Upload
safwan
View
212
Download
0
Embed Size (px)
Citation preview
Enhancement of ZigBee and Wi-Fi security by a
robust and fast chaotic algorithm
Bassem Bakhache
LASTRE: Laboratoire des Systèmes électroniques,
Télécommunication et Réseaux
Centre Azm pour la recherche en Biotechnologie et ses
applications, EDST, Lebanese University
Joseph Ghazal
Université Saint Esprit- Kaslik
Faculty of Engineering
Jouniyeh, Lebanon
Safwan El Assad
Ecole polytechnique de l’Université de Nantes
Nantes, France
Abstract— The security protocols used in ZigBee and Wi-Fi
networks rely on stream cipher algorithms, like RC4 (Used in WEP
and WPA) or AES-CTR (in WPA2), to encrypt data before
transmission. RC4 is a fast algorithm, but represents some major
flaws. AES is a very robust algorithm, but it is time consuming. For
some industrial and medical applications, these algorithms don’t
respect the real-time and robustness requirements at the same time.
Therefore, new fast stream ciphers where proposed in the eStream
project, but also these ciphers has shown some weaknesses. On the
other hand, chaotic functions properties have encouraged their use
in crypto-systems for data security. In this paper, a new chaotic
encryption algorithm is presented, to be used for data encryption in
some industrial and medical applications where robustness and real
time are both essential. It is composed from two perturbed PWLCM
chaotic maps. Then, to quantify the security level and rapidity of
our proposed algorithm, we compare it to the eStream finalist
candidates and to the AES-CTR algorithm.
Keywords component — Encryption, chaos cryptosystem,
security, NIST, eStream.
I. INTRODUCTION
In a wireless network, radio signal frequency or
electromagnetic waves, are used for the exchange of data
between different computers, machines and sensors, through a
wireless device such as a wireless router or access point. If the
network has not a minimum level of security, an adversary
could easily modify or even inject messages. Therefore, and to
assure the confidentiality of the exchanged data, encryption
must be applied before transmission. The most commonly used
wireless networks are the Wi-Fi and ZigBee. The Wi-Fi, or
IEEE 802.11, was designed for local area networks such as
houses, companies, or factories. The first security protocol for
IEEE 802.11 was the WEP (Wired Equivalent Privacy). It is
very simple to implement [1] and uses the stream cipher RC4
for confidentiality. It is a shared key stream cipher algorithm.
So its role is simply to produce pseudo-random stream of bits
which are combined with the plaintext using XOR operation
for encryption. Unfortunately, WEP was cracked after a small
period of its design, and since it has shown weaknesses
regarding ensuring data privacy [1]. The WPA (Wi-Fi
Protected Access) protocol was defined to take the place of
WEP, until the preparation of the security standard 802.11i is
finished. The WPA is also based on RC4, but with a dynamic
key change and packet encryption, and it was conceived to be
implemented in the existing equipment. Also, flaws were
discovered in this protocol, and it was cracked. The final
security protocol WPA2 was designed to satisfy the
requirements of the IEEE 802.11i standard. It introduces the
AES (Advanced Encryption Standard), one of the best secure,
robust and reliable algorithms. AES encrypts 128 bits blocks
of data (Block Cipher), using multiple substitution and
permutation operations [4]; but using it in counter mode, the
AES-CTR is somehow transformed into a stream cipher,
because the counter is encrypted then applied to data before
transmission. But unfortunately, the AES is very complex, and
has a high time and high consumption rate. Therefore, a
simplified version of AES, the S-AES was introduced in order
to minimize its time consumption but it has shown some
degradation in terms of robustness. ZigBee network, based on
the IEEE 802.15.4 standard, is a low-cost and low-power
wireless mesh networking [2]. To secure its transmitted data,
ZigBee networks uses the AES encryption algorithm with
counter mode CTR. Therefore, basing on the two algorithms:
RC4 (for Wi-Fi), and AES-CTR (for Wi-Fi and ZigBee), the
security in those networks is achieved. Unfortunately, RC4
presents vulnerabilities, then it does not offer a reasonable
level of security; the AES-CTR is highly secure but it has a
complex algorithm, so it requires a high memory capacity and
it is time consuming. Thus, these two algorithms do not meet
some: real-time and security requirements at the same time, for
some industrial and medical applications. Recently, chaos has
gain interests in various fields of scientific research. In fact,
important features of chaotic signals, such as: pseudo-
randomness, ergodicity, constant power and sensitivity to
initial conditions and parameters of the system, encourage
their use in crypto-systems for data security. In this article we
propose a new fast and robust chaotic encryption algorithm for
industrial and medical Wi-Fi or ZigBee networks, where real-
300978-1-4577-0460-4/11/$26.00 ©2011 IEEE
time and high level of security is desired. This algorithm is
used to generate pseudo-random stream of bits, used to encrypt
data before transmission (Stream cipher).Also, we will test our
proposed generator against the final four candidates of the
European project E-Stream (HC128, Salsa20, Rabbit,
Sosemanuk), as long as AES, AES in counter mode and the
simplified version of AES.
