Enhancement of ZigBee and Wi-Fi security by a

robust and fast chaotic algorithm

Bassem Bakhache

LASTRE: Laboratoire des Systèmes électroniques,

Télécommunication et Réseaux

Centre Azm pour la recherche en Biotechnologie et ses

applications, EDST, Lebanese University

bbakhache@ul.edu.lb

Joseph Ghazal

Université Saint Esprit- Kaslik

Faculty of Engineering

Jouniyeh, Lebanon

Joseph.m.ghazal@net.usek.edu.lb

Safwan El Assad

Ecole polytechnique de l’Université de Nantes

Nantes, France

Safwan.elassad@univ-nantes.fr

Abstract— The security protocols used in ZigBee and Wi-Fi

networks rely on stream cipher algorithms, like RC4 (Used in WEP

and WPA) or AES-CTR (in WPA2), to encrypt data before

transmission. RC4 is a fast algorithm, but represents some major

flaws. AES is a very robust algorithm, but it is time consuming. For

some industrial and medical applications, these algorithms don’t

respect the real-time and robustness requirements at the same time.

Therefore, new fast stream ciphers where proposed in the eStream

project, but also these ciphers has shown some weaknesses. On the

other hand, chaotic functions properties have encouraged their use

in crypto-systems for data security. In this paper, a new chaotic

encryption algorithm is presented, to be used for data encryption in

some industrial and medical applications where robustness and real

time are both essential. It is composed from two perturbed PWLCM

chaotic maps. Then, to quantify the security level and rapidity of

our proposed algorithm, we compare it to the eStream finalist

candidates and to the AES-CTR algorithm.

Keywords component — Encryption, chaos cryptosystem,

security, NIST, eStream.

I. INTRODUCTION

In a wireless network, radio signal frequency or

electromagnetic waves, are used for the exchange of data

between different computers, machines and sensors, through a

wireless device such as a wireless router or access point. If the

network has not a minimum level of security, an adversary

could easily modify or even inject messages. Therefore, and to

assure the confidentiality of the exchanged data, encryption

must be applied before transmission. The most commonly used

wireless networks are the Wi-Fi and ZigBee. The Wi-Fi, or

IEEE 802.11, was designed for local area networks such as

houses, companies, or factories. The first security protocol for

IEEE 802.11 was the WEP (Wired Equivalent Privacy). It is

very simple to implement [1] and uses the stream cipher RC4

for confidentiality. It is a shared key stream cipher algorithm.

So its role is simply to produce pseudo-random stream of bits

which are combined with the plaintext using XOR operation

for encryption. Unfortunately, WEP was cracked after a small

period of its design, and since it has shown weaknesses

regarding ensuring data privacy [1]. The WPA (Wi-Fi

Protected Access) protocol was defined to take the place of

WEP, until the preparation of the security standard 802.11i is

finished. The WPA is also based on RC4, but with a dynamic

key change and packet encryption, and it was conceived to be

implemented in the existing equipment. Also, flaws were

discovered in this protocol, and it was cracked. The final

security protocol WPA2 was designed to satisfy the

requirements of the IEEE 802.11i standard. It introduces the

AES (Advanced Encryption Standard), one of the best secure,

robust and reliable algorithms. AES encrypts 128 bits blocks

of data (Block Cipher), using multiple substitution and

permutation operations [4]; but using it in counter mode, the

AES-CTR is somehow transformed into a stream cipher,

because the counter is encrypted then applied to data before

transmission. But unfortunately, the AES is very complex, and

has a high time and high consumption rate. Therefore, a

simplified version of AES, the S-AES was introduced in order

to minimize its time consumption but it has shown some

degradation in terms of robustness. ZigBee network, based on

the IEEE 802.15.4 standard, is a low-cost and low-power

wireless mesh networking [2]. To secure its transmitted data,

ZigBee networks uses the AES encryption algorithm with

counter mode CTR. Therefore, basing on the two algorithms:

