Energy Consumption of Cryptographic Algorithms in Mobile Devices

1 Abstract —Modern business information technologies, such as Cloud computing and Bring Your Own Device (BYOD) raise new requirements for end node security. Cryptographic algorithms must be used to ensure security of business data and communications. However, data encryption decreases battery lifetime on mobile devices such as smartphones or tablet PCs. In this paper, we provide an analysis of energy consumption characteristics of cryptographic algorithms from Bouncy Castle Crypto API. We propose a cryptography-oriented energy-security trade-off model and use it to evaluate energy-efficiency of cryptographic algorithms.


I. INTRODUCTION
Revolutionary growth of hardware capabilities combined with increasingly small size and low weight brings many opportunities for using mobile devices, such as smart phones, laptops, and tablet PCs, for business and entertainment at home, in airport, at office, i.e., everywhere and everywhen.Modern business information technologies such as Cloud computing [1] and Bring Your Own Device (BYOD) [2] gives a new way for companies to do business not only in a mobile manner, but also using employee's own devices.BYOD describes a novel business trend of using the employee-owned devices in the workplace.It is part of the broader phenomenon of the dual use of personal devices and software of employees for private and professional purposes within commercial enterprises.
However, security of confidential business information is a matter of concern.Companies and their employees must have assurance that information, which is being downloaded and saved on a mobile device, will be accessed only by an authorized user.This requires securing of both data storage and communication and on mobile devices regardless of how the users access information [3].The main issue which sill restricts long term usability of mobile devices is battery lifetime because mobile devices are not always connected to a stationary power supply, but are supplied from batteries, and the portability requirement imposes constraints on the size and weight of batteries.Battery technologies are no experiencing such technological progress as semiconductor and wireless communication technologies do.Battery capacity is therefore the main challenge to evolution of modern mobile systems and applications.
Furthermore, a user may install and use many additional applications.Every continuously working application drains power from the mobile device's battery.As a consequence, for new smart phones the average battery life is usually less than two days [4], and for used smart phones it is even shorter.As a response, 80 % of mobile phone users take measures to increase their battery lifetime [5].
Traditional cryptography protocols require significant energy to process and transmit data.To prolong battery lifetime, a mobile device should use the minimum energy level possible while at the same time ensuring the acceptable level of security.Considering limited energy budget of mobile devices, security each algorithm achieves has to be modelled as a function of its energy consumption [6].
Therefore, two issues -security and energy consumption -are most important for mobile end nodes.Extensive research exists on extending battery lifetime of mobile computing systems, understanding charging behaviour and battery indicators, customizing power-saving settings [5], predicting power consumption level [7].However, any energy management policy requires accurate prediction of energy consumption and battery lifetime, which is impossible without reliable energy measurement and estimation methods and tools.The prediction of the battery lifetime is possible only when the behaviour of the battery can be modelled reliably so that the users could decide themselves how to use the available battery time in a most effective and secure way.The analysis of the energy measurement methodologies has been presented in [8].
In this paper we investigate the influence of the cryptographic algorithms workload on the battery lifetime.We analyse main classes of cryptographic algorithms, propose the empirical cryptography-oriented energy-security trade-off model and present the experimental results.

II. ENERGY-SECURITY TRADE-OFF MODEL
The task is to identify dependencies between cryptographic algorithms energy consumption, key size and performance trade-offs on one hand, and user used cryptography scenarios on the other hand.A trade-off is a relationship between two aspects of system's quality parameters.
A key issue here to be addressed is to find the right tradeoff between energy consumption and the required security performance, i.e., how should the processes in the mobile device be organized such that the battery lifetime (which determines the system lifetime) will be as high as possible while the security characteristics are maintained [9].In this paper, we consider a trade-off between security strength and energy consumption in mobile devices.
The energy-security trade-off is a utility function U that defines a relationship between energy metric E and security metric S as a weighted sum of objective functions, which is similar to the performance-security trade-off function proposed in [10] as follows max (1 ) , where w is a weighting factor representing user preference on energy and security, respectively.The energy and security metrics allow to calculate how much protection a security mechanism (cryptographic algorithm) can provide and how much battery capacity (lifetime) will be reduced by using given security mechanism.
Given the same security strength and energy constraint, the key factor is the selection of the cryptographic algorithm that satisfies both energy and security constrains.
Given the energy-security trade-off function, the best security parameters can be calculated according to the system requirements to achieve the best trade-off between energy consumption and security strength.
With the defined energy metric E and security metric S , the system requirements can be formulated quantitatively.However, both metrics are related, because a more secure cryptographic algorithm usually requires more computations, which in turn leads to higher energy consumption.
Evaluation of security of cryptographic algorithm is a complex problem, because security usually means ability to withstand an attack, which is difficult to evaluate.In practice, key size in bits can be used as approximate measure of security strength, number of rounds, the size of the modulus, the size of crypto-block, the speed-of-thediffusion/confusion (how fast all bits get affected, are they all equally affected, etc.), the side-channel information the ciphers provide (trapdoor, rainbow-tables), robustness to errors, number of collisions (in birthday attack), etc. are important, too.
We assume that key size k, message length m and battery capacity drain ΔC for a cryptography algorithm are related as follows where a and b are free coefficients, and  is measurement error (noise).
Assuming that the impact of error  is negligible for a cryptography application, we can derive the following model .
Given different key sizes for each cryptography algorithm we formulate the problem of finding the characteristic value of free coefficient b as an optimization problem as follows min , where RSD is relative standard deviation (standard deviation divided by mean value), and K is a set of key sizes.We can calculate the characteristic value of a for a given cryptographic algorithm as follows .
Then for any available energy budget value budget C we can calculate a key size of a cryptographic algorithm, which can be used to encode a message within energy constraints as follows 1 .
As key size is usually defined in terms of power values of 2, we rewrite (6) as follows