II. CHAOS
In this part, we will have a general overview on chaos and its relation to cryptography. Also we will discuss the digital chaotic system problems and how to solve them. Furthermore, we will go into the PWLCM chaotic map and its properties, as long as the perturbation method applied to this map.
A. Chaos and cryptography
Chaos functions have been mainly used to develop
mathematical models for non-linear systems. Sequences
produced by these functions [5], are very random and
complex. The sensitivity to initial conditions is a characteristic
of any chaotic system. So this characteristic in addition to
some other interesting properties, such as pseudo-randomness,
ergodicity, wide spectrum and good correlation may be related
to the confusion and diffusion properties in cryptography [7].
Therefore, chaotic systems can be used for data encryption and
security. Moreover, chaotic values are often generated with
simple iterations, which make chaos suitable for designing
stream ciphers. Therefore, cryptosystem can provide a secure
and fast method for data encryption, which is essential for data
transmission in some industrial and medical applications.
Generally speaking, chaotic stream ciphers use chaotic
systems to generate pseudorandom stream of bits to encrypt
the plaintext using XOR operation. Many different chaotic
systems have been used [5,6] to produce such keystream.
PWLCM (Piece Wise Linear Chaotic Map) is one of the
simplest chaotic systems, since only some
multiplications/divisions, additions/comparisons are needed
for each digital chaotic iteration. Moreover, the PWLCM is
widely used because it has the following properties [16]:
A uniform and invariant density
An exponentially decayed correlation function
A simple hardware and software realization and
implementation
A PWLCM is a map composed of multiple linear segments [7] and it is given by:
(1)
Where the control parameters p є (0, 0.5) and x (i) є (0, 1).
B. Dynamical degradation and LFSR perturbation
Digital chaotic generators have been proposed such as the
traditional continuous chaotic maps. But they are discretized in
a 2N finite space, and many researchers have found that those
discretized chaotic maps, will have low statistical properties
and will suffer from dynamical degradation. So, the
quantization errors introduced into iterations will lead to finite
precision pseudo orbits, entirely different from the theoretical
ones, after a short number of iterations. Additionally, since
digital chaotic iterations are constrained in a discrete space
with 2N elements, every chaotic orbit will eventually be
periodic and will finally go to a cycle with a limited length not
greater than 2N [9]. Apparently, this will degrade the
ergodicity of the continuous systems. One of the remedies
used to improve the dynamical signal properties, and to
expand the cycle length, is applying a perturbation to the
chaotic system. A perturbation algorithm can successfully
improve the dynamical degradation of digital chaotic maps, to
fulfill the requirements of digital chaotic ciphers. Indeed, the
cycle length is expanded in order to reach good statistical
properties.
In our scheme, we have applied an LFSR (Linear Feedback
Shift Register) based perturbation technique. For a precision
N, each x value of the map can be described:
(2)
The basis of perturbing , is to break any stable cycles, i.e. the
PWLCM output once entered a periodic cycle, can leave it due
to a perturbance, and thus it will escaped the cycle loop.