RC4 (for Wi-Fi), and AES-CTR (for Wi-Fi and ZigBee), the

security in those networks is achieved. Unfortunately, RC4

presents vulnerabilities, then it does not offer a reasonable

level of security; the AES-CTR is highly secure but it has a

complex algorithm, so it requires a high memory capacity and

it is time consuming. Thus, these two algorithms do not meet

some: real-time and security requirements at the same time, for

some industrial and medical applications. Recently, chaos has

gain interests in various fields of scientific research. In fact,

important features of chaotic signals, such as: pseudo-

randomness, ergodicity, constant power and sensitivity to

initial conditions and parameters of the system, encourage

their use in crypto-systems for data security. In this article we

propose a new fast and robust chaotic encryption algorithm for

industrial and medical Wi-Fi or ZigBee networks, where real-

300978-1-4577-0460-4/11/$26.00 ©2011 IEEE

time and high level of security is desired. This algorithm is

used to generate pseudo-random stream of bits, used to encrypt

data before transmission (Stream cipher).Also, we will test our

proposed generator against the final four candidates of the

European project E-Stream (HC128, Salsa20, Rabbit,

Sosemanuk), as long as AES, AES in counter mode and the

simplified version of AES.

II. CHAOS

In this part, we will have a general overview on chaos and its relation to cryptography. Also we will discuss the digital chaotic system problems and how to solve them. Furthermore, we will go into the PWLCM chaotic map and its properties, as long as the perturbation method applied to this map.

A. Chaos and cryptography

Chaos functions have been mainly used to develop

mathematical models for non-linear systems. Sequences

produced by these functions [5], are very random and

complex. The sensitivity to initial conditions is a characteristic

of any chaotic system. So this characteristic in addition to

some other interesting properties, such as pseudo-randomness,

ergodicity, wide spectrum and good correlation may be related

to the confusion and diffusion properties in cryptography [7].

Therefore, chaotic systems can be used for data encryption and

security. Moreover, chaotic values are often generated with

simple iterations, which make chaos suitable for designing

stream ciphers. Therefore, cryptosystem can provide a secure

and fast method for data encryption, which is essential for data

transmission in some industrial and medical applications.

Generally speaking, chaotic stream ciphers use chaotic

systems to generate pseudorandom stream of bits to encrypt

the plaintext using XOR operation. Many different chaotic

systems have been used [5,6] to produce such keystream.

PWLCM (Piece Wise Linear Chaotic Map) is one of the

simplest chaotic systems, since only some

multiplications/divisions, additions/comparisons are needed

for each digital chaotic iteration. Moreover, the PWLCM is

widely used because it has the following properties [16]:

A uniform and invariant density

An exponentially decayed correlation function

A simple hardware and software realization and

implementation

A PWLCM is a map composed of multiple linear segments [7] and it is given by:

(1)

Where the control parameters p є (0, 0.5) and x (i) є (0, 1).

B. Dynamical degradation and LFSR perturbation

Digital chaotic generators have been proposed such as the

traditional continuous chaotic maps. But they are discretized in

a 2N finite space, and many researchers have found that those

discretized chaotic maps, will have low statistical properties

and will suffer from dynamical degradation. So, the

quantization errors introduced into iterations will lead to finite

precision pseudo orbits, entirely different from the theoretical

ones, after a short number of iterations. Additionally, since

digital chaotic iterations are constrained in a discrete space

with 2N elements, every chaotic orbit will eventually be

periodic and will finally go to a cycle with a limited length not

greater than 2N [9]. Apparently, this will degrade the

ergodicity of the continuous systems. One of the remedies

used to improve the dynamical signal properties, and to

expand the cycle length, is applying a perturbation to the

chaotic system. A perturbation algorithm can successfully

improve the dynamical degradation of digital chaotic maps, to

fulfill the requirements of digital chaotic ciphers. Indeed, the

cycle length is expanded in order to reach good statistical

properties.

In our scheme, we have applied an LFSR (Linear Feedback

Shift Register) based perturbation technique. For a precision

N, each x value of the map can be described:

(2)

The basis of perturbing , is to break any stable cycles, i.e. the

PWLCM output once entered a periodic cycle, can leave it due

to a perturbance, and thus it will escaped the cycle loop.

