🔐 TLS for Internet of Things — MSc Thesis

📝 Abstract

Transport Layer Security (TLS) is one of the most used communication security protocols in the world. Its main goal is to provide a secure communication channel with the security services of confidentiality, integrity, authentication, and Perfect Forward Secrecy (PFS). Each security service can be implemented by one of the multiple available algorithms. TLS was not designed for the constrained environment and is too computationally demanding for many Internet Of Things (IoT) devices. However, it is a malleable protocol and individual security services can be enabled and disabled on a per-connection basis. Foregoing a security service or using a cheaper algorithm to implement it reduces the utilized computational resources. The security properties of a connection are defined by a TLS configuration. Some of those configurations can be used with the resource-constrained IoT devices. Existing work focuses on Datagram TLS (DTLS) and is either tied to a specific protocol or requires the usage of a third-party entity. For this reason, it cannot be easily integrated with existing deployments. In this work, we performed a thorough evaluation of the TLS protocol and its security services. We present a framework that can be used by software developers and security professionals to select the cheapest TLS configuration for their environment’s needs and limitations. We evaluate the TLS implementation of the mbedTLS library using two cost metrics: the estimated number of CPU cycles, obtained with valgrind, and execution time, obtained with PAPI. In the end, we will show that the estimated values are close to the real ones.