# Implementing RSA for Wireless Sensor Nodes

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

**Main Contributions:**

- We use the subtractive Karatsuba-Ofman, Montgomery multiplication, CRT and operand scanning algorithms together for the first time in the literature, and implement RSA using these.
- Our RSA encryption and decryption implementations on the MSP430 microcontroller have the fastest timings in the literature.
- We show that faster RSA timings are feasible on WSN nodes and the RSA cryptosystem may be a preferable PKC option for WSNs.

## 2. Background

#### 2.1. The RSA Cryptosystem

#### 2.2. Chinese Remainder Theorem

#### 2.3. Sliding Window Method

Algorithm 1: 4-bit Sliding Window Method |

#### 2.4. Montgomery Multiplication

Algorithm 2: Montgomery Multiplication |

Input: $\overline{P}=P\times r\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}N$ and $\overline{Q}=Q\times r\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}N$ where $r={2}^{n}$ and $n=\lceil {log}_{2}N\rceil $Output: $\overline{R}=P\times Q\times r\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}N$$S\leftarrow \overline{P}\times \overline{Q}$ $W\leftarrow S\times {N}^{\prime}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}r$ where ${N}^{\prime}={N}^{-1}\phantom{\rule{3.33333pt}{0ex}}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}r$$T\leftarrow (S+W\times N)/r$ if $T\ge N$ then$\phantom{(}$$\phantom{(}$$|T=T-N$ end$\phantom{(}$ $R\leftarrow T$ Return $\left(\overline{R}\right)$ |