The proposed candidate for perturbing the PWLCM signal
generator is the maximal length LFSR [9]. The perturbation
sequence, for every n clock cycle, can be generated as follows:
(3)
Where g0 g1…gk-1 are the tap coefficients of the primitive polynomial generator, and Q0 Q1…Qk-1 are the initial values of the register of which at least one is not null. The perturbance begins with n = 0 and it occurs every V iterations (V: Positive integer), with n=L×V, L=1, 2… The perturbed sequence is given by the following equation:
(4)
And we note that F [xi (n)] represents the ith bit of F[x (n)].
The perturbance is applied on the last k bits of F[x (n)]. When
n ≠ l×V there is no perturbation, and then x(n) =F[x(n-1)].
This type of perturbation will increase the cycle length, and
also will improve the dynamical properties of PWLCM, which
will greatly improve the chaotic system encryption robustness.
( ) [ ( 1)]
1( 1) 0 ( 1)
1[ ( 1) ] ( 1) 0.5
0.5
[1 ( 1)] 0.5 ( 1) 1
x n F x n
x n if x n pp
x n p if p x np
F x n if x n
1 2( ) 0. ( ) ( )... ( ).... ( ) ( ) {0,1}
1,2,...
i N ix n x n x n x n x n x n
i N
1 0 0 1 1 1 1( ) ( ) ( ) ( ) ... ( )
0,1,...
k k k kQ n Q n g Q n g Q n g Q n
n
[ ( 1)] 1( )
[ ( 1)] ( ) 1
ii
i N i
F x n i N kx n
F x n Q n N k i N
301
III. ESTREAM PROJECT FINAL SOFTWARE
CANDIDATES
The purpose of the E-stream project organized by the
European ECRYPT network was to identify new stream
ciphers. The final four software stream ciphers [10] are the
following: HC 128, Salsa 20, Rabbit and Sosemanuk.
HC 128 offers good performance in software applications
where we wish to encrypt large streams of data [10].
However, since HC-128 is table-driven there is a cost in
the time to initialize the cipher. Thus, for applications that
might want to re-initialize often, there can be a significant
performance penalty that some might prefer to avoid [13].
Rabbit is one of the oldest stream ciphers [14]. In the
absence of cryptanalytic results against the cipher this is
clearly a positive sign. On the other hand, Daniel
Bernestein, in his paper, has proved that it has been
cracked using brute force attack and this method present
some weaknesses for some chosen initial keys [11].
Salsa20 offers a simple, clean, and scalable design [10].
The version of Salsa20 has twelve rounds, Salsa20/12
and it offers the best balance [15], combining a very nice
performance profile with what appears to be a
comfortable margin for security. But, some cryptanalyst
have found non-randomness in its 4th
and 5th
rounds.
Sosemanuk, all the available information on this
algorithm suggests that the cipher offers a very
considerable margin for security [10]. The weakness of
Sosemanuk was presented by the A–E–K attack and they
stated that this algorithm can offer maximum a 128 bit
security level [11].
So, as we can realize, all the eSTREAM ciphers
mentioned above, even though are fast, but each one has its
own weaknesses [12]. Therefore, we will present our fast and
robust chaotic stream cipher.
VI. PROPOSED CHAOTIC METHOD AND
EXPERIMENTAL RESULTS
In this paragraph, we present our proposed chaotic
generator, and the different experimental results are conducted
under Matlab and NIST statistical suite.
A. Our Proposed generator
In our scheme, we will use several perturbed chaotic maps
in order to enhance the security, since mixing multiple chaotic
systems makes cryptanalysis much more difficult and also it
will extend the orbit of the cycle length [3, 9]. Some practical
and theoretical analyses made shows that a couple of chaotic
systems can provide good security against information leaking
from ciphertext [8]. Moreover, parallel computation in
hardware makes the practical implementations of digital chaos
ciphers very fast. The proposed chaotic generator is the
combination of two perturbed PWLCM by a XOR operation
The block diagram of our proposed chaotic system is given by
Figure 1.
