by Patrizia Sailer (Forschung Burgenland GmbH), Christoph Schmittner (AIT) and Markus Tauber (Fachhochschule Burgenland GmbH)
Making cyber-physical systems “smart” by managing the trade-off between security and resource usage is of utmost importance for building sustainable industrial systems. For example, addressing cyber security issues in such systems often require strong encryption. This may result in increased power consumption on devices that often depend on limited energy supply. In this work, we present an initial investigation into the usage of electrical power under different degrees of security in such situations to understand and quantify the level of reduction of power usage due to varying degrees of security.
The fourth industrial revolution is based on cyber-physical systems (CPS), where multiple components are interconnected over the Internet of Things (IoT). These components can communicate with each other as well as measure and change their physical environment. Such applications often require a high level of reliable and secure data acquisition, but often have limited energy resources. Thus, enabling policy-based adaptation to manage the trade-off between e.g. security, reliability and resource usage will help developing smart CPS. Supporting technologies may include self-*, deep-learning, or neural networks. In many applications it is crucial to maximise the lifetime of the components. Carrara et al. [1] have implemented an IoT-based management program to collect temperature and humidity data. Tauber et al. [2] have investigated energy efficiency and performance in a wireless-local area network (WLAN) to identify upper and lower bounds of energy efficiency due to different data flow characteristics. None of these have considered the impact of different security settings on power consumption, which is what we have addressed in this paper. This will help to understand the magnitude of power saving due to different levels of security by e.g. smart-/self-adaptation of the application.
In order to investigate the electrical power consumption under varying levels of security by different components of a CPS, we conducted measurements with a typical application, based on service-oriented architecture (SOA). The measurement setup consists of three Raspberry Pi v3 with Rasbian [L1] as the operating system. The setup emulates a network in which data is collected with a sensor and is sent via WLAN from client to server. The first Raspberry is equipped with a GrovePi+ [L2], which enables collecting data via a “DHT22 temperature and humidity sensor” [L3]. These data are saved in a list and sent to an HTTP server via a WLAN access point (AP). The second is the AP configured with HostAPD [L4], while the last one acts as the server. Each Raspberry Pi has its own Voltcraft Sem 6000 power plug (PP), which is responsible for measuring the power consumption. An “expect script” [L5] was used to gather the data from these plugs. To send the data from the client to the server, we implemented a “Spring Boot Rest Template” as a service that sends the collected data using a POST request. On the server we tracked the network communication via Wireshark and configured the following encryption suites (ES) to indicate the different power consumption:
- ES1: TLS_ECDHE_RSA_WITH_AES_128 _CBC_SHA (Weak)
- ES2: TLS_ECDHE_RSA_WITH_AES_256 _CBC_SHA384 (Strong CBC)
- ES3: TLS_ECDHE_RSA_WITH_AES_256 _GCM_SHA384 (Strong GCM)
In our application we used TLS v1.2 as network protocol and ECDHE_RSA as key exchange algorithm, which is defined by a fixed ECDH key exchange signed with an RSA certificate [L6]. To illustrate the relationship between power consumption and encryption suites (ES), we used different key lengths for block encryption and a message authentication algorithm. In the weaker cipher suite (ES1), we used the Block Cipher Advanced Encryption Standard (AES) with independent block and key lengths of 128 bits, as opposed to the strong ones (ES2, ES3) with key lengths of 256 bits. Furthermore, the encryption options Cipher Block Chaining (CBC) and Galois/Counter Mode (GCM) vary in performance differences due to algorithm and security [3]. As algorithm for message authentication, we chose the Secure Hash Algorithm (SHA) with the different key lengths of 128 versus 384 bits.
With each encryption suite, we performed 21 test runs, each 25 minutes duration, with the collected data being sent from the client to the server every three seconds. To avoid latency or background jobs from the compiler, we performed a warm-up simulating a normal test run.
Figure 1: Architecture measurement setup. Three raspberries with power plugs (PP), which send data collected with DHT22 sensor from client via WLAN connected through access point to server. The power plugs measure the power consumption in milliwatts.
Figure 2: Consumption of electrical power in milliwatts at the client. This study, conducted as part of the EFRE project MiT4.0, shows that the choice of data protection measures via various cipher suites has a significant impact on power consumption: the stronger the level of security, the higher the power consumption. The issue of security needs to be further investigated and discussed in the IoT area, taking electrical power savings into account. Understanding the cooperation between these areas will make it possible to save more electrical power.
| KEY LENGTH AES | KEY LENGTH SHA | ENCRYPTION OPTION | |
| WEAK (ES1) | 256 bits | 384 bits | CBC |
| STRONG CBC (ES2) | 256 bits | 384 bits | CBC |
| STRONG GCM (ES3) |
256 bits | 384 bits | GCM |
Table 1: Overview differences used cipher suites.
As shown in Figure 2, the results of the test runs show, that the stronger the cipher suite is, the more power is consumed by the client. The reason for that is that the client is responsible for generating the keys to communicate with the server via the selected encryption suite.
This study, conducted as part of the EFRE project MIT 4.0 (FE02), shows that the choice of data protection measures via various cipher suites has a significant impact on power consumption: the stronger the level of security, the higher the power consumption. Thus, it supports our initial idea that a significant power usage reduction can be achieved by reducing the strength of the cypher suite – if the situation allows for it. In future work we plan to extend those profiling activities as a basis for understanding the upper and lower bounds of power usage for smart CPS which will be able to manage the trade-off between security, reliability and resource usage.
Links:
[L1] https://kwz.me/hEL
[L2] https://kwz.me/hEl
[L3] https://kwz.me/hEp
[L4] https://kwz.me/hEg
[L5] https://kwz.me/hEr
[L6] https://kwz.me/hEY
References:
[1] M. Carrara, et al.: “An innovative system for vineyard management in Sicily”, Journal of Agricultural Engineering, 41(1), pp. 13-18, 2010.
[2] M. Tauber, S. N. Bhatti, Y. Yu: “Application Level Energy and Performance Measurements in a Wireless LAN”, IEEE/ACM GREENCOM 2011.
[3] Y. Hore, et al.: “Bitstream Encryption and Authentication using AES-GCM in Dynamically Reconfigurable Systems”, Advances in Information and Computer Security, pp 261-278, 2008, ISBN: 978-3-540-89597-8.
Please contact:
Patrizia Sailer
Forschung Burgenland GmbH, AT