#### 2.5. Subtractive Karatsuba-Ofman

## 3. Our RSA Implementation on MSP430

#### 3.1. Exponentiation Using Sliding Window Method, CRT and Montgomery Multiplication

#### 3.2. Fully-Recursive Subtractive Karatsuba-Ofman for Multiplication and Squaring

#### 3.3. Multiplication and Squaring with Operand Scanning

## 4. Implementation Results

## 5. Conclusions

## Author Contributions

## Acknowledgments

## Conflicts of Interest

## References

- Akyildiz, I.; Su, W.; Sankarasubramaniam, Y.; Cayirci, E. Wireless sensor networks: A survey. Comput. Netw.
**2002**, 38, 393–422. [Google Scholar] [CrossRef] - Pottie, G.J.; Kaiser, W.J. Wireless integrated network sensors. Commun. ACM
**2000**, 43, 51–58. [Google Scholar] [CrossRef] - Chong, C.Y.; Kumar, S.P. Sensor networks: Evolution, opportunities, and challenges. Proc. IEEE
**2003**, 91, 1247–1256. [Google Scholar] [CrossRef] - Yick, J.; Mukherjee, B.; Ghosal, D. Wireless sensor network survey. Comput. Netw.
**2008**, 52, 2292–2330. [Google Scholar] [CrossRef] - Akyildiz, I.F.; Melodia, T.; Chowdhury, K.R. A survey on wireless multimedia sensor networks. Comput. Netw.
**2007**, 51, 921–960. [Google Scholar] [CrossRef] - Gungor, V.C.; Lu, B.; Hancke, G.P. Opportunities and challenges of wireless sensor networks in smart grid. IEEE Trans. Ind. Electron.
**2010**, 57, 3557–3564. [Google Scholar] [CrossRef] - Baronti, P.; Pillai, P.; Chook, V.W.; Chessa, S.; Gotta, A.; Hu, Y.F. Wireless sensor networks: A survey on the state of the art and the 802.15. 4 and ZigBee standards. Comput. Commun.
**2007**, 30, 1655–1695. [Google Scholar] [CrossRef] - Wang, Y.; Attebury, G.; Ramamurthy, B. A survey of security issues in wireless sensor networks. IEEE Commun. Surv. Tutorials
**2006**, 8, 2–23. [Google Scholar] [CrossRef] - Chen, X.; Makki, K.; Yen, K.; Pissinou, N. Sensor network security: A survey. IEEE Commun. Surv. Tutorials
**2009**, 11, 52–73. [Google Scholar] [CrossRef] - Roman, R.; Alcaraz, C.; Lopez, J. A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. Mob. Netw. Appl.
**2007**, 12, 231–244. [Google Scholar] [CrossRef] - Ozdemir, S.; Xiao, Y. Secure data aggregation in wireless sensor networks: A comprehensive overview. Comput. Netw.
**2009**, 53, 2022–2037. [Google Scholar] [CrossRef] - Li, M.; Lou, W.; Ren, K. Data security and privacy in wireless body area networks. IEEE Wirel. Commun.
**2010**, 17, 51–58. [Google Scholar] [CrossRef] - Perrig, A.; Szewczyk, R.; Tygar, J.D.; Wen, V.; Culler, D.E. SPINS: Security protocols for sensor networks. Wirel. Netw.
**2002**, 8, 521–534. [Google Scholar] [CrossRef] - Yu, Y.; Li, K.; Zhou, W.; Li, P. Trust mechanisms in wireless sensor networks: Attack analysis and countermeasures. J. Netw. Comput. Appl.
**2012**, 35, 867–880. [Google Scholar] [CrossRef] - He, D.; Kumar, N.; Chilamkurti, N. A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci.
**2015**, 321, 263–277. [Google Scholar] [CrossRef] - Ye, W.; Heidemann, J.; Estrin, D. An energy-efficient MAC protocol for wireless sensor networks. In Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, New York, NY, USA, 23–27 June 2002; pp. 1567–1576. [Google Scholar]
- Chandrakasan, A.; Amirtharajah, R.; Cho, S.; Goodman, J.; Konduri, G.; Kulik, J.; Rabiner, W.; Wang, A. Design considerations for distributed microsensor systems. In Proceedings of the IEEE 1999 Custom Integrated Circuits Conference (Cat. No.99CH36327), San Diego, CA, USA, 19 May 1999; pp. 279–286. [Google Scholar]
- Zhou, Y.; Fang, Y.; Zhang, Y. Securing wireless sensor networks: A survey. IEEE Commun. Surv. Tutorials
**2008**, 10, 6–28. [Google Scholar] [CrossRef] - Anastasi, G.; Conti, M.; Di Francesco, M.; Passarella, A. Energy conservation in wireless sensor networks: A survey. Ad Hoc Netw.
**2009**, 7, 537–568. [Google Scholar] [CrossRef] - Feng, D.; Jiang, C.; Lim, G.; Cimini, L.J.; Feng, G.; Li, G.Y. A survey of energy-efficient wireless communications. IEEE Commun. Surv. Tutorials
**2013**, 15, 167–178. [Google Scholar] [CrossRef] - Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory
**1976**, 22, 644–654. [Google Scholar] [CrossRef] - Ingemarsson, I.; Tang, D.; Wong, C. A conference key distribution system. IEEE Trans. Inf. Theory
**1982**, 28, 714–720. [Google Scholar] [CrossRef] - ElGamal, T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In Advances in Cryptology: Proceedings of CRYPTO 84; Blakley, G.R., Chaum, D., Eds.; Springer: Berlin/Heidelberg, Germany, 1985; pp. 10–18. [Google Scholar]
- MacKenzie, P.; Patel, S.; Swaminathan, R. Password-Authenticated Key Exchange Based on RSA. In Proceedings of the Advances in Cryptology—ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, 3–7 December 2000; Okamoto, T., Ed.; Springer: Berlin/Heidelberg, Germany, 2000; pp. 599–613. [Google Scholar]
- Rivest, R.L.; Shamir, A.; Adleman, L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM
