IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO.

4, DECEMBER 2011 715

Energy Efficient Security Algorithm for Power Grid

Wide Area Monitoring System
Meikang Qiu, Senior Member, IEEE, Wenzhong Gao, Senior Member, IEEE, Min Chen, Senior Member, IEEE,
Jian-Wei Niu, Member, IEEE, and Lei Zhang, Member, IEEE

Abstract—Modern power grid is the most complex human-made ergy management systems (EMS). Typical SCADA and EMS
system, which is monitored by wide-area monitoring system have slow data update rate and cannot meet performance de-
(WAMS). Providing time-synchronized data of power system
operating states, WAMS will play a crucial role in next generation mand of a smart grid.
smart grid protection and control. WAMS helps secure efficient Thanks to the rapid development of synchronized global po-
energy transmission as well as reliable and optimal grid manage- sitioning system (GPS), synchronized-measurement technology
ment. As the key enabler of a smart grid, numerous sensors such
as PMU and current sensors transmit real-time dynamic data, has been developed since the 1970s for emerging wide-area
which is usually protected by encryption algorithm from malicious monitoring system (WAMS) [1]. WAMS is essentially a sensor
attacks, over wide-area-network (WAN) to power system control
centers so that monitoring and control of the whole system is network deployed over a vast geographical area overlaying the
possible. Security algorithms for power grid need to consider both power network infrastructure. The backbone of this network is
performance and energy efficiency through code optimization high speed Internet. Attempting to monitor the entire power
techniques on encryption and decryption. In this paper, we take
power nodes (sites) as platforms to experimentally study ways system dynamics, WAMS synchronizes all monitored data by
of energy consumptions in different security algorithms. First, time-stamping GPS coordinated universal time (UTC) so as to
we measure energy consumptions of various security algorithms globally validate measurements regardless of measuring loca-
on CrossBow and Ember sensor nodes. Second, we propose an
array of novel code optimization methods to increase energy tions. The key component in WAMS is the phasor measurement
consumption efficiency of different security algorithms. Finally, unit (PMU). Providing time-synchronized data of power system
based on careful analysis of measurement results, we propose a set
of principles on using security algorithms in WAMS nodes, such operating states, WAMS will play crucial role in next generation
as cryptography selections, parameter configuration, and the like. smart grid protection and control. WAMS will help secure effi-
Such principles can be used widely in other computing systems cient energy transmission as well as reliable and optimal grid
with energy constraints.
management.
Index Terms—Cryptographic algorithm, power grid, sched- Security is a critical issue in the design and operation of
uling, security, smart grid, wide-area monitoring system.
WAMS. As the key enabler of a smart grid, numerous sensors
such as PMU and current sensors transmit real-time dynamic
I. INTRODUCTION data over a wide-area network (WAN) to power system control
centers so that monitoring and control of the whole system is

T HE MODERN power grid is the most complex human-

made system, which is currently managed by the Super-
visory Control and Data Acquisition System (SCADA) and en-
possible. In order to protect the system from malicious attacks,
data is encrypted first before transferring through the network.
At the destination, decryption will be used to get the original
data. Since WAMS is an energy constrained system, we need
Manuscript received October 14, 2010; revised March 06, 2011; accepted to consider the energy consumption of the computation. Hence,
June 05, 2011. Date of publication August 15, 2011; date of current version new security algorithm design with the consideration of code
November 23, 2011. This work was supported in part by the NSFC 61071061,
the University of Kentucky Start Up Fund; NAP of Korea Research Council optimization is critical to the power grid real-time operation in
of Fundamental S&T, IT R&D program of KCA 10913-05004; the State Key order to maintain the stability of the power systems.
Lab of Software Development Env. Grant BUAA SKLSDE-2010ZX-13, NSFC For the IC hardware of a sensor, such as a PMU, its main
60873241, ASF 20091951020. Paper no. TSG-00163-2010.
M. Qiu is with the School of Computer Science and Technology, Huazhong power consumption includes dynamic power consumption,
University of Science and Technology, Wuhan 430074, China, and also with the leakage power consumption, and short circuit power consump-
Department of Electrical and Computer Engineering, University of Kentucky, tion. The dynamic power consumption, which accounts for 60%
Lexington, KY 40506 USA (e-mail: [email protected]).
W. Gao (corresponding author) is with the Department of Electrical and Com-
to 80% of the total power consumption, has a close relationship
puter Engineering, University of Denver, Denver, CO 80210 USA (e-mail: Wen- with the activities of a system [2], [3]. Meanwhile, enhancing
[email protected]). the system security certainly increases the system activities
M. Chen is with the School of Computer Science and Technology, Huazhong while leading to additional power consumption. In other words,
University of Science and Technology, Wuhan 430074, China, and also with the
Computer Science and Engineering, Seoul National University, Seoul 151-742, system security and system activities are positively correlated.
Korea (e-mail: [email protected]). Therefore, we need to consider the trade-off between system
J. Niu is with the State Key Laboratory of Software Development Environ- security and energy consumption when we enhance the security
ment, Beihang University, Beijing 100191, China (e-mail: niujianwei@buaa.
edu.cn). level for energy-constrained systems.
L. Zhang is with the School of Computer Science and Engineering, Univer- From the security enhancement aspect, hardware implemen-
sity of Electronic Science and Technology of China, Chengdu, Sichuan 611731, tations are highly efficient and have high security strengths.
China.
Color versions of one or more of the figures in this paper are available online
However, the power consumption of hardware implementations
at http://ieeexplore.ieee.org. is higher than that of software implementations. The reason
Digital Object Identifier 10.1109/TSG.2011.2160298 is because hardware implementations of security enhancement
1949-3053/$26.00 © 2011 IEEE
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
716 IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011

