Increase Throughput of CCM Security Mode Using MKP

A security protocol is used to ensure the messages transferred over a network free from attack. The CCM security operation mode adopts CTR, and CBC-MAC schemes to implement message ciphering and authentication respectively. There are two limitations of CCM including the secret key which should refresh for each 264 blocks in CTR mode and the authentication operation of CBC-MAC works in sequential fashion on multi-processor system. In this paper, we have proved that the Multiple Key Protocol (MKP) can be used within CTR mode to increase the size of the transferred message. Also, we have showed that the DMAC algorithm is able to decrease the time of authentication operation on multi-processing units system.


Introduction
Recently, there are many security systems adopting the CCM [1] security operation mode to ensure that the messages are securely transmitted over the wireless networks.The Wireless Sensor Network (WSN) systems are utilizing the CCM mode in providing the security requirements.The Wi-Fi (802.11)[2], LR-WPAN, and IP-Sec's are using the CCM mode for ciphering and authenticating the data [3].The IEEE 802.15.4 [4], which is the basic for many wireless applications, such as, Zig Bee technology [5], 6LoWPAN and WirelessHart, is adopting the CCM security mode to provide its security suite.The IEEE 802.15.4 security suite includes the message authentication, message encryption, replay resistance, and freshness.
The CCM security operation mode includes Counter (CTR) [6] mode for encryption and Cipher Block Chaining Message Authentication Code (CBC-MAC) [7] for authentication.The size of the message in CCM mode is limited to the number of keys [3].The authentication operation is conducted in sequential fashion, which means that the increasing of processing units in a system does not improve the authentication operation.
The hypotheses of the research are the Multiple Key Protocol (MKP) [8] increasing the size of the transmitted message over the network, and the DMAC [9] algorithm decreasing the authentication operation time.The message size and authentication time improvement lead to increase of the maximum authentication throughput.
The original CCM security operations mode has two major disadvantages.The first one is that CTR, which is used for message encryption in CCM, can only be used for transmitting a short message.The other one is that CBC-MAC in CCM, which is used for authentication, is performed in a sequential way and thus it could not take full use of a multi-processor system.The main idea of the paper is parallel encryption.More precisely, the message is divided into several sub-messages, and each sub-message is further encrypted with its own secret key independently.Thus, a long message can be processed in parallel and a multi-processor system can deal with it efficiently.
It seems that if we divide the message into several pieces and then apply the original CCM method to each piece independently, we may obtain the same advantages as those of the proposition.The difference between the original scheme and the proposed scheme is that in the original scheme, the secret keys must be transferred through the network; however, in the proposed scheme, the secret keys are generated by MKP protocol.

CCM Security Operation Mode
The CCM security mode implements two security operations that are consist of the message ciphering and the message authentication.This security mode adopts two security schemes such as the Counter (CTR) to conduct the ciphering operation and the Cipher Block Chaining Message Authentication Code (CBC-MAC) to conduct the authentication operation.Besides, the CBC-MAC is a security operation mode that authenticates a message within the wireless media.The CTR mode is a security operation mode that is used for message encryption.Both of CBC-MAC and the CTR are integrated in building a CCM mode as illustrated in Figure 1.
There are two important parameters that used in implementing the CCM mode of security in the wireless network.The two parameters are L and M, where L is belong to {2, 3, 4, 5, 6, 7, 8} and M is belong to {4, 6, 8, 10, 12, 14, 16}.The parameter of L is stand for the size of a message length field (message size (l (m)) is < 2 8*L bytes).The parameter of M is stand for the size of a message authentication code (tag length = (8*M) bits).The parameter L is coded as L -1, and the M is coded as (M -2)/2.

Message Ciphering
The CTR mode is used for the ciphering operation of CCM mode.The CCM adopts one of the block cipher methods for data ciphering such as Data Encryption Standard (DES) [10], International Data Encryption Algorithm (IDEA) [11], RC5 [12], blowfish [13], and AES [14].Most of the network security systems employ the AES block cipher algorithm for data ciphering because the block cipher algorithm is faster than the stream cipher algorithm for encrypting and decrypting operations [15].A sequence of blocks consists of S 1 S 2 ⋅⋅⋅ S i is generated by Equation (1).The block of (A i ) is structured as illustrated in Figure 2(a).In more details, in the flag octet, the bits from 0 to 2 are assigned for L and the bits from 3 to 7 are set to zero as illustrated in Figure 2 B i : plaintext block h: number of plaintext blocks S i : block computed from A i