The proposed candidate for perturbing the PWLCM signal

generator is the maximal length LFSR [9]. The perturbation

sequence, for every n clock cycle, can be generated as follows:

(3)

Where g0 g1…gk-1 are the tap coefficients of the primitive polynomial generator, and Q0 Q1…Qk-1 are the initial values of the register of which at least one is not null. The perturbance begins with n = 0 and it occurs every V iterations (V: Positive integer), with n=L×V, L=1, 2… The perturbed sequence is given by the following equation:

(4)

And we note that F [xi (n)] represents the ith bit of F[x (n)].

The perturbance is applied on the last k bits of F[x (n)]. When

n ≠ l×V there is no perturbation, and then x(n) =F[x(n-1)].

This type of perturbation will increase the cycle length, and

also will improve the dynamical properties of PWLCM, which

will greatly improve the chaotic system encryption robustness.

( ) [ ( 1)]

1( 1) 0 ( 1)

1[ ( 1) ] ( 1) 0.5

0.5

[1 ( 1)] 0.5 ( 1) 1

x n F x n

x n if x n pp

x n p if p x np

F x n if x n

1 2( ) 0. ( ) ( )... ( ).... ( ) ( ) {0,1}

1,2,...

i N ix n x n x n x n x n x n

i N

1 0 0 1 1 1 1( ) ( ) ( ) ( ) ... ( )

0,1,...

k k k kQ n Q n g Q n g Q n g Q n

n

[ ( 1)] 1( )

[ ( 1)] ( ) 1

ii

i N i

F x n i N kx n

F x n Q n N k i N

301

III. ESTREAM PROJECT FINAL SOFTWARE

CANDIDATES

The purpose of the E-stream project organized by the

European ECRYPT network was to identify new stream

ciphers. The final four software stream ciphers [10] are the

following: HC 128, Salsa 20, Rabbit and Sosemanuk.

HC 128 offers good performance in software applications

where we wish to encrypt large streams of data [10].

However, since HC-128 is table-driven there is a cost in

the time to initialize the cipher. Thus, for applications that

might want to re-initialize often, there can be a significant

performance penalty that some might prefer to avoid [13].

Rabbit is one of the oldest stream ciphers [14]. In the

absence of cryptanalytic results against the cipher this is

clearly a positive sign. On the other hand, Daniel

Bernestein, in his paper, has proved that it has been

cracked using brute force attack and this method present

some weaknesses for some chosen initial keys [11].

Salsa20 offers a simple, clean, and scalable design [10].

The version of Salsa20 has twelve rounds, Salsa20/12

and it offers the best balance [15], combining a very nice

performance profile with what appears to be a

comfortable margin for security. But, some cryptanalyst

have found non-randomness in its 4th

and 5th

rounds.

Sosemanuk, all the available information on this

algorithm suggests that the cipher offers a very

considerable margin for security [10]. The weakness of

Sosemanuk was presented by the A–E–K attack and they

stated that this algorithm can offer maximum a 128 bit

security level [11].

So, as we can realize, all the eSTREAM ciphers

mentioned above, even though are fast, but each one has its

own weaknesses [12]. Therefore, we will present our fast and

robust chaotic stream cipher.

VI. PROPOSED CHAOTIC METHOD AND

EXPERIMENTAL RESULTS

In this paragraph, we present our proposed chaotic

generator, and the different experimental results are conducted

under Matlab and NIST statistical suite.

A. Our Proposed generator

In our scheme, we will use several perturbed chaotic maps

in order to enhance the security, since mixing multiple chaotic

systems makes cryptanalysis much more difficult and also it

will extend the orbit of the cycle length [3, 9]. Some practical

and theoretical analyses made shows that a couple of chaotic

systems can provide good security against information leaking

from ciphertext [8]. Moreover, parallel computation in

hardware makes the practical implementations of digital chaos

ciphers very fast. The proposed chaotic generator is the

combination of two perturbed PWLCM by a XOR operation

The block diagram of our proposed chaotic system is given by

Figure 1.

