Resource tradeoffs for TLS-secured MQTT-based IoT Management

Abstract

Transport Layer Security (TLS) is an established Internet security standard. TLS offers a variety of configuration options that affect resource consumption. For deployments of constrained devices in the Internet of Things (IoT), it is crucial to optimize TLS’s resource consumption.This study examines how the TLS cryptographic algorithms, so-called cipher suites, affect an MQTT application’s resource consumption. MQTT is a popular protocol for IoT. We construct a model application using the Mosquitto MQTT broker and client library. We measure the consumption of CPU cycles, memory, and network bandwidth with the IANA-recommended TLS 1.2 and TLS 1.3 cipher suites. We test and compare different variants for the key exchange, server authentication, client authentication, and symmetric encryption algorithms, as well as recommended elliptic curves for elliptic curve cryptography (ECC) algorithms. We identify ECDHE key exchange with the x25519 curve and mutual PSK authentication as the best handshake performance. Ed25519 provides the best performance among the certificate authentication options. The effect of choosing a faster symmetric cipher on CPU costs depends on message size. Changing symmetric ciphers does not affect the performance for 100 B messages, but more differences are observed for 10 kB messages. Overall, the findings show that resource consumption can be optimized by choosing the cipher suite and adjusting the length and rate of MQTT messages. Optimized resource consumption enables reliable management of MQTT-based IoT.