Sizzle: A standards-based end-to-end security architecture for the embedded Internet

Abstract

According to popular perception, public-key cryptography is beyond the capabilities of highly constrained, “mote”-like, embedded devices. We show that elliptic curve cryptography not only makes public-key cryptography feasible on these devices, it allows one to create a complete secure web server stack that runs efficiently within very tight resource constraints. Our small-footprint HTTPS stack, nicknamed Sizzle, has been implemented on multiple generations of the Berkeley/Crossbow motes where it runs in less than 4 KB of RAM, completes a full SSL handshake in 1 s (session reuse takes 0.5 s) and transfers 1 KB of application data over SSL in 0.4 s. Sizzle is the world’s smallest secure web server and can be embedded inside home appliances, personal medical devices, etc., allowing them to be monitored and controlled remotely via a web browser without sacrificing end-to-end security.