Abstract-This paper deals with the energy efficient issue of cryptographic mechanisms used for secure communication between devices in wireless sensor networks. Since these devices are mainly targeted for low power consumption appliances, there is an effort for optimization of any aspects needed for regular sensor operation. On a basis of utilization of hardware cryptographic accelerators integrated in microcontrollers, this article provides the comparison between software and hardware solutions. Proposed work examines the problems and solutions for implementation of security algorithms for WSN devices. Because the speed of hardware accelerator should be much higher than the software implementation, there are examination tests of energy consumption and validation of performance of this feature. Main contribution of the article is real testbed evaluation of the time latency and energy requirements needed for securing the communication. In addition, global evaluation for all important network communication parameters like throughput, delay and delivery ratio are also provided.
I. INTRODUCTION
W IRELESS sensor networks (WSNs) are networks of specific character and usability with a wide scope of applications. WSN has taken important place at information systems in last years, they are characteristic for their properties such as ultra-low energy consumption, low price and scalability.
Nowadays, the very popular standard for these networks is IEEE 802.15.4. It defines the PHY (PHYsical layer) and MAC (Medium Access Control) layer, but it does not define any specifications for upper layers, which depend on the used application. Based on the application and power resources, most networks based on the 802.15.4 standard have restrictive power consumption requirements. Because of this requirement, the hardware implements microprocessors with low computational power. Every included task has to take resources for as short as possible. This can be done with optimal software implementation when for additional processed function or task as a few processor cycles as possible are used. This can be Manuscript done by the programmer or even by the native compiler. Another angle of view involves hardware optimization by means of parallel processing of independent tasks. Including hardware blocks optimized for precise task has advantage in short computational latency. These HW blocks also need power for their functionality.
In these days, the security of embedded and communication systems in general is a popular topic. The data security in automation systems requires high efficient approach with respect to the equilibrium of the implementation price and needed resources. Security features in WSN are restricted by the resources of the low computational performance. Because of that the lightweight security features using the hardware or software solutions were implemented.
This magnifies a question what method of optimization is more efficient when the energy consumption and computational resources are taken into account.
There is also proposed and evaluated the basic system for measuring the performance properties of implemented cryptographic solutions. At the end of work the testbed evaluation of energy efficiency and time needed for secure communication is included.
Section III describes a few basic security approaches in global. There is also a part which discusses the HW/SW solution differences and their pros and cons. Section IV describes the testbed and hardware configuration used for evaluation. Question of the final efficiency will be experimentally acquired and explained at the end of the work.
II. RELATED WORK
Some of related works [1] were devoted to the secure communication used in RFID systems and their performance.
There is also work with very similar thematic as the one proposed in our article. The [2] where authors compare the RC2, BLowfish, XTEA and AES computational performance and energy efficiency in personal digital assistants (PDA). They found out that RC2 encrypt faster and uses less energy than XTEA.
The [3] is devoted to the cryptanalytic attack on the XTEA with reduced round version, they considered that from the cryptanalysis point of view, the XTEA and TEA have close security level.
Our article extends research on the low computational power microprocessor widely used in wireless sensor networks.
III. CRYPTOGRAPHIC FEATURES In this section, approaches to the cryptographic features by means of practical implementation in real wireless sensor network will be described. Hardware and software alternatives, their brief description, pros and cons are also included.
A. AES -hardware block
The AES (Advanced Encryption Standard) hardware block implemented in AVR microprocessor ATmega128RFA1 [4] described later in section IV, is mainly characterized by its hardware accelerated encryption and decryption capabilities. It is compatible with AES-128 standard, using 128 bit key and data block size. AES also known as Rijndael is a block cipher and is based on a substitution/permutation network with fixed data block and also fixed encryption key size (128, 192 and 256 bits).
It supports two operation modes, the ECB (Electronic Code Book) and the CBC (Cipher Block Chaining). The main advantage of this block is the stand-alone operation ability, which is independent on other blocks. Encryption and decryption can be performed parallelly to other tasks. It uses the 16 MHz crystal clock provided by the transceiver. According to datasheet [4] the pure encryption/decryption interval of 16 data bytes without latency caused by writing values to the registers is 24 μs long. This event is signalized by the interruption.