lead to higher IC complexity, which causes the increase of static and energy consumption in Section III. In order to provide the
power consumption and short circuit power consumption. From insight of the impact of security algorithms, we measure the en-
the energy consumption aspect, the higher level of design can ergy consumptions of several well-known security algorithms
provide higher potential solution space for energy reduction and on two kinds of WAMS nodes in Section IV. Then, we present a
lower cost [2], [4]. Recently, there is a new trend: the focus of code optimization method to reduce energy consumption of se-
energy optimization research is transferring to energy optimiza- curity algorithms in Section V. Finally, in Section VI, we pro-
tion on application level. Energy optimizations on the behavior vide a set of principles on applying security algorithms to en-
level has certain limitations due to the poor flexibility of hard- ergy-constrained systems, such as WAMSs.
ware implementations. Thus, for an energy-constrained system,
we can satisfy the security requirements using software imple-
II. RELATED WORK
mentations rather than hardware implementations.
Basic security algorithms, e.g., cryptography algorithms, are A large amount of works have been done on energy consump-
the fundamental parts of any security system. A wide variety of tion of security algorithms and protocols in common network
security protocols and standards are developed based on basic environment, such as the energy consumption of the SSL pro-
security algorithms. In security algorithms, users can set the tocol in PC networks, the energy consumption of WEP in Wi-Fi
values of some parameters, such as key length and application networks, etc. However, there are few research on the energy
mode, which facilitate the energy optimization on the applica- consumption of security algorithms in WAMSs.
tion level. Therefore, we believe that the balance between se- Recently, most of the energy consumption studies related to
curity and energy consumption can be achieved by properly WAMSs are based on simulations. The energy consumption is
using the existing security algorithms. Meanwhile, due to the usually measured based on the CPU computation time and the
high flexibility of software implementations, we can reduce the number of data packets. However, this is a coarse grain approxi-
energy consumption of executing security algorithms through mation. In simulation aspect, network simulations, such as NS2,
code optimizations. Furthermore, when determining the con- TOSSIMM [5], and Atemu [6], can properly simulate the behav-
figuration and the selection of security algorithms, one has to iors of the network protocols, but they are not able to simulate
consider not only the power consumption of CPUs, but also the the single node well. Thus, the method mentioned above is not
impact of the implementation on other components. Thus, the suitable for our study on the energy consumption of security al-
objective of energy optimizations is to have: 1) longer system gorithms in WAMSs.
lifetime and 2) lower system total energy consumption. In the There are some instruction-level energy evaluation models
rest of this paper, we study the security algorithms implemented for WAMSs, such as AEON [7], and PowerTOSSIM [8]. These
in an energy-constrained system on our WAMS platform. The two models first measure the currents of the sensor nodes, fol-
reasons of using the WAMS platform as our platform are as fol- lowed by partitioning the measured currents to different code
lows. segments and different components of sensor nodes. Finally,
• WAMS is a typical energy-constrained system. The com- the energy consumption of a certain code segment or a certain
plexity of the hardware/software functions in WAMSs has component is calculated. However, these models are not suit-
a large impact on the lifetimes of sensor nodes in WAMSs. able for commercial WAMS sensors, due to the fact that most
• Compared with traditional energy-constrained systems, of the manufacturers only provide software in the form of “black
WAMSs face larger challenges. The security requirement box.” Even obtaining the source code, inserting instruction for
of WAMSs covers every aspect of system security, such as measuring is not convenient.
confidentiality, integrity availability, which makes it more To obtain the energy characteristics of security algorithms,
suitable to study the characteristics of different security there are some studies based on physical measurement. Wander
algorithms. et al. [9] has measured the energy consumption of the RSA
• Executing security algorithms on sensor nodes of a WAMS and ECC on MICA2DOT sensor nodes. However, this method
impacts not only the energy consumption of CPUs, but also cannot be implemented with the whole version of code into the
the energy comsuption of other components. WAMS nodes. Gupta et al. [10] has pointed out that the size of
In this paper, we take power nodes (sites) as platforms to ex- memory consumption of standard code is close to 4 KB for cryp-
perimentally study ways of energy consumptions in different se- tography algorithms such as DES. This means that the memory
curity algorithms. First, we design a micro-power measurement will not be enough to directly implement standard algorithms
circuit to measure energy consumptions of various security al- on some WAMS nodes.
gorithms on CrossBow and Ember sensor nodes. Second, we WAMS is an autonomic network consisting of a large number
propose an array of novel code optimization methods to increase of sensor nodes deployed in the monitoring area. The sensor
energy consumption efficiency of different security algorithms. nodes are connected by an ad hoc network and communicate
Finally, based on careful analysis of measurement results, we with the sink through multihop, as shown in Fig. 1. In a WAMS,
propose a set of principles on using security algorithms in sensor the sensor nodes are the basic parts of the implementation of
network nodes, such as cryptography selections, parameter con- information sensing and communication. Compared to other
figuration, and the like. Such principles can be used widely in wireless network, the WAMS is a specific application oriented
other computing systems with energy constraints. network, which has characteristics of large size and dynamic
The arrangement of this paper is as the following: we first topology.
introduce the related work of this topic in Section II, followed A sensor node in WAMS is a system with multifunction, such
by the analysis of some basic issues related to WAMS security as data collection, computation, and communication. Compared
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
QIU et al.: ENERGY EFFICIENT SECURITY ALGORITHM FOR POWER GRID WIDE AREA MONITORING SYSTEM 717

TABLE I
MAJOR SECURITY THREATS IN A WAMS

have thus been continuously enhanced and are now being de-
ployed in substations. The PMU data are collected in a phasor
data concentrator (PDC) to facilitate real-time power system sit-
uation awareness, analysis, operation, protection, and control
[13]–[15]. With large scale integration of variable renewable
energy integration, PMU-based smart grid will ensure power
system stability and reliability.

