IoT security - TLS/IPSec with AES

0 votes

I need some sort of a protection for my device data being transmitted to the cloud server using an MQTT broker. And, because I've been using STM32 for my IoT devices, TLS does not seem like a good option due to the limited ROM of about 60K on the STM32 board. Also, I'm depending on GPRS for communication, which doesn't support TLS either. Now, I've been considering using IPSec for my transport layer security as having only AES is just not enough.

Can someone please guide me on the following set of questions so that I can effectively have secure transactions?

  • Can I use TLS in this environment with limited ROM?
  • Can IPSec be used for such IoT environments?
  • If IPSec works, will just AES and IPSec be sufficient or will I still need to consider other security options?

Oct 15, 2018 in IoT (Internet of Things) by Bharani
• 4,550 points
162 views

1 answer to this question.

0 votes
TBH, IPSec endpoints are really uncommon. And, since it's a tunneling technology, you'll be needing two tunnel endpoints; one on your IoT device and the other in your cloud server where you'll be sending the data.

Hence, I'd recommend you go with TLS. Now, I'm not entirely sure how much ROM a TLS implementation would need, but you should be able to decrease the size by compiling the TLS library yourself. TLS libraries are generally large because they support 4 SSL/TLS versions and dozens of ciphers. So, if you disable all the unused modes (SSL, TLSv1, TLSv1.1) and ciphers that your cloud service supports, and just keep TLSv1.2 along with one or two ciphers, you should be able to solve your limited ROM problem by adapting them in your TLS library accordingly.
answered Oct 15, 2018 by DataKing99
• 8,130 points

Related Questions In IoT (Internet of Things)

0 votes
1 answer
0 votes
1 answer

Display time in a Windows Core IoT app with a clock!

It is possible, but you should understand ...READ MORE

answered Jul 9, 2018 in IoT (Internet of Things) by nirvana
• 3,060 points
120 views
0 votes
1 answer

AWS IoT - Access shadow through .Net, REST, with certificate

If you want to publish and/or subscribe ...READ MORE

answered Jul 25, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
102 views
0 votes
1 answer

Displaying Table Schema using Power BI with Azure IoT Hub

Answering your first question, Event Hubs are ...READ MORE

answered Aug 1, 2018 in IoT (Internet of Things) by nirvana
• 3,060 points
102 views
0 votes
1 answer

Identification of vulnerable code in an IoT node

The software running on a device is ...READ MORE

answered Aug 30, 2018 in IoT (Internet of Things) by Annie97
• 2,190 points
30 views
0 votes
1 answer

Unable to find valid certification path to requested target

The problem appears when your server has ...READ MORE

answered Dec 12, 2018 in Java by Daisy
• 8,050 points
270 views
0 votes
1 answer

How do we authenticate user from http.signature.secret file?

hadoop.http.authentication.signature.secret.file: The signature secret file for signing ...READ MORE

answered Apr 24, 2018 in Big Data Hadoop by Shubham
• 13,300 points
167 views
0 votes
1 answer
0 votes
1 answer

Autostart published Application on Windows 10 IoT

It can be done by making changes ...READ MORE

answered Jul 12, 2018 in IoT (Internet of Things) by DataKing99
• 8,130 points
177 views