B. XTEA -software solution
XTEA (eXtended Tiny Encryption Algorithm) is a symmetric key cryptography algorithm. It is extension to the old variant called TEA (invented by David Wheeler and Roger Needham), because it suffered from attack proposed in [5] . According to the [3] , XTEA is fast block cipher of Feistel type algorithm.
It does not use predefined tables and S-boxes and also it does not need much initialization time. It works with 8 bytes data blocks and uses 16 bytes (128 bits) key. The main advantage of XTEA algorithm is its simplicity and efficiency with compact code size as can be seen from listing 1. This listing is obtained from open source code called ATMEL Lightweigt MESH software stack [6] which is described later in subsection IV-B.
Listing 1: XTEA algorithm -program code [6] static void xtea(uint32_t text [2] , uint32_t const key 
C. Software vs. Hardware AES acceleration and security issues
As can be seen from the previous section, the software and hardware solutions are already implemented and used in practical application. The purpose of this work is to check the differences of these solutions by means of energy demands.
There is an option for HW block implementing AES cipher, but it has to be powered from limited source, which can mean some significance. Even the AES is theoretically stronger than XTEA, the integrated AES block can be security issue in some cases. For example, when microprocessor uses external radio chip, the security key has to be sent to it via SPI (Serial Peripheral Interface) in a plain text form (attacker who has access to the device can have SPI analyzer). In this case the software XTEA can offer better protection.
The hardware heterogeneity of network devices can create problem, because every device may not integrate such AES hardware. It means that XTEA is better solution in this kind of situation. This is basically the vendors' problem, because wireless sensor networks are mainly one purpose networks (do simple tasks and do it properly), so this has to be considered in design stage of development.
Big security issue is that the whole network uses same encryption key, some kind of safe key distribution method has to be included and also protection from reply attacks (for example sending alarm messages, old measurements and states) has to be implemented at application layer. From previous, it is not clear which solution is more efficient for use in WSN.
IV. HARDWARE AND SOFTWARE DESCRIPTION
For testing the cryptographic performance by means of energy efficiency, the Atmel AVR microprocessor with hardware AES accelerator will be used. Software stack is Lightweight MESH which also originates from Atmel Corporation. All energy consumption measurements are done by AGILENT DSO-X 2002 oscilloscope. Next subsections describe in more detail all of these components and also describe methodology of all measurements.
A. Hardware device -deRFnode
Main component of this development board shown in Fig. 1 is the microprocessor Atmel ATmega128RFA1 which has all parts, like radio chip and AES HW block integrated, so there is no need for additional SPI communication with external interfaces. It is compliant with IEEE 802.15.4-std and communicates in ISM 2,4 GHz band. The power consumption of used microchip in active mode is according to the [7] approximately 18 mA and in sleep mode it is less than 2 μA.
B. Atmel Lightweight Mesh
This software stack [6] as its name indicates, is very small stack with proprietary network MESH functionality. It is relatively easy to use and portable, designed for various applications like home and industry automation, metering and remote control. It works with IEEE 802.15.4 compliant Fig. 1 : Photography of deRFnode transceivers [8] . This network stack is used because it is fully open source, it has already implemented XTEA and AES HW accelerated ciphering, and the most important fact is that, it offers the choice for selection of used cryptographic method.
V. METRICS AND METHODOLOGY USED FOR

MEASUREMENT
In this subsection, the impact of encryption method and algorithms by means of energy efficiency of used power resources is proposed. The methodology and metrics used for final estimation is explained. For measuring all of these metrics, the Lightweight MESH network stack was slightly modified for signaling the ciphering event. Modification consisted of toggling of one microprocessors pin-out.
