Performance measurement of encryption algorithms and ... - IEEE Xplore

Performance Measurement of Encryption Algorithms and Their Effect on Real Running in PLC Networks Michal Halas, Ivan Bestak, Milos Orgon, and Adrian Kovac

TABLE I SELECTED ENCRYPTION ALGORITHMS FROM CRYPTO++ LIBRARY

Abstract—This article and its outputs reveal the need of search for the most suitable encryption algorithm used in PLC devices, the procedure for simulating performance of encryption algorithm and practical measurement of throughput in the PLC networks.

Cipher Rijndael AES Serpent Twofish Cast6 (256) Gost Xtea Blowfish Cast5 (128) 3DES

Keywords—Power line, encryption, decryption, performance simulation, encryption algorithms, throughput.

I. INTRODUCTION N essential part of the secure transmission of information are the encryption algorithms and their use. A wide range of encryption algorithms and their scalability enables selection of an algorithm most suitable for certain area of deployment. Choosing the wrong algorithm may lead to an insufficient safety of the transmission routes and also to a delayed data transmission. Encryption algorithms can be specified on the basis of several properties, which include e.g. resistance to known attacks, the length of the input block, encryption key length and its scaling, power and age of the encryption algorithm [1]. As we will see from the results of the performance simulation of cryptographic algorithms, as well as the real measurement of throughput and effects on communication, the time required for encryption and decryption is also one of the parameters which significantly influence the selection of a suitable encryption algorithm.

A

II. SIMULATION OF ENCRYPTION ALGORITHMS PERFORMANCE For the measure of the time required for encryption/decryption and subsequent determination of the speed of encryption algorithms and their comparison we decided to use the selected algorithms listed in Table I of Crypto++ library. These algorithms are frequently used and

Manuscript received February 21, 2012. This work is a part of research activities conducted at Slovak University of Technology Bratislava, Faculty of Electrical Engineering and Information Technology, Institute of Telecommunications, within the scope of the projects VEGA No. 1/0186/12 „Modeling of Multimedia Traffic Parameters in IMS Networks“ and „Support of Center of Excellence for SMART Technologies, Systems and Services II., ITMS 26240120029, co-funded by the ERDF“. Authors are with the Slovak University of Technology, Faculty of Electrical Engineering and Information Technology, Ilkovičova 3 Bratislava SK-812 19 Slovak Republic (e-mails: [email protected], [email protected], [email protected], [email protected]).

978-1-4673-1118-2/12/$31.00 ©2012 IEEE

Block length [bit] 128 128 128 128 64 64 64 64 64

Key length [bit] 256 256 256 256 256 128 128 128 168

TABLE II CONFIGURATION USED FOR TESTING Type: Motherboard: Processor: Memory: Graphics card: Graphics card: Operating system: Software used:

Notebook Toshiba Satellite A200 Intel PM965 (Crestline-PM) + ICH8M Intel Core 2 Duo T7100 (1800 MHz) 2048 MB DDR2-SDRAM ATI Mobility RADEON HD 2600 256 MB DDR2 SDRAM 128-bit Windows Vista Home Premium 32-bit Microsoft Visual C++ 2008

implemented in existing systems and networks. Rijndael AES and 3DES [2] are also included in these algorithms, since they are most commonly used in PLC devices. An important role in assessing the performance of the encryption algorithm plays also the hardware and software used in computer simulation. In our simulations regular notebook was purposely used to measure the results achieved by conventional hardware and software.

A. Cryptographic algorithm performance test The actual encryption algorithm performance test was implemented according to [3] and implemented in Microsoft Visual C + +. The simulation consisted of measuring the time required for encryption, plus the time needed for decryption, since both operations need to be conducted on the transmission path. The size of the input data ranged from 2n+4 with a value of n = 0,1,2,3, ..., 23, which represents values from 16 B to 128 MB. To increase the accuracy of the measurement operation of encryption and decryption was performed several times, depending on the size of the input data. The number of measurement is doubled, if not achieved the minimum measurement time, which we experimentally set to 0.5 seconds. The initial number of repetitions depends on the value of 64 KB. This means that if the size of the input

161

TSP 2012

data is 16 B number of repetition is 4096. On the other hand the minimum number of repetition of encryption and decryption process was set to 4, because approximately from the value of 8192 B we can observe a linear increase in time required. Therefore high accuracy is no longer needed as it was for small values of the input data, where process of initialization or "warming up" of encryption algorithms is noticeable. The repetition of the entire cycle of measurement was performed 16 times for each encryption algorithm. Flow chart, according to which measurement of time needed for encryption/decryption based on the size of the input data was done, is shown in Fig. 1. for the each encryption algorithm.