III. WAMS SECURITY ISSUES

A. Security Threats Encountered in WAMSs

WAMSs use public communication channels, in which every
device inside or outside the network may obtain the information.
The attackers can directly destroy the WAMS nodes due to the
open deployment of nodes. Table I summarizes the major threats
Fig. 1. The architecture of a WAMS.
that WAMSs may encounter.

B. Energy Constraint on Security Algorithms

to common sensor systems, the WAMS sensor nodes have their
constraints as listed below. In order to prevent the attacker from deciphering directly on
• Poor computation power. The sensors usually adopt MCU WAMS nodes, the data on nodes should be encrypted before
that has slow computation speed as their processors. stored. Complete verification information needs to be inserted
• Limited memory space. The ATmega128L processor has into original message, so that the data packets will not be mod-
only 4 KB SRAM onchip. And the high-end CrossBow ified maliciously. Thus, it is necessary to introduce proper ID
Imote2 has 256 KB onchip and 32 MB offchip. verification mechanism into WAMSs to defend ID-based attack
• Tight power consumption constraint. Due to the limitations such as Sybil and node duplication attack. Although the secu-
of deployed area, cost, and physical size, some WAMS rity threats encountered by WAMSs are diverse, data encryption,
nodes are usually equipped with low capacity batteries. integrity protection, and verification are the most basic security
Thus, there are strict requirements for consecutive execu- service requirements in WAMSs. In WAMSs, the stronger the
tion time on nodes. security algorithm is, the more energy consumption on the CPU
Because of the strict constraints of computation resource and [21]. Thus, in order to satisfy the security requirement on the
energy, the WAMS nodes can only execute simple computation WAMS, energy consumption is the major factor that constrains
tasks and communication tasks. Currently, the hardware/soft- security algorithms.
ware codesign is a key part of WAMS study.
PMU-based WAMS is a cyber-physical system where the C. Security Level and Energy Consumption
Internet-based communication network overlays the physical The limited energy and computation resources determine
equipment-based power grid [11], [12]. Cybersecurity is crucial that the security mechanism in WAMS nodes should be im-
for ensuring integrity and resiliency of future smart grid. The plemented as simple as possible. Integrating security service
encryption design for secure WAMS data communication must directly in the WAMS nodes such as PMU is an efficient way
consider energy and bandwidth constraints. to increase the security of nodes. The security requirement can
PMU was first invented in Virginia Tech in 1988 to mea- be realized by three basic security services, i.e., encryption,
sure phasors of voltage and current, frequency and real/reac- integrity protection, and verification. Therefore, based on the
tive power in real-time with GPS time tagging [1], [13]. PMUs security service integrated into the nodes, we can classify the
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
718 IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011

TABLE II
ENERGY CONSUMPTIONS ON CROSSBOW MICA2 NODES

TABLE III
ENERGY CONSUMPTIONS ON EMBER NODES

Fig. 2. The security levels and the distributions of energy consumption on a

WAMS node.

security of a node into four levels: Level 0, nonsecurity ser-

vice; Level 1, single security service; Level 2, double security
services; and Level 3, triple security services. Note that even
though multiple security schemes can achieve the same level of
security, their energy consumptions are different.
The energy consumption of a node can be partitioned into two
parts, when the security services are integrated into this node: Fig. 3. The energy consumptions on the RF module. (a) CrossBow. (b) Ember.
1) basic energy consumption, which relates to the application
functions; 2) energy consumption caused by the security ser- consumption of a node is mainly caused by the CPU, the RF
vices. From the system stand point, the energy consumption of module, the sensor, and the periphery circuit [23]. In this sec-
a WAMS node is mainly from the sensing circuit, the periphery tion, we will analyze the energy consumption on the CPU and
circuit, the microprocessor, and the RF circuit. the RF module, due to the direct impact of the execution of se-
The security algorithms are usually implemented by CPU on curity algorithms on the energy consumption.
computation-intensive tasks, which cause the increase of the We measure the energy consumptions of these two modules
CPU’s energy consumption. Besides, the integrity protection without integration of security algorithms. We use Tektronix
and the verification service increase message lengths, leading to TDS5032B oscilloscope to measure the voltage variation and
the increase of energy consumption on the RF transmit module. operating time of the node. After getting the voltage of a sen-
The security service has less impact on energy consumptions sitive resistor with resistance , we can use Ohm’s law
on sensors and periphery circuits. The energy consumption dis- to compute the current value . Hence, according to the
tribution across the node and the relationship between energy resistance of WAMS node, we get power , and
consumption and security level are shown in Fig. 2. The secu- energy , where represents the time of code execu-
rity levels are a set of discrete values, and the energy consump- tion and data transmission of the node.
tion is linear to the value of security level. Strictly speaking, the And we set these energy consumptions as the baseline con-
energy consumption is related to the complexity of the security sumptions. For messages with four different lengths, we mea-
service implementation [22]. sure the energy consumption when a node computes the data as
Due to the difference among the computational power, dif- well as the energy consumption when it sends the data, as shown
ferent kinds of WAMS nodes can support algorithms with dif- in Tables II and III. In these tables, the “ ” represents the
ferent levels of security strength. The energy consumption is re- energy consumption on the CPU, and “ ” represents the en-
lated to the computational power of the node. For the nodes with ergy consumption of the RF module. The “ ” represents
low computational power, integration of the security algorithm the sum of these two parts.
will increase the computation time and the communication time, The CrossBow and the Ember nodes use the same processors.
causing significant increase of the total energy consumption. On Therefore, for the same application, the energy consumptions
the other hand, for the nodes with strong computational power, of CPU on these two nodes are the same. The major difference
the energy consumption on the CPU will not vary significantly. is the physical layer protocol. The CrossBow node uses the
Furthermore, increasing the data transmission speed will help 868/915 MHz physical layer standard defined in IEEE 802.15.4,
reduce the energy consumption of the node. while the Ember uses the 2.4 GHz physical layer standard [24].
There is significant difference in data transmission rate: the
IV. ENERGY CONSUMPTION MEASUREMENT OF CrossBow has the speed of 19.2–38.4 kb/s, while the Ember
SECURITY ALGORITHMS has the speed of 250 kb/s. As shown in Tables II and III, when
In this section, we conduct the power consumption measure- sending messages with the same length, the total energy con-
ment for some security algorithm and scheme on the CrossBow sumption on the Ember is far less than that on the CrossBow.
and Ember nodes. And we also analyze the factors that impact When the length increases, the energy consumption on the CPU
the energy consumption. As we mentioned before, the energy does not vary significantly, but the one on the RF module does.
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
QIU et al.: ENERGY EFFICIENT SECURITY ALGORITHM FOR POWER GRID WIDE AREA MONITORING SYSTEM 719

