Question

I need some sort of a protection for my device data being transmitted to the cloud server using an MQTT broker. And, because I've been using STM32 for my IoT devices, TLS does not seem like a good option due to the limited ROM of about 60K on the STM32 board. Also, I'm depending on GPRS for communication, which doesn't support TLS either. Now, I've been considering using IPSec for my transport layer security as having only AES is just not enough.

Can someone please guide me on the following set of questions so that I can effectively have secure transactions?

• Can I use TLS in this environment with limited ROM?
• Can IPSec be used for such IoT environments?
• If IPSec works, will just AES and IPSec be sufficient or will I still need to consider other security options?

Answer 1

TBH, IPSec endpoints are really uncommon. And, since it's a tunneling technology, you'll be needing two tunnel endpoints; one on your IoT device and the other in your cloud server where you'll be sending the data.

Hence, I'd recommend you go with TLS. Now, I'm not entirely sure how much ROM a TLS implementation would need, but you should be able to decrease the size by compiling the TLS library yourself. TLS libraries are generally large because they support 4 SSL/TLS versions and dozens of ciphers. So, if you disable all the unused modes (SSL, TLSv1, TLSv1.1) and ciphers that your cloud service supports, and just keep TLSv1.2 along with one or two ciphers, you should be able to solve your limited ROM problem by adapting them in your TLS library accordingly.