These results can be seen graphically illustrated in the figure below, where the impact of encryption and decryption on data transfer is clearly seen. Figure 2 shows the dependency between speed of encryption algorithms and the size of the input data, which range from 16 B to 8192 B to strengthen the importance of the initial phase of the encryption and decryption. This phase is called initialization or "warming up" of the encryption algorithm and it is caused by planning of encryption keys tables, preliminary calculations, the overhead of libraries and memory allocation. We also see that the Rijndael encryption algorithm gets to its maximum speed of encryption of about 10 MB/s already at 8192 B, which, can be seen in Fig. 3. From this size is the speed approximately constant. Blowfish, although having a very bad initialization phase (which lasts until about the value of 10MB), managed to reach second place in our test with speed of about 8 MB/s. Currently very often implemented encryption algorithm 3DES is the slowest algorithm in our test. Compared with the algorithm Rijndael, 3DES algorithm has only about 20% of its performance. The maximum speed achieved, as seen in Fig.3, is just above 2 MB/s. This performance is not sufficient for currently used systems.

Fig. 2. Dependency of encryption/decryption speed (MB/s) on input data size (16-8192B)

Fig. 1. Performance simulation flow chart

Fig. 3. Dependency of encryption/decryption speed (MB/s) on input data size (16-134217728B)

162

Fig. 4. Transmission measurement in the PLC network

Simulation of encryption algorithms usage effects during the data transfer refers to a tendency to transfer restriction, while from the results of our simulation it is clearly seen, that the decision on using an encryption algorithm should be supported by a real need to secure transferred data.

A total of 100 GB of data was transferred for each scenario and the resulting throughput was calculated as an average of one thousand throughput values. We assume that this number is sufficient to eliminate the effects of electric network disturbances during the measurement, since individual scenarios were not measured simultaneously. From these results average throughput (1) for each scenario was calculated. Based on this value we can define to what extend the protection of communication affects the real operation in PLC networks. To determine the effects of disturbance on individual measurements we have calculated standard deviation (3) as a second important parameter. Standard deviation was calculated from the corrected sample variance (2) since the number of measurement is relatively small. As the last parameter expressing the gross characteristics of variability of individual measurements and throughput variation for individual measurements, we calculated the selection range (4). Selection range was calculated as the difference between maximum and minimum throughput. ଵ

š ൌ ୬ ∑୬୧ୀଵ š୧

III. REAL OPERATION TRANSMISSION MEASUREMENT We decided to compare the results of our simulation with actual measurements in PLC network created by devices from Corinex company [5]. This device uses 3DES and AES encryption algorithms to secure communication. These two algorithms showed the biggest differences in simulation. AES should, according to our simulation, limit the communication a lot less than 3DES algorithm. However, the communication in real PLC network is significantly affected by disturbances from the electric network, and therefore we can expect that the differences in results between these two algorithms will not be as significant as they were during the simulation. . Three scenarios were defined for the purpose of measuring the effects of encryption algorithm usage in PLC networks. In these scenarios we measured time required for the transfer of relevant data, from which throughput was subsequently calculated. The defined scenarios are:

•ଶ ൌ

ଵ ୬Ǧଵ

(1)

∑୬୧ୀଵሺš୧ Ǧšሻ

(2)

• ൌ √• ଶ

(3)

 ൌ ௠௔௫ െ ௠௜௡

(4)

Measured results for the first scenario (secured communication – 3DES 168 bit) is graphically illustrated on Fig. 5. along with other scenarios. The actual measurement where 100 GB of useful data was transferred took more than 5 hours and 59 minutes. Compared to other scenarios this is the longest time and thus the throughput during communication secured by 3DES encryption algorithm is the lowest.