Fig. 4. The energy consumptions when running different security algorithm on a CrossBow node. (a) On the CPU. (b) On the RF module. (c) On the whole node.
In (b), the three curves for RC5, DES, and AES overlap into the lower curve, and the other four are overlapped into the upper curve. In (c), RC5 and DES are
overlapped into the lowest curve, above which is the AES curve. SHA-1 + AES is the highest curve, and the left three overlap into the curve just below it.

The energy consumption on the RF module with 4 different Hash Algorithm (SHA) was published as federal informa-
message lengths is shown in Fig. 3. tion processing standard in 1993 and SHA-1 is a revised
For the Ember node, the energy consumption on the RF version. In Fig. 4(a), “ - ,” “ - ,” and
module increases linearly as the length of message increases. “ - ” are three different combinations of encryption
For the CrossBow node, when the length of the message is and integrity protection service [25]. The results show that
between 8 to 24 bytes, the energy consumption increases the energy consumption of a combination is far larger than
linearly. However, when the length of message increases from a single service. This reflects the linear relationship between
24 bytes to 32 bytes, the energy consumption has a significant the energy consumption and the strength of the security ser-
increase, about 64.7%. The reason is that the XMesh protocol vice. For the message with a length of 32 bytes, the highest
implemented in the CrossBow node defines the maximum size energy consumption on CPU is the one when running the
of the data packet to be 29 bytes. A 32 bytes data needs to be “ - ” security scheme, 493 J, 17.6 times higher
separated into two packets, leading to more energy consump- compared to the baseline energy consumption. However, this
tion. And the maximum size of the data packet on the Ember part of energy consumption just accounts for 20.2% of the
node is 68 bytes. It can send message with the length from 8 to total energy consumption, which is 2443 J. Thus, the energy
32 bytes in just one packet. consumption when executing the security algorithm will not
impact the total energy consumption of a node at large.
A. Energy Consumption of Security Algorithm on CrossBow The energy consumptions on the RF module when executing
different security algorithms on a CrossBow node are shown
In this experiment, we measure the energy consumption of in Fig. 4(b). Comparing with Table II, we find out that imple-
the CrossBow node when running different security algorithms menting these three encryptions (RC5, DES, and AES) individu-
on messages with four different lengths. We set the energy con- ally will not increase the energy consumption on the RF module,
sumption of the CrossBow node with no security service as the due to the fact that the lengths of messages do not increase after
baseline consumption, and measure the energy consumption of the encryption. However, the energy consumption increases by
different security algorithms. We also compare the energy con- 98.0% on average when executing the SHA-1 algorithm. The
sumption on the CPU, the RF module, and the whole node. reason is that the SHA-1 algorithm adds 20 bytes of abstract
The energy consumptions on the CPU when running different information, causing additional work load to the RF module.
security algorithms are shown in Fig. 4(a). For example, when Furthermore, in some cases, the extended message may need
running the SHA-1 algorithm, the energy consumption on the multiple packets for transmitting, which requires more energy
CPU is 153 J, 6.9 times the energy consumption when the consumption.
CPU executes the data processing program. This means that the Finally, we measure the energy consumptions of the whole
computational complexity of a security algorithm is far more node, when running different security algorithms. The results
complex than the one of an application. Since the step length are shown Fig. 4(c). Compared with the “ ” in Table II,
of the SHA-1 algorithm is 64 bytes, the energy consumptions running the RC5, the DES, and the AES individually, the en-
of this algorithm is the same, when the message lengths are be- ergy consumption increases by 6.6%, 4.0%, and 20.2%, respec-
tween 8 to 32 bytes. Similarly, the step length of the AES al- tively. And the Hash algorithm increases the energy consump-
gorithm is 128 bytes, the energy consumption with those four tion significantly, 104.3% on average, with the SHA-1 algorithm
different lengths messages are all 339 J. On the other hand, on messages with four different lengths. This means that the life-
the step lengths of both the RC5 and the DES are bytes, time of a CrossBow node decreases by half. The three combina-
. The energy consumptions of these two algo- tions with the Hash algorithm bring 110.2% increase on average.
rithms increase linearly as the length of message goes up. Thus, for an energy-constrained CrossBow node, the use of the
For those messages with four different lengths, the energy Hash algorithm needs careful consideration.
consumptions on the CPU when executing the RC5, the Data
Encryption Standard (DES), and the Advanced Encryption B. Energy Consumption of Security Algorithm on Ember
Standard (AES), are 90 J, 130 J, and 339 J on average, Similar to the experiment in the previous subsection, we con-
respectively. It means that the energy consumption is linearly duct the measurement and analysis of the energy consumption
dependent on the strength of the security algorithm. Secure of security algorithms on the Ember node. First, we measure the
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
720 IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011

