On TLS 1.3 - Early Performance Analysis in the IoT Field

Simone Bossi, Tea Anselmo, Guido Bertoni


The TLS 1.3 specifications are subject to change before the final release, and there are still details to be clarified, but yet some directions have been stated. In the IoT scenario, where devices are constrained, it is important and critical that the added security benefits of the new TLS 1.3 does not increase complexity and power consumption significantly compared to TLS 1.2. This paper provides an overview of the novelties introduced in TLS 1.3 draft finalized to improve security and latency of the protocol: the reworked handshake flows and the newly adopted cryptographic algorithms are analyzed and compared in terms of security and latency to the current TLS in use. In particular, the analysis is focused on performance and memory requirements overhead introduced by the TLS 1.3 current specifications, and the final section reports simulation results of a commercial cryptographic library running on a low end device with an STM32 microcontroller.


  1. Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., Heninger, N., Springall, D., Thomé, E., Valenta, L., et al. (2015). Imperfect forward secrecy: How diffie-hellman fails in practice.
  2. Al Fardan, N. J. and Paterson, K. G. (2013). Lucky thirteen: Breaking the tls and dtls record protocols. In Security
  3. Barker, E., Barker, W., Burr, W., Polk, W., Smid, M., Gallagher, P. D., et al. (2012). Recommendation for key management - part 1: General. NIST special publication, 800:57. Revision 3.
  4. Barker, E., Burr, W., Jones, A., Polk, T., Rose, S., Smid, M., and Dang, Q. (2015). Recommendation for key management - part 3: Application-specific key management guidance. NIST special publication, 800:57. Revision 1.
  5. Bellare, M., Kohno, T., and Namprempre, C. (2004). Breaking and provably repairing the ssh authenticated encryption scheme: A case study of the encode-thenencrypt-and-mac paradigm. ACM Transactions on Information and System Security (TISSEC), 7(2):206- 241.
  6. Bellare, M. and Namprempre, C. (2000). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology-ASIACRYPT 2000 , pages 531-545. Springer.
  7. Bernstein, D. J. (2005). The poly1305-aes messageauthentication code. In Fast Software Encryption, pages 32-49. Springer.
  8. Bernstein, D. J. (2006). Curve25519: new diffie-hellman speed records. In Public Key Cryptography-PKC 2006, pages 207-228. Springer.
  9. Bernstein, D. J. (2008). Chacha, a variant of salsa20. In Workshop Record of SASC, volume 8.
  10. Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and Yang, B.-Y. (2012). High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2):77-89.
  11. Borisov, N., Goldberg, I., and Wagner, D. (2001). Intercepting mobile communications: the insecurity of 802.11. In Proceedings of the 7th annual international conference on Mobile computing and networking, pages 180-189. ACM.
  12. Degabriele, J. P. and Paterson, K. G. (2010). On the (in) security of ipsec in mac-then-encrypt configurations. In Proceedings of the 17th ACM conference on Computer and communications security, pages 493-504. ACM.
  13. Dierks, T. and Rescorla, E. (2006). The transport layer security (tls) protocol version 1.1. RFC 4346, RFC Editor. http://www.rfc-editor.org/rfc/rfc4346.txt.
  14. Dierks, T. and Rescorla, E. (2008). The transport layer security (tls) protocol version 1.2. RFC 5246, RFC Editor. http://www.rfc-editor.org/rfc/rfc5246.txt.
  15. Dworkin, M. (2007). Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. US Department of Commerce, National Institute of Standards and Technology.
  16. Ford-Hutchinson, P. (2005). Securing ftp with tls. RFC 4217, RFC Editor. http://www.rfc-editor.org/rfc/ rfc4217.txt.
  17. Gutmann, P. (2014). Encrypt-then-mac for transport layer security (tls) and datagram transport layer security (dtls). RFC 7366, RFC Editor. http:// www.rfc-editor.org/rfc/rfc7366.txt.
  18. Hoffman, P. (2002). Smtp service extension for secure smtp over transport layer security. RFC 3207, RFC Editor. http://www.rfc-editor.org/rfc/rfc3207.txt.