Fig.1- Our Proposed chaotic generator

It produces a new chaotic stream with higher randomicity and

looks more like stochastic noise. The random bits generated R

are combined with the plaintext M using XOR operation. So

the encrypted data will be given by C=M R. with

R=R1 R2, where Ri is the generated sequence by the

PWLCMi; i=1 or 2.

Having the initial conditions (The Keys), the receiver can

generate the same random sequences R1 and R2, and decrypts

the received data since XOR is a symmetric operation, by

computing: M=C R1 R2= (M R1 R2) R1 R2.

We must also note that our generator key is composed of:

Initial values x1(0) and x2(0) of the two PWLCM

maps

Parameters p1 and p2

The degree L of the two LFSR used for perturbing

So, if N is the precision (floating-point number) that

corresponds to the station’s word length, our proposed

encryption method has 22(2N-1) +2L

different combinations of the

secret key. For N = 32 and L = 17: the key space is 2160

which

satisfies the general requirement of resisting brute force attack

more than any of the e-stream finalist generators. Also our

method is robust against the differential and linear

cryptanalysis. Furthermore, in chaos based generators, the

sensibility of initial condition is a very important criterion

because a modification by 10-20

of the initial value, will lead

after some iteration completely different iterative numbers

from each other. Finally, as chaotic sequences have good

randomicity, the statistical characterization of encrypted data

is diffuse; so it is robust against statistical cryptanalysis. Thus,

we present a fast and robust algorithm, which can replace RC4

and AES-CTR in Wi-Fi and ZigBee networks in some

industrial and medical applications. In order to compare our

method with the eStream final candidates, the simplified AES

and the AES in CTR mode, we will compute different test

parameters and then we will test the generated sequences using

NIST statistical test suite.

302

B. Different test parameters

All tests are done on Lena color image (size: MxN=256x256).

1) Correlation Coefficients

To test the correlation between horizontal, vertical or

diagonal adjacent pixels of original image and the encrypted

image we calculate the correlation coefficients. It is the

measure of linear relationship between two variables. If two

variables are closely related with stronger association, the

correlation coefficient is close to the value 1. On the other

hand, if the coefficient is close to 0, two variables are not

related and cannot predict each other. The coefficient r can be

calculated using the following formulas:

(5)

where x and y are two adjacent(horizontal, vertical and diagonal) pixels of the image, cov(x,y) is the covariance between x and y, and D(x) is the standard deviation between x and its mean value. The results of the different correlation coefficients are given in Table 1. We can indicate that our proposed generator has got the best results.

Table I. Correlation Coefficients

2) UACI and NPCR

Two criteria NPCR and UACI are used to test the change

between the plain and the encrypted image. Number of Pixels

Change Rate (NPCR) denotes the percentage of different pixel

numbers between the original and the encrypted image.

Unified Average Changing Intensity (UACI) denotes the

average intensity of differences between the original and the

encrypted image. Consider C1 the original image and C2 the

encrypted one; the gray-scale values of the pixels at position (i,

j) are then C1 (i, j) and C2 (i, j). An array D is defined with the

same size as C1 and C2, where D(i,j) is determined by the

following equation :

(6)

NPCR and UACI are defined through the equations (7) and (8)

respectively:

(7)

(8)

Results for these parameters are given in Table 2.

Table II. NPCR and UACI for all tested algorithms

We can note that the values of NPCR and UACI, in all

methods, verify that there is no resemblance between the plain

and the encrypted image. We must note that the optimal values

of: NPCR is 99.61 and UACI is 33.46 [7].

3) NIST statistical test suite

To show the randomness of the produced sequences we

confront them to the NIST (National Institute of Standards and

technology) statistical tests [17]. To verify our results, we use

the above test suite to test the randomness of 100 sequences of

200,000 bits. In Table 3 we show the results of the percentage

of sequences that succeed the test. We must note that all

methods succeed these tests.