b char budget
We claim that ( 7) can be used as energy-security trade-off model to calculate available values of security parameters (i.e., key size) of cryptographic applications within available energy budget.
However, reliability of such model depends upon model of battery capacity measurement, which is considered next.

III. MODEL OF BATTERY CAPACITY MEASUREMENT
Many different battery lifetime models (such as electrochemical, electrical circuit, analytical, kinetic, diffusion, stochastic) have been proposed (see, e.g., [3], [9]).Most of these models have been developed for use in variety areas.
The state of the battery capacity used C is a timedependent function and at any given time can be described by (8) , where tstart C is the battery capacity measured at the beginning of the measurement experiment, tend C is the battery capacity measured at the end of the measurement experiment, and used C is the drain of battery capacity charge used during the experiment.
In practice, the state of the battery is influenced by many factors, therefore, the battery charge values are measured at several consecutive time intervals as described by (9) 0 0 ( ), where t C  is the drain of battery charge, and t  is time interval of capacity measurement points.
Our battery lifetime model is based on the following assumptions: 1. Battery capacity is measured at an application level; 2. First measurement is a starting point for evaluation given cryptographic algorithm; 3. t  is equal to 1 second; 4. Measurements can be stopped when the battery capacity drain is less than 50 % of capacity measured at starting point.

IV. CASE STUDY AND EXPERIMENTAL RESULTS
The experiments were performed on DELL Latitude D420 laptop PC running Microsoft Windows OS on Intel® Core Duo Yonah 1.20 GHz CPU, 1 GB DDR2-266 SDRAM, Mobile Intel® 945 GM Express Chipset.
We have used the Lena.bmp benchmark image (resolution 512 × 512), which is encrypted with a cryptographic algorithm.During measurements, we registered battery charge level and capacity in mAh every 1 s starting from the charged battery.We have adopted the measurement methodology already described in [8].
The results of measurements are presented graphically in Fig. 1-Fig.4.
Figure 1 shows average battery capacity drain in mAh per message MB for symmetric cryptography algorithms.Figure 2 shows the same for asymmetric cryptography algorithms.
Figure 3 shows comparison of symmetric cryptographic algorithms by energy required to encode 1 MB of data, while Fig. 4 shows the same for asymmetric algorithms.V. EVALUATION Experimental results (Fig. 4, Fig. 5) show that RSA and DSA are most energy-efficient symmetric cryptographic algorithms, while AES and Camelia are most energy efficient asymmetric algorithms of the analysed ones.The results correspond well to the study reported in [11].
We use the experimental results to evaluate the energysecurity trade-off model proposed in Section III.The calculated characteristic model values ( 4) are presented in Table I for symmetric cryptography algorithms and in Table II for asymmetric cryptography algorithms.
Our experimental results correspond well to the results presented in [12].The energy cost of asymmetric algorithms is very much dependent on the key size (the value of the key size exponent parameter value 1 char b  ), while that of symmetric algorithms is not affected to the same extent by the key size ( 1 char b  ).The reason is that only a part of a symmetric algorithm, i.e., key set-up (key expansion) depends upon key size.Therefore, as requirements for security strength increase, asymmetric cryptography algorithms become more energy-hungry than symmetric algorithms (also noted in [11], [12]).Finally, we also can use the proposed model to calculate the value of the security parameter (i.e., key size) of the cryptography application given the available energy budget of the mobile device (7).VI.CONCLUSIONS 1.We have proposed the theoretical energy-security trade-off model for describing relationship between energy consumption and security strength of crypto algorithms.
2. We have performed analysis and experimental research of energy consumption of symmetric and asymmetric cryptography algorithms.
3. We have validated the theoretical energy-security trade-off model with our experimental data.The results show that the energy consumption of asymmetric algorithms is very much dependent on the key size of the algorithm, while energy consumption of symmetric algorithms is not affected to the same extent by the key size.This conclusion is confirmed by the results of other authors [12], [11].
4. The results of the paper can be used by other researchers to evaluate energy-efficiency of designed network and data security protocols and applications.
Manuscript received January 5, 2014; accepted March 12, 2014.The work described in this paper has been carried out within the framework the Operational Programme for the Development of Human Resources 2007-2013 of Lithuania "Strengthening of capacities of researchers and scientists" project VP1-3.1-ŠMM-08-K-01-018"Research and development of Internet technologies and their infrastructure for smart environments of things and services" (2012-2015), funded by the European Social Fund (ESF).