Bidirectional TLS Handshake Caching for Constrained Industrial IoT Scenarios

TL;DR

This paper introduces BiTHaC, a bidirectional TLS handshake caching mechanism tailored for resource-constrained industrial IoT devices, significantly reducing bandwidth and processing overhead while maintaining security.

Contribution

It presents a novel bidirectional caching approach for TLS handshakes that exploits static handshake components to optimize performance in constrained environments.

Findings

Bandwidth consumption reduced by up to 61.1%.

Computational overhead decreased by up to 8.5%.

Memory overhead remains manageable.

Abstract

While TLS has become the de-facto standard for end-to-end security, its use to secure critical communication in evolving industrial IoT scenarios is severely limited by prevalent resource constraints of devices and networks. Most notably, the TLS handshake to establish secure connections incurs significant bandwidth and processing overhead that often cannot be handled in constrained environments. To alleviate this situation, we present BiTHaC which realizes bidirectional TLS handshake caching by exploiting that significant parts of repeated TLS handshakes, especially certificates, are static. Thus, redundant information neither needs to be transmitted nor corresponding computations performed, saving valuable bandwidth and processing resources. By implementing BiTHaC for wolfSSL, we show that we can reduce the bandwidth consumption of TLS handshakes by up to 61.1% and the computational overhead by up to 8.5%, while incurring only well-manageable memory overhead and preserving the strict security guarantees of TLS.