**1978**, 21, 120–126. [Google Scholar] [CrossRef] - Liu, Z.; Seo, H.; Großschädl, J.; Kim, H. Efficient Implementation of NIST-Compliant Elliptic Curve Cryptography for 8-bit AVR-Based Sensor Nodes. IEEE Trans. Inf. Forensics Secur.
**2016**, 11, 1385–1397. [Google Scholar] [CrossRef] - Düll, M.; Haase, B.; Hinterwälder, G.; Hutter, M.; Paar, C.; Sánchez, A.H.; Schwabe, P. High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Des. Codes Cryptogr.
**2015**, 77, 493–514. [Google Scholar] [CrossRef] [Green Version] - Gülen, U.; Baktır, S. Elliptic Curve Cryptography on Constrained Microcontrollers Using Frequency Domain Arithmetic. In Proceedings of the International Conference on Computational Science and Its Applications, Guimaraes, Portugal, 30 June–3 July 2014; pp. 493–506. [Google Scholar]
- Gulen, U.; Baktir, S. Elliptic-curve cryptography for wireless sensor network nodes without hardware multiplier support. Secur. Commun. Netw.
**2016**, 9, 4992–5002. [Google Scholar] [CrossRef] - Szczechowiak, P.; Oliveira, L.B.; Scott, M.; Collier, M.; Dahab, R. NanoECC: Testing the limits of elliptic curve cryptography in sensor networks. In Proceedings of the European Conference on Wireless Sensor Networks, Bologna, Italy, 30–31 January 2008; pp. 305–320. [Google Scholar]
- Gouvêa, C.P.L.; López, J. Software implementation of pairing-based cryptography on sensor networks using the MSP430 microcontroller. In Proceedings of the International Conference on Cryptology in India, New Dehli, India, 13–16 December 2009; pp. 248–262. [Google Scholar]
- Miller, V. Uses of Elliptic Curves in Cryptography. Advances in Cryptology—CRYPTO ’85; Williams, H.C., Ed.; Springer: Berlin, Germany, 1986; pp. 417–426. [Google Scholar]
- Koblitz, N. Elliptic Curve Cryptosystems. Math. Comput.
**1987**, 48, 203–209. [Google Scholar] [CrossRef] - Wang, H.; Sheng, B.; Li, Q. Elliptic curve cryptography-based access control in sensor networks. Int. J. Secur. Netw.
**2006**, 1, 127–137. [Google Scholar] [CrossRef] - Wenger, E.; Werner, M. Evaluating 16-bit processors for elliptic curve cryptography. In Smart Card Research and Advanced Applications; Springer: Berlin/Heidelberg, Germany, 2011; pp. 166–181. [Google Scholar]
- Liu, A.; Ning, P. TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks. In Proceedings of the 7th International Conference on Information Processing in Sensor Networks, Washington, DC, USA, 22–24 April 2008; pp. 245–256. [Google Scholar]
- Wander, A.S.; Gura, N.; Eberle, H.; Gupta, V.; Shantz, S.C. Energy analysis of public-key cryptography for wireless sensor networks. In Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications, Kauai Island, HI, USA, 8–12 March 2005; pp. 324–328. [Google Scholar]
- Qiu, L.; Liu, Z.; CF Pereira, G.C.; Seo, H. Implementing RSA for Sensor Nodes in Smart Cities. Pers. Ubiquitous Comput.
**2017**, 21, 807–813. [Google Scholar] [CrossRef] - Liu, Z.; Großschädl, J.; Kizhvatov, I. Efficient and side-channel resistant RSA implementation for 8-bit AVR microcontrollers. In Proceedings of the 1st Workshop on the Security of the Internet of Things (SOCIOT’10), Tokyo, Japan, 29 November 2010. [Google Scholar]
- Wang, H.; Li, Q. Efficient implementation of public key cryptosystems on mote sensors (short paper). In Proceedings of the International Conference on Information and Communications Security, Raleigh, NC, USA, 4–7 December 2006; pp. 519–528. [Google Scholar]
- Gura, N.; Patel, A.; Wander, A.; Eberle, H.; Shantz, S.C. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In Proceedings of the Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop, Cambridge, MA, USA, 11–13 August 2004; Joye, M., Quisquater, J.J., Eds.; pp. 119–132. [Google Scholar]
- Menezes, A.J.; Van Oorschot, P.C.; Vanstone, S.A. Handbook of Applied Cryptography; CRC Press: Boca Raton, FL, USA, 1996. [Google Scholar]
- Montgomery, P.L. Modular multiplication without trial division. Math. Comput.
**1985**, 44, 519–521. [Google Scholar] [CrossRef] - Karatsuba, A.; Ofman, Y. Multiplication of Multidigit Numbers on Automata. Sov. Phys. Dokl.
**1963**, 7, 595–596. [Google Scholar] - Hutter, M.; Schwabe, P. Multiprecision multiplication on AVR revisited. J. Cryptogr. Eng.
**2015**, 5, 201–214. [Google Scholar] [CrossRef] [Green Version] - Hinterwälder, G.; Moradi, A.; Hutter, M.; Schwabe, P.; Paar, C. Full-size high-security ECC implementation on MSP430 microcontrollers. In Proceedings of the International Conference on Cryptology and Information Security in Latin America, Florianópolis, Brazil, 17–19 September 2014; pp. 31–47. [Google Scholar]
- Texas Instrument. MSP430F15x, MSP430F16x, MSP430F161x Mixed-Signal Microcontroller. Available online: https://www.ti.com/lit/gpn/msp430f1611 (accessed on 27 June 2019).
- Texas Instrument. MSP430F261x, MSP430F241x Mixed-Signal Microcontroller. Available online: www.ti.com/lit/gpn/MSP430F2617 (accessed on 27 June 2019).
- Texas Instrument. MSP430F552x, MSP430F551x Mixed-Signal Microcontrollers. Available online: https://www.ti.com/lit/gpn/MSP430F5529 (accessed on 27 June 2019).
- IAR Systems. IAR Embedded Workbench for TI MSP430. Available online: https://www.iar.com/support/user-guides/user-guidesiar-embedded-workbench-for-ti-msp430/ (accessed on 27 June 2019).
- Koc, C.K.; Acar, T.; Kaliski, B.S. Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro
**1996**, 16, 26–33. [Google Scholar] [CrossRef] - Kocher, P.C. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Available online: https://www.paulkocher.com/doc/TimingAttacks.pdf (accessed on 27 June 2019).