Message Authentication
The CBC-MAC algorithm implements the authentication operation for the CCM mode.The blocks B 1 , B 2 ⋅⋅⋅ B h are generated from breaking the message into h equal size blocks, which are the input to CBC-MAC.The last block may be padded with zeros.The block B 0 is structured as illustrated in Figure 3(a).Furthermore, the first octet is assigned for the flags, where (15 -L) octets are assigned for nonce, and (L) octets are assigned to store the message length (l (m)).The octet of flags includes (L) and (M) parameters in the first six bits (each parame-  ter coded in three bits).The Adata bit is set to one when the additional authentication data is enabled else it is set to zero, and the last bit is reserved for future use that is set to zero as illustrated in Figure 3(b).Moreover, the temporary block of X 1 is computed by ciphering the block B 0 as computed in Equation ( 3).The authentication code for a message is computed by the Equation (4) and Equation ( 5).Furthermore, each block of B i is a plaintext that can be XOR with its partner temporary block X i , and then the output is ciphered with a block cipher algorithm to produce a new temporary block X i+1 , until it receives the last block X h+1 .The authentication code length could be 128, 64, and 32-bit that is generated from X h+1 .
( ) E: block cipher algorithm k: secret key

Multiple Key Protocol
The Multiple Key Protocol (MKP) is used within the block cipher algorithm.It provides multiple secret keys for a block cipher algorithm.It adopts a public key algorithm to generate a sequence of secret keys such as Elliptic Curve Cryptosystem (ECC) [16]- [18].The MKP adopts the ECC public key system to generate the secret keys since it requires for the less computational power, memory, and communication bandwidth compared to the other traditional public key crypto-algorithms [19].The security feature of the node does not enquire to exchange all the secret keys with other connected nodes.With regards to thus, only two initial parameters may be exchanged.Moreover, MKP may generate a sequence of secret keys according to the desired level of security.The two communicated nodes agree about the number of secret keys.The key generation operation computes two lists of parameters including (r 1 r 2 ⋅⋅⋅ r n and k 1 k 2 ⋅⋅⋅ k n ) from the two initial parameters (r 0 and k 0 ) as shown in Equation ( 6) and Equation (7).Each secret key (K i ) is produced by XOR two parameters, as computed in Equation (8), and it is illustrated in Figure 4.
PKC: public key ciphering n: number of secret keys [ ] The MKP protocol breaks the message into n groups of blocks as pointed in Equations ( 9) and (10).The number of groups must equivalent to the number of secret keys.The last the group is not necessary to be equal to the other groups.The secret keys are assigned to the created groups of blocks as illustrated in Figure 5.The key that belongs to the created group is used for ciphering and authenticating the blocks of that group.

[ ]
G: group (set) of blocks B: block of bytes n: number of groups m: number of blocks per group In the encryption operation, the CCM uses CTR mode in which the counter value starts from zero and incremented by one for each block of the message.The maximum message size should not exceeding 2 61 blocks in IEEE 802.15.4 standard, which adopts CCM security mode [20].However, the MKP protocol breaks the mes-  sage into n groups, where each group has its own counter that equivalent to the CTR counter.The MKP protocol improves the message size about n times.Each group is ciphered by its own secret key.
The level of security refers to the number of secret keys and to the number of sub-messages in the encryption system.In addition, the number of secret keys should equal to the number of sub-messages.

Distributed Message Authentication Code
The CCM mode derives the authentication operation by CBC-MAC algorithm that is work in a sequential fashion.Furthermore, the increasing of the processing units in the system does not improve the authentication operation performance [3].However, the Distributed Message Authentication Code (DMAC) algorithm authenticates a message in a parallel fashion.The DMAC improves the authentication time of a message on a multiple processing units system.It distributes the groups of blocks over computing devices.The number of group is computed using MKP protocol, where the number of groups must be equivalent to the number of secret keys.
Moreover, the MKP provides multiple secret keys, where each key is used to authenticate a single group of blocks (sub-message), and the output is XOR with authentication code of other group.MKP supports the possibility of parallel authentication computations of groups.Since all the blocks of a group are authenticated in a sequential fashion, then the authentication code of an individual group is computed in a single processing unit.The authentication of each sub-message is computed independently, and the outputs from sub-messages authentication are XOR in producing the message authentication code as illustrated in Figure 6.
The DMAC algorithm improves the authentication operation performance according to the number of processing units and the number of sub-messages.The DMAC algorithm distributes the groups over available devices as following: 1.If number_of_groups ≤ number_of_devices then 2. Assign each device_i to group_i (where i = 1 to number_of_groups) 3. Else For each group_i 4. If i ≤ number_of_device then 5. Assign device_i to group_i 6. Else assign device_j to group_i (where j = i -number_of_devices) The DMAC algorithm assigns the groups to a number processing units according to their sequence.When the system has enough free processing units, it assigns each unit to its partner group; otherwise, the groups are assigned in a circular fashion when the number of processing units is less than the number of groups.Two states in the number of processing units (p) versus the number of groups (n) are considered.The first state (p ≥ n), in which the number of units is greater than or equal to the number of groups.The second state (m < n) shows which the number of units is less than the number of groups.