Fig.1- Our Proposed chaotic generator
It produces a new chaotic stream with higher randomicity and
looks more like stochastic noise. The random bits generated R
are combined with the plaintext M using XOR operation. So
the encrypted data will be given by C=M R. with
R=R1 R2, where Ri is the generated sequence by the
PWLCMi; i=1 or 2.
Having the initial conditions (The Keys), the receiver can
generate the same random sequences R1 and R2, and decrypts
the received data since XOR is a symmetric operation, by
computing: M=C R1 R2= (M R1 R2) R1 R2.
We must also note that our generator key is composed of:
Initial values x1(0) and x2(0) of the two PWLCM
maps
Parameters p1 and p2
The degree L of the two LFSR used for perturbing
So, if N is the precision (floating-point number) that
corresponds to the station’s word length, our proposed
encryption method has 22(2N-1) +2L
different combinations of the
secret key. For N = 32 and L = 17: the key space is 2160
which
satisfies the general requirement of resisting brute force attack
more than any of the e-stream finalist generators. Also our
method is robust against the differential and linear
cryptanalysis. Furthermore, in chaos based generators, the
sensibility of initial condition is a very important criterion
because a modification by 10-20
of the initial value, will lead
after some iteration completely different iterative numbers
from each other. Finally, as chaotic sequences have good
randomicity, the statistical characterization of encrypted data
is diffuse; so it is robust against statistical cryptanalysis. Thus,
we present a fast and robust algorithm, which can replace RC4
and AES-CTR in Wi-Fi and ZigBee networks in some
industrial and medical applications. In order to compare our
method with the eStream final candidates, the simplified AES
and the AES in CTR mode, we will compute different test
parameters and then we will test the generated sequences using
NIST statistical test suite.
302
B. Different test parameters
All tests are done on Lena color image (size: MxN=256x256).
1) Correlation Coefficients
To test the correlation between horizontal, vertical or
diagonal adjacent pixels of original image and the encrypted
image we calculate the correlation coefficients. It is the
measure of linear relationship between two variables. If two
variables are closely related with stronger association, the
correlation coefficient is close to the value 1. On the other
hand, if the coefficient is close to 0, two variables are not
related and cannot predict each other. The coefficient r can be
calculated using the following formulas:
(5)
where x and y are two adjacent(horizontal, vertical and diagonal) pixels of the image, cov(x,y) is the covariance between x and y, and D(x) is the standard deviation between x and its mean value. The results of the different correlation coefficients are given in Table 1. We can indicate that our proposed generator has got the best results.
Table I. Correlation Coefficients
2) UACI and NPCR
Two criteria NPCR and UACI are used to test the change
between the plain and the encrypted image. Number of Pixels
Change Rate (NPCR) denotes the percentage of different pixel
numbers between the original and the encrypted image.
Unified Average Changing Intensity (UACI) denotes the
average intensity of differences between the original and the
encrypted image. Consider C1 the original image and C2 the
encrypted one; the gray-scale values of the pixels at position (i,
j) are then C1 (i, j) and C2 (i, j). An array D is defined with the
same size as C1 and C2, where D(i,j) is determined by the
following equation :
(6)
NPCR and UACI are defined through the equations (7) and (8)
respectively:
(7)
(8)
Results for these parameters are given in Table 2.
Table II. NPCR and UACI for all tested algorithms
We can note that the values of NPCR and UACI, in all
methods, verify that there is no resemblance between the plain
and the encrypted image. We must note that the optimal values
of: NPCR is 99.61 and UACI is 33.46 [7].
3) NIST statistical test suite
To show the randomness of the produced sequences we
confront them to the NIST (National Institute of Standards and
technology) statistical tests [17]. To verify our results, we use
the above test suite to test the randomness of 100 sequences of
200,000 bits. In Table 3 we show the results of the percentage
of sequences that succeed the test. We must note that all
methods succeed these tests.
