E4 vs. (D)TLS #IoTencryption

Today at Teserakt we discussed the benefits of using our end-to-end encryption protocol E4 instead of TLS with pre-shared keys (PSK), as sometimes used on low-end devices that don’t use public-key cryptography. The discussion started after a call with a start-up that is specialized in low-power WAN networks and uses DTLS with PSK for protecting data sent to and received from devices. We thought we would write this quick post to share our thoughts and encourage readers to share their experience with similar protocols.

The following points (in arbitrary order) are the main benefits of E4 that we identified, and in our experience cover some of the most important problems encountered when attempting to deploy encryption on low-power devices:

  • An application layer protocol and can therefore go over other protocols, properly end-to-end, whereas (D)TLS is not end-to-end however you cut it.
  • “No ridiculously complex standards (TLS requires full ASN.1 parser)”
  • Remains secure if the device has neither a PRNG nor a clock.
  • Simpler key management (no PKI, X.509, etc.).
  • 0-RTT; E4 doesn’t need to perform a handshake mechanism to start sending encrypted data.
  • Much smaller code and RAM footprint. In particular no need to allocate MBs of memory to process certificate chains unlike TLS.

A last remark: as an alternative to (D)TLS for low-end platforms we’ll be evaluating the Noise family of protocols and in particular Rust implementations optimized for ARM-based chips. More on this in a future post 🙂