2015.Anovelhybridkeymanagementschemeforestablishingsecurecommunicationinwirelesssensor

networks.Wirel.Pers.Commun.,http://dx.doi.org/10.1007/s11277-015-2290-9.

Ren,W.,Miao,Z.,2010.AhybridencryptionalgorithmbasedonDESandRSAinbluetoothcommunication.In:Proceedingsofthe2ndInternational

ConferenceonModeling,SimulationandVisualizationMethods,China,pp.221–225.

Singh,G.,Supriya,2013.Astudyofencryptionalgorithms(RSA,DES,3DESandAES)forinformationsecurity.Int.J.Comput.Appl.67(19),

33–38.

(18)

Sun,H.,etal.,2007.DualRSAanditssecurityanalysis.IEEETrans.Inf.Theory,2922–2933.

Tillich,S.,Großschädl,J.,2005.AcceleratingAESusinginstructionsetextensionsforEllipticCurvecryptography.In:ComputationalScienceand

ItsApplications–ICCSA,vol.3481.,pp.665–675.

Yu, N.,Zhang,L., Ren,Y., 2013.AnovelD–S basedsecurelocalizationalgorithm forwirelesssensornetworks.Secur.Commun.Netw.,

http://dx.doi.org/10.1002/sec.909.

Zhu,S.,2011.Researchofhybridcipheralgorithmapplicationtohydraulicinformationtransmission.In:ProceedingsofInternationalConference