4) Results and Simulations
The image is converted to a binary stream which is
combined with pseudo-random binary sequence generated by
the proposed chaotic generator; The obtained result is shown
in Fig. 2, where (a) is the original image and (b) is its
encrypted image. By comparing these two images, there is no
visual information or relation observed. In Fig. 3 we can see
the repartition of the colors in the original image (a) and the
Table III. NIST statistical test results
Tests
(Results in %)
S-
AES
AES-
CTR
HC
128
Salsa
20 Rabbit
Sosem
-anuk
The
proposed
Generator
Block Frequency 94 97 100 100 99 100 99
Frequency 92 95 99 99 98 99 99
Runs 89 89 97 98 99 98 99 Rank 93 96 100 95 100 100 100
DFT 100 99 100 89 100 100 100
Longest Run of
ones 89 97 100 100 99 100 100
Non
Overlapping 80 86 91 92 93 92 91
Overlapping 84 88 100 80 100 100 100
Linear
Complexity 98 94 99 99 99 100 99
Serial 95 92 96 97 97 94 98
Entropy 99 99 99 88 98 99 99
Cumulative Sum 84 96 99 100 99 100 98
Random
Excrusion 93 99 99 98 100 100 100
Lempel-Ziv
Complexity 88 93 100 85 99 100 100
S-AES
AES-
CTR HC128 Salsa 20
Soseman-
uk Rabbit
The
proposed
Generator
Horiz.
Corr. 0.06101 0.0023 0.00834 0.0006 0.00976 0.00109 0.0004
Vert.
Corr. 0.04887 0.0140 0.05122 0.05902 0.05231 0.04095 0.00668
Diag.
Corr. 0.05398 0.0175 0.05193 0.04249 0.04915 0.04841 0.00609
S-AES AES-
CTR HC128 Salsa 20
Sose-
manuk Rabbit
The
proposed
Generator
UACI 32.686 32.952 32.678 32.888 33.080 32.755 32.595
NPCR 99.6521 99.618 99.639 99.657 99.654 99.657 99.627
303
encrypted one (b). The Fig. 4 shows the pixels repartition of
the plain image (a) and the encrypted one (b). Furthermore, to
test the encryption time, we have encrypted the considered
image using the simplified AES, AES-CTR and our proposed
generator. All tests are done under an i7 1.6 GHz Processor –
obtained results are shown in table 4.
For example, to transmit a 20 Bytes packet of data, the
encryption time in our method is about 2.02 ms. So, the real
time criterion is respected [18] because we doesn’t exceed the
maximum accepted time encryption threshold for the majority
of the industrial applications. Eventhough we are paying some
price regarding encryption time, comparing to estream finalist
candidates, but we are gaining in terms of robustness. Also, in
e-health programs, patients are observed instantaneously,
when connected to a body sensor networks (BSN) support
center, in order to provide a pervasive, valuable and fully
reliable assistance when risk abnormalities occur. Therefore,
real-time transmission is essential. For example, a heart ECG
(Electro cardiogram), is transmitted in blocks of 16 bits with a
sampling rate of 500Hz; in other words, 16 bits must be
transmitted in 2 ms [19]. Furthermore, our method can encrypt
blocks of 16 bits in 0.3 ms; hence we respect the real time
requirements of these BSN networks.
Table IV. Encryption/Decryption time
V. CONCLUSION
We have proposed a new encryption method for Wi-Fi and
ZigBee networks. It relies on a new chaotic generator formed
by the combination of two perturbed PWLCM map. The
proposed generator has the role of a stream cipher that
produces pseudo-random stream of bits and having the shape
of stochastic noise. To encrypt data before transmission, this
sequence is combined with the plaintext using XOR operation.
The proposed generator has very good properties and passes
all NIST statistical tests. Therefore, this scheme assures the
security and robustness of AES-CTR and it has a high
encryption speed. Additionally, it is easily realized and
implemented; it has a very large key range and needs a low
memory capacity. So, it meets the requirements of some
industrial control and medical applications, and it can replace
the encryption methods used in Wi-Fi and ZigBee networks.
