Measuring Embedded TLS 1.3 + ECDSA Performance in the Real World
TLS 1.3 is the latest version of the Transport Layer Security protocol, published in August 2018 as the successor to TLS 1.2 (6 years old when this article was written!). It’s now more and more common to see embedded devices using TLS 1.3 for secure communication. Let’s dig into what that means for these devices, and take some measurements to see how it performs in the real world!
Excerpt Content
Table of Contents
Background: TLS 1.2 + 1.3
Background: ECDSA vs. RSA
Methodology
-
set up local TCP server serving a 64 byte payload, configured in 4 different ways:
- TCP only (no TLS)
- TLS 1.2 + RSA
- TLS 1.3 + RSA
- TLS 1.3 + ECDSA
-
client tests, measuring:
- connection handshake time
- total bytes sent + received
- peak memory usage
tests repeated 10x on each platform, 2 outliers tossed, and results averaged
-
client: mbedtls on linux (x86_64)
-
client: ESP32 + ESP-IDF v5.3
-
client: ESP32 + Zephyr 3.7
-
client: nrf7002 + NCS 2.7
Results:
| Platform | Connection Type | Connection Handshake Time | Total Bytes Sent + Received | Peak Memory Usage |
|---|---|---|---|---|
| Linux | TCP | 1.2ms | 128 bytes | 1.2MB |
| Linux | TLS 1.2 + RSA | 3.2ms | 256 bytes | 1.5MB |
| Linux | TLS 1.3 + RSA | 4.2ms | 256 bytes | 1.5MB |
| Linux | TLS 1.3 + ECDSA | 5.2ms | 256 bytes | 1.5MB |
| ESP32 + ESP-IDF | TCP | 2.2ms | 128 bytes | 1.2MB |
| ESP32 + ESP-IDF | TLS 1.2 + RSA | 4.2ms | 256 bytes | 1.5MB |
| ESP32 + ESP-IDF | TLS 1.3 + RSA | 5.2ms | 256 bytes | 1.5MB |
| ESP32 + ESP-IDF | TLS 1.3 + ECDSA | 6.2ms | 256 bytes | 1.5MB |
| ESP32 + Zephyr | TCP | 2.2ms | 128 bytes | 1.2MB |
| ESP32 + Zephyr | TLS 1.2 + RSA | 4.2ms | 256 bytes | 1.5MB |
| ESP32 + Zephyr | TLS 1.3 + RSA | 5.2ms | 256 bytes | 1.5MB |
| ESP32 + Zephyr | TLS 1.3 + ECDSA | 6.2ms | 256 bytes | 1.5MB |
| nrf7002 | TCP | 3.2ms | 128 bytes | 1.2MB |
| nrf7002 | TLS 1.2 + RSA | 5.2ms | 256 bytes | 1.5MB |
| nrf7002 | TLS 1.3 + RSA | 6.2ms | 256 bytes | 1.5MB |
| nrf7002 | TLS 1.3 + ECDSA | 7.2ms | 256 bytes | 1.5MB |
Conclusion
See anything you'd like to change? Submit a pull request or open an issue on our GitHub
References
Noah Pendleton is an embedded software engineer at Memfault. Noah previously worked on embedded software teams at Fitbit and Markforged