Mathematical Measurement
This section provides the mathematical model that increases the message size, decreases the authentication operation performance, and increases the authentication operation throughput.

Message Size
Let Z be a function to compute the size of a message as pointed in Equation (11).For MKP protocol, the number of secret keys is greater than 1, so that the function Z is computed in the new equation.When the MKP protocol is involved in CCM mode, the function Z has two variables, which are the number of secret keys (k) and the pa- rameter L as shown in Equation (12).
k: number of secret keys Furthermore, the Equation ( 11) does not include the (k) value that indicates the number of secret keys computed in the function Z may not influence the size of a message.However, the Equation ( 12) uses a variable (k) to compute the function Z that means the size of a message is influenced by the number of secret keys.The MKP protocol improves the size of the transferred message in CCM security mode.Moreover, the increasing of the number of secret keys increases the number of sub-messages that are transferred in the network.
Since the variable L has a specific range of values, then the term (2 8L ) is set as a constant value (α) as shown in Equation (13).Furthermore, the function Z is a linear function that is based on (k) variable (number of secret key).

Authentication Operation Time
The authentication time is based on the throughput of the processing unit, where the CPU throughput is the number of processed blocks per a unit of time as shown in Equation ( 14).Furthermore, the authentication time is computed by dividing the size of authenticated data over the CPU throughput that can be seen in Equation (15).

Size of Processed Data CPU Throughput
Total Time = Size of Authenticated Data Authentication Time CPU Throughput = Let T be a function to compute the authentication time for a blocks of data, where the number of blocks is (h) as denoted by Equation ( 16).The authentication time for single block (H) is generated according to Equation (15).

( )
h: number of blocks (h ≥ 1) H: authentication time for one block In the CCM security mode, the authentication operation is implemented in a sequential mode regardless the number of processing unit.However, the DMAC algorithm exploits the available processing units to authenticate the data blocks in a parallel fashion as illustrated in Figure 7. Furthermore, the data are divided into (n) groups as derived in Equation ( 9) and the number of processing units is (P).
The function T for DMAC algorithm is calculated as shown in Equation (17), where it includes two states based on the relationship between the number of blocks and the number of processing units in a system.

H n p T n p H n div p n p n mod p H n div p n p n mod p
H: authentication time for one group of data n: number of groups p: number of processing units

Authentication Throughput
The message authentication throughput is the number of authenticated blocks per unit of time as derived in Equation (18).The maximum authentication throughput of CBC-MAC is the maximum message size per unit of time.The maximum size of the message in CCM mode is generated by the value of parameter L as shown in Equation (11).The maximum value for parameter L is 8.The authentication time is based on the CPU throughput as concluded from Equations ( 14)- (16).
TH: authentication throughput Z: message size T: time By doing the Equations of ( 11), (16), and ( 18), then the maximum authentication throughput of CBC-MAC algorithm is computed as pointed in Equation (19).
α: maximum message size H: authentication time for one block h: number of blocks The maximum authentication throughput of DMAC algorithm is calculated by substitute Equations (13), and ( 17) into (18) as shown in Equation (20).Since the number of secret keys equivalents to the number of submessage, then the DMAC authentication throughput equation include only the number of secret keys variable.Then the Equation ( 20) is simplified into Equation ( k: number of secret keys p: number of processing units

Result and Discussion
This section discusses the results of the implementation of the mathematical models in measure the size of message, authentication operation time, and maximum authentication throughput.The two considered systems are the CCM, and the MKP-CCM modes.

Message Size
The message ciphering in CTR mode is based on the counter value, where the maximum value of the counter is 2 8L .Each counter value computes one block of cipher text.The value of the counter is set to zero in CTR mode of the network security system, and the secret key of the encryption operation should be refreshed to ensure that distinct cipher blocks are generated [21].
The message size per single secret key in the CCM security mode is computed in Equation ( 11).The incremental of the value of parameter L increases the size of the transferred message in CCM mode.However, the increasing of level of security does not increase the size of the message as illustrated in Figure 8(a).
However, the MKP protocol increase the size of the transferred message, since the level of security is increased, and the value of parameter L is increased.For any value of parameter L, the incremental of the level of security duplicated the size of the transferred message from previous level of security as illustrated in Figure 8(b).