TABLE IV
THE COMPARISON OF TOTAL ENERGY CONSUMPTIONS

Fig. 5. The energy consumptions when running different security algorithms

on a Ember node. (a) On the CPU. (b) On the whole node. In (b), RC5 and
SHA-1 overlap into the curve at the lowest, above which is the curve that DES
and AES overlap into. two nodes have different data transmitting speed, with a speed
ratio of 1:11. Since the power of these two nodes are almost the
energy consumption on the CPU, as shown in Fig. 5(a). For the same (around 50 mW), the required computing time makes the
four different lengths messages, the energy consumption on the difference.
CPU when running SHA-1 is 82 J on average. The energy con- To compare the total energy consumption, we choose two
sumptions of RC5 are between 105 J to 151 J. The encryption combinations of security scheme: (1) “ - ” and (2)
algorithm consumes 54% more energy than the Hash algorithm “ - ” and measure the total energy consumptions of
does. And the consumption further increases when the Hash and them, as shown in Table IV.
the encryption algorithms are implemented in the node. Table IV shows that the energy consumption on a CrossBow
Comparing the results in Fig. 5(a) and the “ ” in node is 8.9 times as the one on an Ember node, for the “ -
Table III, we find out that the energy consumptions on the CPU ” combination. For the other combination, the CrossBow
when executing the DES and other two combination schemes consumes 7.9 times energy as the Ember node does. Thus, for
are larger than the total energy consumption of a node when the slow transmitting speed nodes, it is necessary to control
there is no security service on it. Therefore, the encryption the overhead caused by security algorithms, and the compu-
algorithm increases the total energy consumption significantly. tational complexity does not impact the energy consumption
We further analyze the energy consumption impact of the se- significantly. Besides, as shown in Table IV, for shorter mes-
curity algorithm on the RF module. Without integrating the se- sages (8–16 B), those two combinations perform similarly. For
curity service, the energy consumption on the RF module is 82 longer messages, the “ - ” combination is less en-
J to 119 J, with 8 to 32 bytes messages. Compared to the ergy-consuming. Thus, the security service selection in energy-
CPU, the RF module is the major part in the Ember node con- constrained system should be based on the result of energy mea-
suming energy. When the message is processed with the Hash surements.
algorithm, the energy consumptions of the RF module are 120
to 159 J, on four different lengths messages. The variation of V. ENERGY OPTIMIZATION FOR ENCRYPTION ALGORITHMS
the consumption on Ember is relatively small, due to the trans-
mitting characteristics of the Ember node. A. Inside Each Iteration
Finally, we measure the total energy consumptions on the In the symmetric-key encryption algorithm, the encryption
Ember node with different security algorithms, as shown in and decryption algorithms need to process the plaintext or the
Fig. 5(b). Comparing the results shown in Fig. 5(b) and the ciphertext with substitution iteratively [26]. In order to speed
“ ” in Table III, we can find that implementing the up the execution, two optimization techniques, the lookup table
SHA-1, the RC5, and the DES individually has increased the and loop unfolding [27], are often used in software implementa-
energy consumption by 77.4%, 81.4%, and 112.1%, respec- tions. In this section, we will use AES algorithm as an example
tively. This means that the amount of energy consumed on the to study how to reduce the energy consumption through code
Ember node by the Hash and the encryption algorithms does optimization.
not have big differences. Implementing both these two kinds of The core of AES algorithm has two parts [26]: secret key
algorithms will cause the energy consumption increases by 2.9 scheduling and multi-iteration encryption substitution. The
times. Thus, the high level security algorithms will decrease major part of energy consumption is multi-iteration encryption
the lifetime of the Ember node by 60% on the average. substitution. The pseudocode of multi-iteration encryption
substitution is shown in Fig. 6(a).
C. Comparison of the Crossbow and the Ember Node In every iteration, the four fundamental operations of AES:
For the basic computational task, the energy consumptions SubByte, ShiftRow, MixColumns, and AddRoundKey, can be
on the CPU are almost the same on the Ember node and the implemented through predefined lookup tables in order to speed
CrossBow node, as shown in Tables II and III. When running the up the computation of each iteration [26]. But this will cost more
SHA-1 algorithm, the energy consumption on CPU of an Ember storage space.
node is only half of that of a CrossBow node, due to the different Loop unfolding operation will copy the loop body to reduce
compilers and the different memory constraints of code porting. the number of substitution iterations. The purpose is to increase
For the encryption algorithm, the CPU energy consumptions are the parallelism of the instructions and reduce the time for jump
similar on these two nodes. and branch operations in the loop body [27]. For example, a
When using the SHA-1 algorithm with the same length mes- one-time loop unfolding will copy the loop body once. This will
sages, the RF module of a CrossBow node consumes 10 times increase the code size one time but reduce the iteration number
energy as that of an Ember node. The reason is because these by half. Fig. 6(b) shows the result after one-time loop unfolding
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
QIU et al.: ENERGY EFFICIENT SECURITY ALGORITHM FOR POWER GRID WIDE AREA MONITORING SYSTEM 721

TABLE V
THE ENERGY CONSUMPTION OF FOUR IMPLEMENTATIONS OF AES

• When we use four lookup tables to implement the algo-

rithm, the total energy consumptions for all three loop
Fig. 6. (a) Iteration of AES encryption. (b) Iteration of AES encryption after 1 unfolding methods will be sharply increased and have
loop unfolding (f = 1). a big difference. Among them, one time loop unfolding
has lowest energy consumption, while four-time loop
unfolding has 3.1 times of energy consumption compared
with one-time loop unfolding. The reason for sharp energy
rising is because of the energy penalty caused by efficiency
improvement.