 Transfer secured by 3DES algorithm 168bit  Transfer secured by AES algorithm 256bit  Transfer without usage of an encryption algorithm – unsecured communication

TABLE III COMPARISON OF MEASUREMENT RESULTS

The measuring work was carried out according to Fig. 4., which corresponds to secured communication scenarios. Ixia software IxChariot v.6.7.[5] was used for the measurement. This software was installed on PC1 and used to generate random traffic and measurement of time required for transmission and subsequent calculation of throughput.

A. Procedure for measuring in real operation For each scenario 10 measurements were carried out, each measurement consisted of 100 retransmission of 10 megabytes file that was transferred 10 times during a single repetition. For each repetition the time needed for transfer was measured and then calculated the value of throughput in MB/s for each repetition, so for each file transfer 10x10 MB.

163

3DES

AES

Without encryption

Average throughput [MB/s]

37,8473

38,7185

38,8244

Total measuring time

05:59:02

05:50:59

05:46:50

Corrected sample variance

29,1411

29,8574

16,495

Standard deviation

5,3416

5,61692

4,09964

Average selection range

6,5391

6,2267

4,0463

Reducing throughput the use of encryption

2,5167%

0,2727%

which were necessary for encryption and decryption of communication in 1st and 2nd scenario and their impact of throughput of usable data. As we can see in Table III, in 3rd scenario highest throughput was reached. According to results in Table III AES causes limitation on a level of 0,2727 % compared to non encrypted communication while 3DES, mainly because its age and complicated processes of encryption/decryption lowers the throughput by 2,5167 %. Last dependency shown in Fig. 6. shows the whole process of measurement of throughput which consisted of 1000 times repeated transfer of 10x10MB of useful data. As we can see the variance of measured data was largely affected by disturbances in electric network. Fig. 5. Dependency of throughput (MB/s) based on number of measurements (1-10)

IV. CONCLUSION Ensuring communication by encryption algorithms limits the speed of transferred data to a certain extend. Based on data measured in a real PLC network we can say than choosing a newer and modern encryption algorithm significantly increases networks throughput, and also safety of the communication. Differences between unsecured communication and communication secured by an encrypting algorithm AES in PLC network (with HD200 HomNet Power Plug devices) can be considered minimal during common transfers. Therefore securing of communication should be done even at the cost of partial limits in throughput. REFERENCES [1]

Fig. 6. Dependency of throughput based of number (1-1000) of [2]

transmission (10x10MB)

Based on our results for second scenario (AES secured communication) we can clearly see the difference in throughput in comparison to 3DES algorithm. This difference was significant even during the simulation, and also during the practical measurement. These differences are not so big in real communication but they still reach the value of 0,8712 MB/s. The standard deviation clearly shows the high variability of measured data. This means that the second scenario was mostly influenced by the disturbances. In the last scenario we transferred data in an open form of communication (without security encryption algorithm). By doing this we tried to point out the limitation of processes

[3]

[4]

[5] [6]

164

F. Piper, S. Murphy, Kryrptografia – Průvodce pro každého. Praha: Dokořán, 2009, ISBN 80-7363-074-5 D. Levický, Kryptografia v informačnej bezpečnosti. Košice : elfa, 2005, ISBN 80-8086-022-X. T. Bingmann, “Speedtest and Comparsion of Open-Source Cryptography Libraries and Compiler Flags.” [Online] 2008, Available: http://idlebox.net/2008/0714-cryptography-speedtest-comparison/ A. Tisovský, S. Kľúčik, “Method for Calculation the Packet-Size Dependent throughput of a Computationally Intensive IPsec Process.” In: Elektrorevue. - ISSN 1213-1539. - Roč. 15, 16.11.2010 (2010), art. no 98 Corinex HD200 HomeNet Power Plug. [online] 2010, Available: http://www.corinex.com/product/homenet-power-eu-plug F. Rezac, M. Voznak, K. Tomala, J. Rozhon, J. Vychodil, “Security Analysis System for Detection Security Threats on a SIP VoIP Infratructure Elements” in Journal Advances in Electrical and Electronic Engineering, vol. 9, no. 5, December 2011, pp. 225-232 ISSN: 1804-3119