  19. Ishiguro, T. (2012). Modified version of” latin dances revisited: New analytic results of salsa20 and chacha”. IACR Cryptology ePrint Archive, 2012:65.
  20. Josefsson, S. and Mavrogiannopoulos, N. (2015). Using eddsa with ed25519/ed448 in the internet x.509 public key infrastructure. Internet-Draft draft-josefssonpkix-eddsa-04, IETF Secretariat. http://www.ietf.org/ internet-drafts/draft-josefsson-pkix-eddsa-04.txt.
  21. Josefsson, S. and Pegourie-Gonnard, M. (2015). Curve25519 and curve448 for transport layer security (tls). Internet-Draft draft-ietf-tls-curve25519-01, IETF Secretariat. http://www.ietf.org/internet-drafts/ draft-ietf-tls-curve25519-00.txt.
  22. Kent, S. and Atkinson, R. (1998). Ip encapsulating security payload (esp). RFC 2406, RFC Editor. http://www.rfc-editor.org/rfc/rfc2406.txt.
  23. Koschuch, M., Hudler, M., and Kr üger, M. (2012). The price of security: A detailed comparison of the tls handshake performance on embedded devices when using elliptic curve cryptography and rsa. In e-Business and Telecommunications, pages 71-83. Springer.
  24. Krawczyk, H. (2001). The order of encryption and authentication for protecting communications (or: How secure is ssl?). In Advances in Cryptology-CRYPTO 2001 , pages 310-331. Springer.
  25. Langley, A., Chang, W.-T., Mavrogiannopoulos, N., Strombergson, J., and Josefsson, S. (2015). Chacha20-poly1305 cipher suites for transport layer security (tls). Internet-Draft draft-ietf-tls-chacha20- poly1305-03, IETF Secretariat. http://www.ietf.org/ internet-drafts/draft-ietf-tls-chacha20-poly1305- 03.txt.
  26. McGrew, D. (2008). An interface and algorithms for authenticated encryption. RFC 5116, RFC Editor. http://www.rfc-editor.org/rfc/rfc5116.txt.
  27. McGrew, D. and Viega, J. (2004). The galois/counter mode of operation (gcm). Submission to NIST. http:// csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ gcm/gcm-spec. pdf.
  28. M öller, B., Duong, T., and Kotowicz, K. (2014). This poodle bites: Exploiting the ssl 3.0 fallback.
  29. Nir, Y. and Langley, A. (2015). Chacha20 and poly1305 for ietf protocols. RFC 7539, RFC Editor. http:// www.rfc-editor.org/rfc/rfc7539.txt.
  30. Rescorla, E. (2000). Http over tls. RFC 2818, RFC Editor. http://www.rfc-editor.org/rfc/rfc2818.txt.
  31. Rescorla, E. (2015). The transport layer security (tls) protocol version 1.3. Internet-Draft draft-ietf-tls-tls13-10, IETF Secretariat. http://www.ietf.org/internet-drafts/ draft-ietf-tls-tls13-10.txt.
  32. Rogaway, P. (2002). Authenticated-encryption with associated-data. In Proceedings of the 9th ACM conference on Computer and communications security, pages 98-107. ACM.
  33. Saint-Andre, P. (2011). Extensible messaging and presence protocol (xmpp): Core. RFC 6120, RFC Editor. http://www.rfc-editor.org/rfc/rfc6120.txt.
  34. Salowey, J., Choudhury, A., and McGrew, D. (2008). Aes galois counter mode (gcm) cipher suites for tls. RFC 5288, RFC Editor. http://www.rfc-editor.org/ rfc/rfc5288.txt.
  35. Shi, Z., Zhang, B., Feng, D., and Wu, W. (2013). Improved key recovery attacks on reduced-round salsa20 and chacha. In Proceedings of the 15th International Conference on Information Security and Cryptology, ICISC'12, pages 337-351, Berlin, Heidelberg. Springer-Verlag.
  36. Ylonen, T. and Lonvick, C. (2006). The secure shell (ssh) transport layer protocol. RFC 4253, RFC Editor. http://www.rfc-editor.org/rfc/rfc4253.txt.

Paper Citation

in Harvard Style

Bossi S., Anselmo T. and Bertoni G. (2016). On TLS 1.3 - Early Performance Analysis in the IoT Field . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 117-125. DOI: 10.5220/0005688901170125

in Bibtex Style

author={Simone Bossi and Tea Anselmo and Guido Bertoni},
title={On TLS 1.3 - Early Performance Analysis in the IoT Field},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - On TLS 1.3 - Early Performance Analysis in the IoT Field
SN - 978-989-758-167-0
AU - Bossi S.
AU - Anselmo T.
AU - Bertoni G.
PY - 2016
SP - 117
EP - 125
DO - 10.5220/0005688901170125