B. Configuration of Encryption Algorithms

We will explain how to configure the encryption algorithms
through some experiments. First, encryption algorithms have
four operation models: ECB, CBC, CFB, and OFB. Among
them, ECB is the simplest model, and the most vulnerable for
attack model. Other three models have adopted different loop
Fig. 7. The impact of the number of lookup tables and the number of unloop feedback mechanisms and have stronger capabilities to resist to
on the energy consumption of AES. attack. We have measured the energy consumption of AES en-
cryption on 32 bytes data with three different key-length under
for AES. Obviously, we need be careful to use loop four different models. The results are shown in Table V. From
unfolding for the WAMS nodes with tight storage constraints the experimental results, we can see that the energy consump-
because of the storage cost of loop unfolding. We use a series tion by AES under ECB model is the smallest no matter what
of experiments to explain the impacts of different number of size of key length while the energy consumption under other
loop unfolding and lookup table operations on the total energy three models are similar.
consumptions of CPU. Second, we will analyze the impacts on energy by the number
First, we use different number of lookup table and loop un- of iterations and secret-key length. With a CrossBow node, we
folding operations to optimize AES algorithm. Then, we have have measured the total energy consumption of RC5 on 32
measured the total energy consumptions of different ways of bytes of data with different key lengths and iteration numbers.
AES to encipher 64 bytes data. The results are shown in Fig. 7. The results are shown in Fig. 8. The horizontal axis represents
The vertical axis represents the total energy consumptions after the number of iterations and the vertical axis represents energy
being normalized. The horizontal axis represents the number of (unit: J/B). The three bars represent the energy consumptions
lookup tables, i.e., 0, 1, and 4. Three different bars represent of RC5 with 56, 128, and 256 bits in key length. From Fig. 8,
the energy consumptions of three different number of loop un- we can see that with the same key length, the average energy
folding times . consumption of 16 iterations encryption is 3.3 times of that of
Below, according to the number of lookups, we will compare 8 iterations. With same number of iterations, the impact of key
the results shown in Fig. 7 and analyze the reasons that cause length on energy is small, especially with large number of itera-
the change of energy consumptions. tions. For example, with 16 iterations, the energy consumption
• Without a lookup table, the three different loop unfolding with 256 bits key length is only 7.2% higher than that of 56
operations have almost the same energy consumptions. bits key length.
• With only one lookup table to realize SubByte change, the Third, as we know, the attack on key is a simple and effective
energy consumption for 0 or 1 loop unfolding is reduced way in security attack. Hence, the security of encryption service
41.5% compared with the scenario without a lookup table. needs a key in certain length. The increase in iteration number
The reasons for this reduction are: Using one lookup table, will increase the ability to resist the attack from secret-key anal-
we can increase the efficiency of implementation and save ysis. To balance security and energy consumption, we should
the energy consumption of CPU. With one loop unfolding, adjust the iteration number under tight energy scenarios.
we can further increase the efficiency and reduce the en- Finally, the step length of block cipher has certain impacts
ergy consumption of CPU. But with too many loop un- on energy consumption. The block ciphers, such as RC5, DES,
folding (such as four times), the energy consumption will and AES, transfer the bit stream with 8 or 16 bytes into a
rise sharply because the energy-saving caused by efficiency pseudorandom series through key. DES and RC5 encrypt with
increase cannot make up the energy penalty caused by fre- bytes as step length while AES uses 128
quent visiting of memory. bytes fixed step length.
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
722 IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011

