Security IoT TLS Handshake Sample

So how’s IoT security being addressed? IoT is spinning off a host of developments in network and communication protocols, designed to make internet traffic easier and less risky. Since IoT functions on a number of low power devices, security threats must be identified, addressed and mitigated by using secure communication and data transfer protocols.

IOT devices must be lightweight and hence emerging transfer protocols such as MQTT and CoAP are replacing the traditional HTTP protocol. However, these are just data transfer protocols, which were written without considering network security.

According to a research paper on “TLS and Energy Consumption on a Mobile Device” (Miranda, Pedro et al), secure communications are achieved by employing security protocols, which are based on cryptographic algorithms.

Secure connection (the “https” in your web address) is typically established by using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol. TLS is based on SSL, which is used to communicate between the client and the server.

TLS is popularly used for communication between clients/servers over the internet and is used by default for safe transmission between devices. It uses asymmetric and symmetric encryption algorithms to provide data secrecy and integrity.

How is TLS implemented? It is typically implemented directly on top of transport layer enabling the other application protocols (HTTP, SMTP etc) to function seamlessly.

Let’s take a look at what the TLS protocol involves:

• Encryption: Provides strong encryption methods that make it impossible for eavesdroppers to see the transfer.
• Authentication: Provides authentication methods to accurately verify the veracity and identity of the devices by using public key cryptography algorithms such as RSA and Elliptic Curve Cryptography (ECC).
• Integrity: Prevents any modification or hacking of communication messages by passing them through hash operations such as SHA.

TLS Protocol: A Sneak Peek into Cryptography

Now that we have established that TLS is key to IoT security, let’s deep dive into what TLS is and how it helps transform device/network security.

TLS basically involves 2 main phases:

• TLS handshake phase
• TLS record phase or stream encryption

TLS Handshake: When a client establishes a secure connection to a server, a SSL/TLS handshake is first performed, akin to a “client hello” message. This authenticates each client/server or device/server connection by using cryptography keys to encrypt/decrypt data during the exchange. At each step of the handshake process, security is ensured by using private key storage, random number generation, and standard encryption algorithms, such as RSA/ECC.

TLS Record Phase: In this step, client/servers or device/servers use the random number generated in the handshake process to calculate a “master secret or private key” for data exchange. Once the private key is generated, messages can be transmitted between devices securely through encryption.

TLS: Is Everything Hunky Dory?

TLS protocol, despite its advantages is not lightweight since it adds extra processes for each session. And, device memory is limited in IoT while certificates can be large files. Also, IoT devices run on low power chips and may need to conserve battery.

Since TLS algorithms are provided in “cipher suites” which determine how the keys are used, such as RSA, or what ciphers are used such as AES, CBC, or how data integrity is achieved (for example, SHA).

The cipher suites consist of:

• TLS protocol version: TLS v1.2, TLS v1.3
• Key exchange method: RSA, DHE
• Secret cipher method: AES128, AES256-GCMDigest method
• Digest method: SHA256, SHA384

All these processes involve high energy consumption; specially the RSA or ECC operations are time and power consuming on low resource devices. According to a 2011 study of the energy consumed by mobile devices using TLS, “SSL/TLS overhead is significant for very small transactions of less than 10KB, with transactions larger than 500KB, the energy required to transmit the actual data clearly outranks the TLS energy overhead.”

According to Miranda, Pedro et al, the energy consumed can be divided into cryptographic and non-cryptographic segments. The handshake process itself, therefore affects network performance and can be limited by the speed of underlying cryptography. Cryptography is heavily reliant on CPU, specifically for big number calculations (for example, RSA). RSA key encryption may require double effort than ECC key encryption.

There are different versions of TLS that can be considered for IoT. While TLS 1.2 was heavier during the handshake phase, TLS 1.3 eliminates the round trip, which makes it significantly lighter and more suited for IoT security.

TLS 1.3 is still actively being developed and will introduce a new handshake process which will enable additional layer of encryption. This will significantly boost performance while remaining lightweight in nature.

SoC and TLS: A Handshake That’s Worth Looking Into

Is TLS 1.3 alone enough to increase efficiency? Or, is there another option? Yes. Another option of using a more cost-effective and energy efficient solution would be to integrate SSL/TLS with system on chip (SoC). Typical SoC is literally a powerhouse of electronic circuits, processors, memory, sensors and so on, embedded in a single IC chip which makes it an efficient solution for IoT. These SoC designs use cryptographic accelerators to boost performance of TLS and make it more energy efficient. This frees up CPU resources which is used heavily by cryptographic methods thus making the record phase of TLS handshake less complex.

By integrating TLS handshake into your SoC, you can dramatically increase the throughput capability with a dedicated hardware implementation to encrypt/decrypt data. Dedicated hardware acceleration, can therefore boost system performance.

TLS Solution Market and Challenges

Several challenges are faced by IoT developers when handling low power devices using SSL/TLS and integrating public key infrastructure (PKI), as they consume more energy and are too expensive. The developers are looking to address these concerns by working on lightweight solutions.

At present, there are several lightweight solutions of the TLS protocol to address the issues of low-powered IoT devices. For example, TLS Toolkit, an open source tool can be configured to code footprint of only 66KB. wolfSSL is another open source tool with a minimum footprint size of 20-100 KB and runtime memory usage of 1-36 KB.

Major players in this space include Cisco, IBM, Symantec, McAfee among others.

How Our Solution Scores in the Market

Our low cost solution integrates a lightweight TLS with your SoC to support asymmetric algorithms, which enables the TLS handshake to be achieved in few tens or hundreds of milliseconds. Our PKI offers 20 KB footprint which enables a gain of xxxx.