512-bit Montgomery Multiplication | ||

Microcontroller | # Clock Cycles | Time (ms) |

MSP430F5529 @25 MHz | 23,272 | 0.93 ms |

MSP430F2618 @16 MHz | 33,512 | 2.09 ms |

MSP430F1611 @8 MHz | 35,885 | 4.48 ms |

512-bit Montgomery Squaring | ||

Microcontroller | # Clock Cycles | Time (ms) |

MSP430F5529 @25 MHz | 22,037 | 0.88 ms |

MSP430F2618 @16 MHz | 30,437 | 1.90 ms |

MSP430F1611 @8 MHz | 32,507 | 4.06 ms |

1024-bit Montgomery Multiplication | ||

Microcontroller | # Clock Cycles | Time (ms) |

MSP430F5529 @25 MHz | 74,546 | 2.98 ms |

MSP430F2618 @16 MHz | 103,975 | 6.49 ms |

MSP430F1611 @8 MHz | 112,497 | 14.06 ms |

1024-bit Montgomery Squaring | ||

Microcontroller | # Clock Cycles | Time (ms) |

MSP430F5529 @25 MHz | 69,504 | 2.78 ms |

MSP430F2618 @16 MHz | 95,068 | 5.94 ms |

MSP430F1611 @8 MHz | 101,898 | 12.73 ms |

1024-bit RSA | Microcontroller | # Clock Cycles | Time (s) |
---|---|---|---|

Encryption (This work) | MSP430F5529 @25 MHz | 1,189,089 | $0.047$ |

Encryption (This work) | MSP430F2618 @16 MHz | 1,611,482 | $0.10$ |

Encryption (This work) | MSP430F1611 @8 MHz | 1,743,445 | $0.21$ |

Encryption [38] | MSP430F1611 @8 MHz | 3,665,144 | $0.45$ |

Encryption [41] | ATmega128 @8 MHz | - | $0.43$ |

Encryption [40] | ATmega128 @8 MHz | - | $0.79$ |

Encryption [41] | CC1010 @14 MHz | - | $4.48$ |

1024-bit RSA | Microcontroller | # Clock Cycles | Time (s) |
---|---|---|---|

Decryption (This work) | MSP430F5529 @25-MHz | 28,608,119 | $1.14$ |

Decryption (This work) | MSP430F2618 @16-MHz | 40,007,873 | $2.50$ |

Decryption (This work) | MSP430F1611 @8-MHz | 43,368,720 | $5.42$ |

Decryption [38] | MSP430F1611 @8-MHz | 44,639,340 | $5.58\phantom{\rule{3.33333pt}{0ex}}$ |

Decryption [39] | ATmega128 @8-MHz | 75,680,000 | $9.46$ |

Decryption [41] | ATmega128 @8-MHz | - | $10.99$ |

Decryption [40] | ATmega128 @8-MHz | - | $21.5$ |

Decryption [41] | CC1010 @14-MHz | - | $106.66$ |

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Gulen, U.; Alkhodary, A.; Baktir, S.
Implementing RSA for Wireless Sensor Nodes. *Sensors* **2019**, *19*, 2864.
https://doi.org/10.3390/s19132864

**AMA Style**

Gulen U, Alkhodary A, Baktir S.
Implementing RSA for Wireless Sensor Nodes. *Sensors*. 2019; 19(13):2864.
https://doi.org/10.3390/s19132864

**Chicago/Turabian Style**

Gulen, Utku, Abdelrahman Alkhodary, and Selcuk Baktir.
2019. "Implementing RSA for Wireless Sensor Nodes" *Sensors* 19, no. 13: 2864.
https://doi.org/10.3390/s19132864