3) Principle 3 (Algorithm Configuration Principle): The se-

curity strength of encryption algorithms is related to operation
model, key length and the number of iterations. We can change
these parameters to affect the total energy consumption.
According to the experimental results in previous section,
we summarize the following detailed rules: 1) For operation
models: ECB model has the smallest energy consumption and
can be used in tight energy-constrained scenarios. While the
other three models have larger energy consumption compared
with ECB model and should be used in the case that has suf-
ficient energy to improve the security of a system. 2) Itera-
tion number is the decision factor of energy consumption for
symmetric encryption. 3) We suggest to subtly increase the key
Fig. 8. The impact of the iteration and the key length on the energy consump-
tion.
length and decrease the number of iterations for the energy-con-
strained systems, such as WAMSs. 4) It will improve the imple-
VI. THE PRINCIPLES FOR SECURITY ALGORITHMS mentation efficiency and reduce energy consumption when the
message in processing is set as the same length as the step length
In a system with resource and energy constraints, such as of the cipher.
a WAMS node, we need to consider the balance of the three
factors: energy consumption, security strength, and time. Ac- VII. CONCLUSION
cording to the measurement and analysis of security algorithms, WAMS is one of the most critical parts of the smart power
we propose the following principles for the application of secu- grid. The security of WAMS faces great challenges while sat-
rity algorithms on energy-constrained systems. isfying energy constraints. The key point in applying security
1) Principle 1 (Encryption Algorithm Selection Principle): algorithms to WAMS is to balance the energy consumption and
We need balance the three factors: energy, security, and time. the energy supply of the systems. In this paper, we take power
Energy consumption is one of the key factors in selecting en- nodes (sites) as platforms to experimentally study ways of en-
cryption algorithm if the other two factors (security strength and ergy consumptions in different security algorithms. The paper
time) are similar. has two contributions: first, we have proposed an array of novel
We suggest to use encryption service with RC5 algorithm. code optimization methods to increase energy consumption effi-
Comparing with other encryption algorithms, RC5 has the fol- ciency of different security algorithms; second, the experimental
lowing advantages: 1) According to energy consumption, shown results demonstrate that it is extremely beneficial to select and
in Figs. 4(a) and 5(a), for different length encryption data, the configure security algorithms in energy-constrained systems in
energy consumption of RC5 is significantly lower than that of order to improve the security of the systems.
AES and DES. 2) The design of RC5 is concise and it does not
need a lookup table with large storage. The memory cost of RC5 REFERENCES
is significantly smaller than that of AES. 3) We can customize [1] J. Ree, V. Centeno, J. Thorp, and A. Phadke, “Synchronized phasor
the group size, secret-key length, and the number of iterations measurement applications in power systems,” IEEE Trans. Smart Grid,
of RC5, which can be used flexibly in systems with different vol. 1, no. 1, pp. 20–27, 2010.
[2] B. Luca and G. D. Micheli, “System-level power optimization: Tech-
resource configurations. 4) RC5 is better than DES in security niques and tools,” ACM Trans. Design Autom. Electron. Syst., vol. 5,
strength and implementation efficiency. no. 2, pp. 115–192, 2000.
Furthermore, RC6 is another choice. RC6 can speed up the [3] M. Qiu, L. T. Yang, Z. Shao, and E. H.-M. Sha, “Dynamic and leakage
energy minimization with soft real-time loop scheduling and voltage
diffusion through bringing multiplication operations on RC5. assignment,” IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol.
Although multiplication will increase the energy consumption 18, no. 3, pp. 501–504, Mar. 2010.
of CPU, we can decrease it through reducing the number of [4] M. Qiu and E. H.-M. Sha, “Cost minimization while satisfying hard/
soft timing constraints for heterogeneous embedded systems,” ACM
encryption iterations. Also, RC6 has higher security strength. Trans. Design Autom. Electron. Syst. (TODAES), vol. 14, no. 2, Art.
Till now no security defect has been found. J. Grobschadal et 25, pp. 1–30, Apr. 2009, ACM TODAES 2011 Best Paper Award.
al. [28] has pointed out that RC6 is suitable for memory-con- [5] Atemu—Sensor Network Emulator/Simulator/Debugger [Online].
strained systems. Furthermore, we can select TEA encryption Available: http://www.hynet.umd.edu/research/atemu/
[6] V. Shnayder, M. Hempstead, B. Chen, G. W. Allen, and M. Welsh,
algorithm for WAMS nodes with weak computation capabili- “Simulating the power consumption of large-scale sensor network ap-
ties. plications,” in Proc. 2nd ACM Int. Conf. Embedded Networked Sensor
2) Principle 2 (Intra-Iteration Principle): We can increase Syst., 2004, pp. 188–200.
[7] O. Landsiedel, K. Wehrle, and S. Gotz, “Accurate prediction of power
the implementation efficiency and reduce energy consumptions consumption in sensor networks,” in Proc. 2nd IEEE Workshop Em-
through code optimization of encryption algorithms with suit- bedded Networked Sensors, 2005, pp. 37–44.
able amounts of loop unfolding and lookup table operations. [8] E. Perla, A. Cathain, R. S. Carbajo, M. Huggard, and C. M. Goldrick,
“PowerTOSSIM z: Realistic energy modelling for wireless sensor
For encryption algorithms with multi-iteration, the major part network environments,” in Proc. 3nd ACM Workshop Performance
of energy consumption is multi-iteration encryption substitu- Monitoring Meas. Heterogeneous Wireless Wired Networks, 2008, pp.
tion. From the comparison and analysis in previous section, we 35–42.
can get the above intra-iteration principle. For example, for AES [9] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, “Energy
analysis of public-key cryptography for wireless sensor networks,”
in Fig. 7, we can get good results with only one SubByte lookup in Proc. IEEE Int. Conf. Pervasive Comput. Commun., 2005, pp.
table and one loop unfolding. 324–328.
Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.
QIU et al.: ENERGY EFFICIENT SECURITY ALGORITHM FOR POWER GRID WIDE AREA MONITORING SYSTEM 723

