In this paper, we report the results of a com- prehensive study of the security level versus the execution performance(andresourcerequirements)forhardwareimple- mentations of small elliptic curves, particularly targeted for lightweightapplications,suchasRFIDtagsandsensornodes. The case study was performed for small elliptic curves (41-163 bits) over GF(2 m ), where finite field elements are represented using polynomial and Gaussian normal bases. The idea behind using elliptic curves in this range is that we obtain small implementations suitable for the men- tioned applications, however, this would be at the cost of less security since the Elliptic Curve Discrete Loga- rithm Problem (ECDLP) would be easier to break, i.e., would require fewer resources and less time for such small curves. Therefore, one must investigate both sides of the coin: first, hardware resources to implement such ellip- tic curves and the resulting total execution time for a single point multiplication; second, hardware resources to break such a curve and the resulting cost in terms of a defined metric, such as the total amount devices or dol- lars to solve the ECDLP in a given time duration. Fol- lowing this reasoning, we studied the hardware (FPGA) The research described in this paper was conducted while the V. Trujillo-Olaya was visiting UCSB by a grant of Colciencias. implementations of small elliptic curves and determined the amount of resources (number of ALUTs, MEMs, REGs, the duration of clock, the total number of clock cycles and thetotalexecutiontime)neededforasinglepointmultiplica- tion operation. We also studied the security level of each one of these curves, based on an attack model an associated cost metric. Under our proposed attack model, which we believe is very innovative; we considered three different platforms, namely PC, FPGA, and cloud computing. Due to the com- plexity of Cloud Computing configurations, we considered twodifferentperformanceinstances,namely,small(lowbud- get) and high performance (relatively high budget). We then calculated the amount of resources and the total amount of dollars needed to solve each particular ECDLP, under dif- ferent assumptions. We believe the results of our study will allowdesignerstoselecttheappropriatecurveforeachappli- cation and the device, based on the perceived (or real) threat models that device is operating and the performance require- ments of the elliptic curve protocol, such as ECDH, ECDH, or ECIES.