Towards quantifying the cost of a secure IoT: Overhead and energy consumption of ECC signatures on an ARM-based device

Abstract

In this paper, we document the overhead in terms of runtime, firmware size, communication and energy consumption for Elliptic Curve Cryptography (ECC) signatures of modern ARM-based constrained devices. The experiments we have undertaken show that the cryptographic capabilities of the investigated Zolertia Re-Mote based on a TI's CC2538 chipset running Contiki OS is indeed suitable for the Internet-of-Things (IoT): Computing a signature using a curve with a 192-bit key length adds an additional runtime of roughly 200 ms. However, we found that in comparison to sending an unsigned message approximately two-thirds of the runtime overhead is spent on cryptographic operations, while sending the signed message accounts for the remainder. We give real measurements which can be used as a basis for analytical models. Our measurements show that the saving gained by using curves with lower security levels (i. e., 160-bit key length) is not worth the sacrifice in protection. While signatures add non-negligible overhead, we still think that the additional 200 ms (signing with secp192r) is worth consideration. This paper gives an indication of the true costs of cryptographically protected message integrity which is greater or equal to the cost of encryption. We show what needs to be spent in order to verify the origin of the data in the application, since in the IoT it will have travelled through many `things'.