[10] V. Gupta, M. Millard, S. Fung, Y. Zhu, N. Gura, H. Eberle, and S. Prof. Qiu has been on various chairs and TPC members for many international
C. Shantz, “Sizzle: A standards-based end-to-end security architecture conferences. He served as the Program Chair of IEEE EmbeddCom’09 and
for the embedded Internet,” in Proc. IEEE Int. Conf. Pervasive Comput. EM-Com’09. He received the Air Force Summer Faculty Award 2009. He is the
Commun., 2005, pp. 247–256. recipient of the ACM Transactions on Design Automation Electronic Systems
[11] M. Hadley, J. McBride, T. Edgar, L. O’Neil, and J. Johnson, “Securing (TODAES) 2011 Best Paper Award. He also won three IEEE/ACM international
wide area measurement systems,” Pacific Northwest Natl. Lab., Tech. conferences Best Paper Awards (IEEE EUC’09, IEEE/ACM GreenCom’10, and
Rep., 2007. IEEE CSE’10) and one best paper nomination.
[12] F. Li, W. Qiao, H. Sun, H. Wan, J. Wang, Y. Xia, Z. Xu, and P. Zhang,
“Smart transmission grid: Vision and framework,” IEEE Trans. Smart
Grid, vol. 1, no. 2, pp. 168–177, 2010. Wenzhong Gao (S’00–M’02–SM’03) received
[13] Y. Zhang, P. Markham, T. Xia, L. Chen, Y. Ye, and Z. Wu et al., the M.S. and Ph.D. degrees in electrical and com-
“Wide-area frequency monitoring network (FNET) architecture and puter engineering specializing in electric power
applications,” IEEE Trans. Smart Grid, vol. 1, no. 2, pp. 159–167, engineering from Georgia Institute of Technology,
2010. Atlanta, in 1999 and 2002, respectively.
[14] A. Armenia and J. Chow, “A flexible phasor data concentrator design He is currently with the Department of Electrical
leveraging existing software technologies,” IEEE Trans. Smart Grid, and Computer Engineering, University of Denver,
vol. 1, no. 1, pp. 73–80, 2010. CO. His current teaching and research interests
[15] P. Zhang, F. Li, and N. Bhatt, “Next-generation monitoring, analysis, include renewable energy and distributed generation,
and controlfor the future smart control center,” IEEE Trans. Smart smart grid, power-system protection, power-elec-
Grid, vol. 1, no. 2, pp. 186–192, 2010. tronics applications in power systems, power-system
[16] J. Dwoskin, D. Xu, J. Huang, M. Chiang, and R. Lee, “Secure key modeling and simulation, and hybrid electric propulsion systems.
management architecture against sensor-node fabrication attacks,” in
IEEE Global Telecommun. Conf., 2007, pp. 166–171.
[17] A. Agah and S. Das, “Preventing DoS attacks in wireless sensor net- Min Chen (SM’09) received the Ph.D. degree in
works: A repeated game theory approach,” Int. J. Network Security, electrical engineering from South China University
vol. 5, no. 2, pp. 145–153, 2007. of Technology, China, in 2004.
[18] B. Parno, A. Perrig, and V. Gligor, “Distributed detection of node repli- He was a Postdoctoral Fellow at SNU and in the
cation attacks in sensor networks,” in Proc. IEEE Symp. Security Pri- Department of Electrical and Computer Engineering
vacy, 2005, pp. 49–63. at UBC. He is currently an Assistant Professor in
[19] C. Karlof and D. Wagner, “Secure routing in wireless sensor networks: the School of Computer Science and Engineering
Attacks and countermeasure,” Ad-Hoc Network, vol. 1, no. 2, pp. at Seoul National University (SNU), Korea. He has
293–315, 2007. published more than 120 technical papers.
[20] H. Chan, A. Perrig, and D. Song, “Secure hierarchical in-network ag- Dr. Chen received the Best Paper Runner-up
gregation in sensor networks,” in Proc. ACM Conf. Comput. Commun. Award from QShine 2008. He serves as Editor or
Security, 2006, pp. 1–10. Associate Editor for several journals. He was a TPC co-chair for several
[21] J. Lach, D. Evans, J. McCune, J. Brandon, and L. Hu, “Power-effi- conferences.
cient adaptable wireless sensor networks,” in Proc. Int. Conf. Military
Aerosp. Programmable Logic Devices, 2003, pp. 1–8.
[22] C. C. Chang, D. J. Nagel, and S. Muftic, “Balancing security and energy Jian-Wei Niu received the B.S. degree in informa-
consumption in wireless sensor networks,” Lecture Notes in Computer tion science from Zhengzhou Institution of Aeronau-
Science, vol. 4864, pp. 469–480, 2007. tical Industry Management, Zhengzhou, China, and
[23] G. D. Meulenaer, F. Gosset, F.-X. Standaert, and O. Pereira, “On the the M.S. and Ph.D. degrees in computer application
energy cost of communication and cryptography in wireless sensor from Beihang University, Beijing, China in 1998 and
networks,” in IEEE Int. Conf. Wireless Mobile Comput., Networking, 2002, respectively.
Commun., 2008, pp. 580–585. He is now an Associate Professor at Beihang
[24] V. Gupta, M. Millard, S. Fung, Y. Zhu, N. Gura, H. Eberle, and S. C. University. His current research interests include
Shantz, “Performance assessment of a class of cross-layer optimized embedded and mobile computing.
protocols for geographic routing in WSNs,” in Proc. IEEE Int. Symp.
Personal, Indoor, Mobile Radio Commun., 2008, pp. 1–5.
[25] M. Passing and F. Dressler, “Experimental performance evaluation of
cryptographic algorithms on sensor nodes,” in Proc. IEEE Int. Conf. Lei Zhang received M.S. and Ph.D. degrees in com-
Mobile Adhoc Sensor Syst., 2006, pp. 882–887. puter science from the University of Electronic Sci-
[26] A. J. Menezes, V. O. Scott, and A. Vanstone, Handbook of Applied ence and Technology of China.
Cryptography. Boca Raton, FL: CRC, 2006. He was awarded a fellowship from the China
[27] V. Alfred, R. Sethi, and J. D. Ullman, Compilers: Principles, Tech- Scholarship Council to conduct research at Uni-
niques, and Tools, 2 ed. Reading, MA: Pearson/Addison-Wesley, versity of Texas, Dallas, as a Visiting Scholar. His
2007. research interests include embedded systems, com-
[28] J. Grossschadl, S. Tillich, C. Rechberger, M. Hofmann, and M. piler optimization, and hardware/software codesign.
Medwed, “Energy evaluation of software implementations of block
ciphers under memory constraints,” in Proc. IEEE/ACM DATE, 2007,
pp. 1–6.

Meikang Qiu (SM’07) received the B.E. and M.E.

degrees from Shanghai Jiao Tong University, China.
He received the M.S. and Ph.D. degrees in computer
science from the University of Texas, Dallas, in 2003
and 2007, respectively.
He has worked at Chinese Helicopter R&D Insti-
tute and IBM. Currently, he is an Assistant Professor
of ECE at the University of Kentucky, Lexington. He
has published more than 120 peer reviewed papers,
including 40 journal papers. He also published 3
books and held 2 patents. His research interests
include embedded systems, computer security, and wireless sensor networks.

Authorized licensed use limited to: University of Delhi. Downloaded on November 22,2024 at 10:09:07 UTC from IEEE Xplore. Restrictions apply.