4) Results and Simulations

The image is converted to a binary stream which is

combined with pseudo-random binary sequence generated by

the proposed chaotic generator; The obtained result is shown

in Fig. 2, where (a) is the original image and (b) is its

encrypted image. By comparing these two images, there is no

visual information or relation observed. In Fig. 3 we can see

the repartition of the colors in the original image (a) and the

Table III. NIST statistical test results

Tests

(Results in %)

S-

AES

AES-

CTR

HC

128

Salsa

20 Rabbit

Sosem

-anuk

The

proposed

Generator

Block Frequency 94 97 100 100 99 100 99

Frequency 92 95 99 99 98 99 99

Runs 89 89 97 98 99 98 99 Rank 93 96 100 95 100 100 100

DFT 100 99 100 89 100 100 100

Longest Run of

ones 89 97 100 100 99 100 100

Non

Overlapping 80 86 91 92 93 92 91

Overlapping 84 88 100 80 100 100 100

Linear

Complexity 98 94 99 99 99 100 99

Serial 95 92 96 97 97 94 98

Entropy 99 99 99 88 98 99 99

Cumulative Sum 84 96 99 100 99 100 98

Random

Excrusion 93 99 99 98 100 100 100

Lempel-Ziv

Complexity 88 93 100 85 99 100 100

S-AES

AES-

CTR HC128 Salsa 20

Soseman-

uk Rabbit

The

proposed

Generator

Horiz.

Corr. 0.06101 0.0023 0.00834 0.0006 0.00976 0.00109 0.0004

Vert.

Corr. 0.04887 0.0140 0.05122 0.05902 0.05231 0.04095 0.00668

Diag.

Corr. 0.05398 0.0175 0.05193 0.04249 0.04915 0.04841 0.00609

S-AES AES-

CTR HC128 Salsa 20

Sose-

manuk Rabbit

The

proposed

Generator

UACI 32.686 32.952 32.678 32.888 33.080 32.755 32.595

NPCR 99.6521 99.618 99.639 99.657 99.654 99.657 99.627

303

encrypted one (b). The Fig. 4 shows the pixels repartition of

the plain image (a) and the encrypted one (b). Furthermore, to

test the encryption time, we have encrypted the considered

image using the simplified AES, AES-CTR and our proposed

generator. All tests are done under an i7 1.6 GHz Processor –

obtained results are shown in table 4.

For example, to transmit a 20 Bytes packet of data, the

encryption time in our method is about 2.02 ms. So, the real

time criterion is respected [18] because we doesn’t exceed the

maximum accepted time encryption threshold for the majority

of the industrial applications. Eventhough we are paying some

price regarding encryption time, comparing to estream finalist

candidates, but we are gaining in terms of robustness. Also, in

e-health programs, patients are observed instantaneously,

when connected to a body sensor networks (BSN) support

center, in order to provide a pervasive, valuable and fully

reliable assistance when risk abnormalities occur. Therefore,

real-time transmission is essential. For example, a heart ECG

(Electro cardiogram), is transmitted in blocks of 16 bits with a

sampling rate of 500Hz; in other words, 16 bits must be

transmitted in 2 ms [19]. Furthermore, our method can encrypt

blocks of 16 bits in 0.3 ms; hence we respect the real time

requirements of these BSN networks.

Table IV. Encryption/Decryption time

V. CONCLUSION

We have proposed a new encryption method for Wi-Fi and

ZigBee networks. It relies on a new chaotic generator formed

by the combination of two perturbed PWLCM map. The

proposed generator has the role of a stream cipher that

produces pseudo-random stream of bits and having the shape

of stochastic noise. To encrypt data before transmission, this

sequence is combined with the plaintext using XOR operation.

The proposed generator has very good properties and passes

all NIST statistical tests. Therefore, this scheme assures the

security and robustness of AES-CTR and it has a high

encryption speed. Additionally, it is easily realized and

implemented; it has a very large key range and needs a low

memory capacity. So, it meets the requirements of some

industrial control and medical applications, and it can replace

the encryption methods used in Wi-Fi and ZigBee networks.