REFERENCES
[1] Géron, A.: WIFI, Déploiement et sécurité. Dunod, Paris (2006)
[2] Sastry.: Security considerations for IEEE 802.15. networks. In: ACM
Workshop on Wireless Security WiSe, pp. 32-42. PA, Philadelphia (2004) [3] S.Tao, “Perturbance based algorithm to expand cycle length of chaotic key
stream,” IEEE, Electronics Letters, vol. 34, no. 9, pp.873-874 (1998) [4] Stinson, D.: Cryptographie-Théorie et pratique. Vuilbert, Paris (2003)
[5] Zhou, H.: A design methodology of chaotic stream ciphers and the
realization problems in finite precision. Fudan University, Shanghai, China (1996)
[6] Parker, T.S., Chua, L.O.: Practical Numerical Algorithms for Chaotic
Systems. Springer, Verlag (1989) [7] S. Li.: Analyses and New Designs of Digital Chaotic Ciphers. PhD thesis,
Xi'an Jiaotong University (2003)
[8] Heidari-Bateni, G., McGillem, C. D.: A chaotic direct-sequence spread-spectrum communication system. In: IEEE Trans. Communications, Vol.
8, No 4, pp. 647--659 (1998).
[9] S. Li, X. Mou, and Y Cai, Z. Ji, J. Zhang, “On the security of a chaotic encryption scheme: problems with computerized chaos in finite
computing precision,” Computer physics communications, vol. 153, no.1
, (2003)
[10] S. Babbage, C. De Canniere, A. Canteaut, C.Cid, H.Gilbert, T. Johansson,
M. Parker, B. Preneel, V. Rijmen and M. Robshaw, “The eStream
Portfolio”, IST-2002-507932 ECRYPT. (2008) [11] D. J. Bernstein, “Which eSTREAM ciphers have been broken?”
Department of Mathematics, Statistics, and Computer Science (M/C
249), The University of Illinois at Chicago (2008) [12] S. Fischer, W. Meier,C. Berbain, J. Biasse, and M.J.B. Robshaw, “Non-
randomness in eSTREAM Candidates Salsa20 and TSC-4” , 92794 Issy
les Moulineaux –France- (2008) [13] H.Wu, Stream Cipher HC-128, eSTREAM report 2005/011 (2005).
[14] J. Aumasson, On a bias of Rabbit, eSTREAM report 2006/058 (2006).
[15] P. Crowley, Truncated differential cryptanalysis of five rounds of Salsa20, eSTREAM report 2005/073 (2005).
[16] G. Chen, X. Mou and S. Li, "On the Dynamical Degradation of Digital
Piecewise Linear Choatic Maps," International Journal of Bifurcation
and Chaos in August, Vol. 15, no 10, pp. 3119-3151, (2005).
[17] J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. levrnson, M.
Vangel, D.Banks, A. Heckert, J. Dray and S. Rukhin, "A Statistical Test Suite For Random and Pseudo-random Number Generators For
Cryptographic Applications," NIST Special Publication 800-22, 2001.
[18] Jianping Song, Song Han, Aloysius K. Mok, Deji Chen, Mike Lucas and Mark Nixon, “Wireless HART: Applying Wireless Technology in Real
Time Industrial Process Control”, The University of Texas at
Austin,(2007) [19] Oscar Gama, Paulo Carvalho, J. A. Afonso, P. M. Mendes, , “Wireless
Sensor Networks with QoS for eHealth and e-Emergency Applications”,
University of Minho, Braga, Portugal.(2007)
Fig.2 (a)Original Image (b)Encrypted Image
Fig.4(a) Pixels repartition (b) Pixels repartition of
of the original image the encrypted image
Fig.3(a) Histogram of orig. img. (b)Histogram of the encrypted img.
S-AES AES-
CTR
The proposed
Generator
“Lena” Encryp/Decryp
(s)
85 s 233 s 20 s
Encryp/Decryp of 1 Byte
(ms)
0.43 1.18 0.101
304