Energy Efficient Wireless Encryption Chetan Nanjunda Mathur and K.P. Subbalakshmi Media Security, Networking and Communications (MSyNC) Lab, Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, New Jersey 07030. Email: {cnanjund,ksubbala}@stevens.edu Abstract— The current encryption standard for wireless net- works recommends using the AES cipher in the counter (CTR) mode for confidentiality and the cipher block chaining (CBC) mode for authentication. In the counter mode, a 128 bit counter is encrypted using the AES into 128 bit keystream which is then XORed with 128 bits of plaintext before transmission. This operation is repeated for the entire frame and results in heavy energy consumption for larger frames. In this paper, we propose a novel cipher called High Diffusion (HD) cipher that securely expands a given 128 bit counter value to a larger 288 bit keystream during encryption, thus reducing the number of encryptions per frame compared to the AES. We show that the HD cipher is as secure as the AES under differential, linear cryptanalysis and Square attack. Using an experimental set up consisting of a laptop with 1.8 GHz Pentium 4 processor and an Intrinsyc CerfCube with 233 MHz ARM processor we measure the energy consumption of both the AES and the HD cipher encryption operation. We observe that using HD cipher instead of AES for encryption will result in about 40% saving in energy consumption on both the laptop and the CerfCube. When HD cipher is used instead of AES in the CCMP, we observe that energy efficiency due to HD cipher is significant for larger frame lengths. I. I NTRODUCTION The current security mechanisms for the 802.11 wireless LAN standards are specified in the amendment IEEE 802.11i [3], also known as Wi-Fi Protected Access 2 (WPA2). The WPA2 makes use of the Advanced Encryption Standard (AES) [10] block cipher (based on Rijndael [8]); to provide both authentication and confidentiality in a single protocol called the Counter Mode with Cipher Block Chaining Message Au- thentication Code Protocol (CCMP). The 802.11i architecture [3] contains the following components: 802.1X for authen- tication (entailing the use of Encapsulated Authentication Protocol (EAP) and an authentication server), Robust Security Network (RSN) for keeping track of associations, and AES based CCMP to provide confidentiality, integrity and origin authentication. The reason for the switch from the RC4 based WEP [17] and TKIP [18] (the predecessors to WPA2) to the AES based CCMP was due to the superior security of the AES in comparison to the RC4. However, the drawback of AES- CCMP is that, it consumes more energy compared to its predecessor. This is because, the RC4 cipher used in WEP is a stream cipher; whereas, the AES used in CCMP is inherently a block cipher used in stream (counter or CTR) mode. Therefore, a full 10 round AES needs to be performed to encrypt every Fig. 1. Block Diagram of CCMP. 128 bits of MPDU. For larger frame sizes (or data payload in MPDU), this approach is energy inefficient. In this paper, we address this problem by using a novel cipher called High Diffusion (HD) cipher. The proposed HD cipher is similar in structure to AES with one important difference, in that, the HD cipher can securely encrypt k bit input data to n bit encrypted output data (where k<n). This secure expansion property when used in the CTR mode results in higher encryption throughput. For example, with the appropriate choice of parameters, one HD cipher encryption in the CTR mode can encrypt 288 bits of information as opposed to 128 bits using the AES. Although a single encryption of HD cipher is only slightly more computationally expensive compared to a single encryption of the AES, the HD cipher requires only half the number of encryptions to encrypt the entire MPDU. The rest of the paper is organized as follows, in Section II we briefly introduce the CCMP and describe some of its drawbacks. We then propose to improve the energy efficiency of CCMP using a novel HD cipher in Section III. In Section IV we analyze the security of HD cipher against most of the well known attacks. Experimental results comparing energy