A. Energy consumption
For measuring the energy consumption, the oscilloscope was used for measuring the voltage drop U R across serial attached resistor. A resistor is placed in series with hard power supply of U supp = +5 Volts. The resistance was chosen R = 10Ω precisely. The reference multimeter was also attached for control purposes. This measurement is indicated by equation (1) .
The energy consumption E was finally computed using equation (2), where T is time needed for encryption of payload data and P encryption is power consumption.
B. Latency
One of the main metric in selection of suitable ciphering algorithm is its latency, respectively throughput. Of course, the memory demands at low power embedded devices are also important requirement. Latency/throughput is measured at network layer for variable packet size 1 ÷ MAX P ayload SECURED bytes. The parameter MAX P ayload SECURED is given by maximum frame size (127 B), header (16 B), CRC part of frame (2 B) and MIC size (4 B) .
Throughput values were computed by dividing the number of bytes encrypted by the time interval (measured at oscilloscope) required for ciphering. In testbed evaluation shown in Fig. 2 , the drop down voltage was measured across the serial attached resistor as was described earlier in section V-A.
The original source code of the Lighweight MESH code was slightly modified for measuring the encryption/decryption time intervals. Also the simple application for sending frames with variable payload size was developed for this purpose, but it is not further described in article. Every time the encryption process begins/ends, the output pin of the microprocessor at the connector attached on the deRFnode board was put in the HIGH/LOW level. Using this approach the oscilloscope with triggered capability was used and encryption time intervals were measured manually with precision of microseconds. For every encryption time interval measurement of software XTEA and hardware accelerated AES, the true root mean square voltage bounded by the HIGH/LOW level of the switched pin with the oscilloscope was measured. All measurements and calculated values are in detail shown in Fig. 3, 4 and 5.
In Fig. 3 the throughput of the pure encryption process is shown. This throughput was calculated by number of encrypted bytes divided by the whole time interval needed for encryption. As can be seen, every time, the peeks for every 16 Bytes of data occur. It is caused by padding of data blocks The following Fig. 4 shows power consumption when encryption is in process. There are only little changes during the whole measurement. Table I contains only selected sample measurements of the whole set of payload lengths. This table and oscilloscope printscreens in Fig. 6 show how the encryption process and related throughput/energy consumption depend on the payload length.
The beginning, respectively the end of encryption process is signalized with the output pin (put in HIGH/LOW level) connected to the oscilloscope second channel (green line) in Fig. 6 . The Fig. 6a shows sample encryption process measurement of the 31B payload with the XTEA algorithm. The influence of the other payload sizes is seen in the duration of XTEA encryption process. On the other hand, using the hardware AES block has significant improvement in the encryption process. The Fig. 6b -Fig. 6h show the physical utilization of this block.
As can be seen from the graphs in Fig. 3 and Fig. 5 there are special cases in which it is useful to send more data. This achievement can be used for example when optimization in network systems is such a big concern. Since we are living in information age, the security and authenticity of provided information is very important issue. This importance grows with needs for sensing and actuation in home and industry environments.
Proposed testbed evaluation was mainly conducted for estimation of the properties and possibilities for optimization of communication in wireless sensor network system using the Lightweight MESH stack from Atmel. In this work, the optimization by means of security features and its impact on the performance and energy consumption was investigated.
From the previous graphs it is obvious that payload length directly influences the performance of encryption process. Low computational power device that is destined for wireless sensor networks was used for testbed. These networks have parameters really limited by the strict requirements for energy consumption. Notable difference in energy consumption of SW and HW implementation is also seen. This testbed evaluation was mainly conducted for investigating the possibilities of encryption power on the low cost microcontroller.
We can say that after considering measured and computed characteristics that were proposed in this work, the HW acceleration has significant impact on the microprocessor performance. HW accelerator is stand-alone module that works in parallel with base microprocessor, which also brings efficiency to the computation.
Energy consumption was used as general rule for evaluation of the optimal approach to the securing the network communication.
Future work will be aimed on the implementation and testing the performance of the other cryptographic methods (in Lighweight MESH stack), especially software implementation of AES-128 because of needed interoperability between various types of hardware devices that can be used in the network system.
