Azure IoT Hub's Elliptic Curve Cryptography (ECC) server TLS certificate, also known as ECDSA certificate, is now in public preview. Compared to the normal RSA server cert, TLS handshake with ECC cert uses less data, is less computationally intensive, and is faster - all meaningful benefits to constrained IoT devices.
While offering equivalent cryptographic security to RSA certificates, ECC certificates use smaller key sizes. This following table (source: RFC 4492) shows the comparison between the approximate key sizes (in bits):
Smaller key sizes result in smaller certificate size and less data usage for TLS handshake. This is particularly important for IoT devices due to their smaller profiles and memory (such as RTOS devices) and to support use cases in network limited environments (such as cargo ships and remote areas).
We ran some experiments for the ECC (256 bits) vs. RSA (2048 bits) certificates for this IoT Hub preview. We found that the TLS handshake data usage went from ~4500 bytes to ~2700 bytes, 40% less! Not only will you be getting the reduction on your bandwidth bills, the savings on battery, computation costs, and memory should not be overlooked. For example, in Azure RTOS, we saw a possible 4KB reduction in TLS stack memory footprint if ECC is used. Such a reduction is significant for a device with limited memory as it opens up the possibility of re-using that memory for other purposes not previously possible.
To get started,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.