Message Authentication Time
In a multi-processing computer system, the time of message authentication is based on the adopted authentication algorithm.The time of CBC-MAC algorithm is equivalent for a single and multi processing system since it works in a sequential fashion regardless of the number of processing units.Furthermore, the function of time (T) is increased linearly according to the incremental of message size as illustrated in Figure 9(a).
However, the time of DMAC algorithm is based on the number of processing units.Furthermore, the DMAC algorithm works in parallel by exploiting the available processing units to authenticate each sub-message independently.In the single processing unit system, the time is increased linearly according to the message size.In two processing unit system, the time is decreased 50% when the number of sub-messages is even, and it is decreased about 34%, 40%, 43%, and 45% when the number of sub-messages is 3, 5, 7, and 9 respectively.In three processing units system, the time is decreased about 50%, 67%, 60%, 57%, and 63% when the number of sub-messages is (2 and 4), (3, 6 and 9), (5 and 10), 7, and 8 respectively.In four processing units system, the time is decreased about 50%, 67%, 75%, 60%, 71%, and 70% when the number of sub-messages is 2, (3, 6 and 9), (4 and 8), 5, 7, and 10 respectively.In five processing system, the time is decreased about 50%, 67%, 75%, 80%, 71%, and 78% when the number of sub-messages is 2, (3 and 6), (4 and 8), (5 and 10), 7, and 9 respectively as illustrated in Figure 9(b).
Furthermore, the authentication time of DMAC algorithm on the single processor system is equivalent to the time of CBC-MAC algorithm.The increasing of processing units by one unit leads to decrease the time of authentication of DMAC 50% when the number of sub-messages is even.The incremental of processing units to three decreases the time of authentication 67% when the number of sub-messages is 3, 6, and 9.In four processing units system, DMAC decreases the time of authentication 75% when the number of sub-messages is 4 and 8.In five processing units system, DMAC decreases the time of authentication 80% when the number of sub-messages is 5 and 10.In conclusion, best authentication time decreasing of DMAC when the number of groups is divisible by the number of processing time.

Maximum Authentication Throughput
The maximum authentication throughput of CBC-MAC algorithm is equivalent for a single and multi processing units systems, since it works in a sequential fashion.The incremental of the number of secret keys does not influence the authentication throughput of CBC-MAC algorithm as illustrated in Figure 10(a).Moreover, in a single processing system, the maximum authentication throughput of CBC-MAC is equivalent to DMAC algorithm in any level of security.In multi processing units system, the maximum authentication throughput of CBC-MAC is equivalent to DMAC algorithm in the first level of security.
However, since the maximum size of the message of the MKP is based on the number of the secret keys and the authentication time of the message by the DMAC algorithm is based on the number of secret keys and the number of processing units, then the number of secret keys and the number of processing units influences the  maximum authentication throughput of DMAC algorithm.
In more details, in the second level of security (two secret keys), the DMAC increases the maximum authentication throughput 100% for system with up to two processing units.In the third level of security (three secret keys), the DMAC increases the maximum authentication throughput 50% for system with two processing units and 200% for system with up to three processing units.In the fourth level of security (four secret keys), the DMAC increases the maximum authentication throughput 100% and 300% for system with (2 and 3) and (4 and 5) processing units correspondingly.In the fifth level of security (five secret keys), the DMAC increases the maximum authentication throughput 67%, 150%, and 400% for system with 2, (3 and 4), and 5 processing units relatively.In the sixth level of security (six secret keys), the DMAC increases the maximum authentication throughput 100% for system with two processing units and 200% for system with up to three processing units.In the seventh level of security (seven secret keys), the DMAC increases the maximum authentication throughput 75%, 133%, and 250% for system with 2, 3, and (4 and 5) processing units separately.In the eighth level of security (eight secret keys), the DMAC increases the maximum authentication throughput 100%, 167%, and 300% for system with 2, 3, and (4 and 5) processing units correspondingly.In the ninth level of security (nine secret keys), the DMAC increases the maximum authentication throughput 80%, 200%, and 350% for system with 2, (3 and 4), and 5 processing units separately.In the tenth level of security (ten secret keys), the DMAC improves the maximum authentication throughput 100%, 150%, 233%, and 400% for system with 2, 3, 4, and 5 processing units respectively, as illustrated in

Conclusions
The MKP protocol increases the message size of CCM security mode, since it provides multiple secret keys for ciphering blocks in CTR mode.The MKP supports the DMAC algorithm to authenticate a message in parallel fashion on multi-processing units system.The MKP breaks a message into a set of sub-messages (groups), and it assigns a distinct secret key to each group for authentication and ciphering independently.The level of security denotes the number of sub-messages and the number of secret keys.
The MKP increases the size of the transferred message in CCM mode.The size of the transferred messages is increased according to the level of security.The DMAC algorithm decreases the time of message authentication operation according to the level of security and the number of available processing units in the system.The relationship between the number of groups and the number of processing units evaluates the reduction of the time of authentication operation and they evaluate the incremental maximum authentication throughput on the multi-process units system.

Figure 2 .
Figure 2. Format of block (A i ) and flags of encryption in CCM [1].(a) Block format; (b) Flags.

Figure 7 .
Figure 7. Parallel data processing of DMAC algorithm.

Figure 8 .
Figure 8. Size of transferred message in CCM mode.(a) Without MKP; (b) With MKP.