REFERENCES

[1] Géron, A.: WIFI, Déploiement et sécurité. Dunod, Paris (2006)

[2] Sastry.: Security considerations for IEEE 802.15. networks. In: ACM

Workshop on Wireless Security WiSe, pp. 32-42. PA, Philadelphia (2004) [3] S.Tao, “Perturbance based algorithm to expand cycle length of chaotic key

stream,” IEEE, Electronics Letters, vol. 34, no. 9, pp.873-874 (1998) [4] Stinson, D.: Cryptographie-Théorie et pratique. Vuilbert, Paris (2003)

[5] Zhou, H.: A design methodology of chaotic stream ciphers and the

realization problems in finite precision. Fudan University, Shanghai, China (1996)

[6] Parker, T.S., Chua, L.O.: Practical Numerical Algorithms for Chaotic

Systems. Springer, Verlag (1989) [7] S. Li.: Analyses and New Designs of Digital Chaotic Ciphers. PhD thesis,

Xi'an Jiaotong University (2003)

[8] Heidari-Bateni, G., McGillem, C. D.: A chaotic direct-sequence spread-spectrum communication system. In: IEEE Trans. Communications, Vol.

8, No 4, pp. 647--659 (1998).

[9] S. Li, X. Mou, and Y Cai, Z. Ji, J. Zhang, “On the security of a chaotic encryption scheme: problems with computerized chaos in finite

computing precision,” Computer physics communications, vol. 153, no.1

, (2003)

[10] S. Babbage, C. De Canniere, A. Canteaut, C.Cid, H.Gilbert, T. Johansson,

M. Parker, B. Preneel, V. Rijmen and M. Robshaw, “The eStream

Portfolio”, IST-2002-507932 ECRYPT. (2008) [11] D. J. Bernstein, “Which eSTREAM ciphers have been broken?”

Department of Mathematics, Statistics, and Computer Science (M/C

249), The University of Illinois at Chicago (2008) [12] S. Fischer, W. Meier,C. Berbain, J. Biasse, and M.J.B. Robshaw, “Non-

randomness in eSTREAM Candidates Salsa20 and TSC-4” , 92794 Issy

les Moulineaux –France- (2008) [13] H.Wu, Stream Cipher HC-128, eSTREAM report 2005/011 (2005).

[14] J. Aumasson, On a bias of Rabbit, eSTREAM report 2006/058 (2006).

[15] P. Crowley, Truncated differential cryptanalysis of five rounds of Salsa20, eSTREAM report 2005/073 (2005).

[16] G. Chen, X. Mou and S. Li, "On the Dynamical Degradation of Digital

Piecewise Linear Choatic Maps," International Journal of Bifurcation

and Chaos in August, Vol. 15, no 10, pp. 3119-3151, (2005).

[17] J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. levrnson, M.

Vangel, D.Banks, A. Heckert, J. Dray and S. Rukhin, "A Statistical Test Suite For Random and Pseudo-random Number Generators For

Cryptographic Applications," NIST Special Publication 800-22, 2001.

[18] Jianping Song, Song Han, Aloysius K. Mok, Deji Chen, Mike Lucas and Mark Nixon, “Wireless HART: Applying Wireless Technology in Real

Time Industrial Process Control”, The University of Texas at

Austin,(2007) [19] Oscar Gama, Paulo Carvalho, J. A. Afonso, P. M. Mendes, , “Wireless

Sensor Networks with QoS for eHealth and e-Emergency Applications”,

University of Minho, Braga, Portugal.(2007)

Fig.2 (a)Original Image (b)Encrypted Image

Fig.4(a) Pixels repartition (b) Pixels repartition of

of the original image the encrypted image

Fig.3(a) Histogram of orig. img. (b)Histogram of the encrypted img.

S-AES AES-

CTR

The proposed

Generator

“Lena” Encryp/Decryp

(s)

85 s 233 s 20 s

Encryp/Decryp of 1 Byte

(ms)

0.43 1.18 0.101

304