Interactive tool efficiency can be tracked as successful outcomes per minute:
\[ \eta = \frac{N_{\text{successful-attempts}}}{T_{\text{minutes}}} \]
Worked example: If users complete 48 successful interactions in 30 minutes, efficiency is \(48/30=1.6\) successful interactions/minute. This metric helps compare alternative game or wizard designs objectively.
By the end of this chapter, you will be able to:
Hands-on interactive cryptography tools let learners encrypt, decrypt, and hash data directly in the browser, building concrete understanding of how cryptographic algorithms transform inputs and outputs.
Cryptography for IoT is the science of keeping sensor data and device commands secret and tamper-proof. Think of it as the digital equivalent of secret codes, locked boxes, and wax seals. Even if someone intercepts your IoT data traveling through the air, cryptography ensures they cannot read or alter it without the proper keys.
These interactive tools help you build intuition about cryptographic concepts. Experiment with different key sizes, algorithms, and attack scenarios to understand why security recommendations exist.
“This chapter has interactive tools where you can experiment!” Lila the LED said, flashing with excitement. “Type in a key size, pick an algorithm, and see how long it would take to break it. Try 128-bit AES versus 256-bit AES and watch the difference – it is mind-blowing!”
Sammy the Sensor tried the encryption strength calculator. “A 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations. Even a supercomputer trying a trillion keys per second would need longer than the age of the universe to try them all. But a 56-bit DES key? A supercomputer could crack it in under a day. Key size REALLY matters!”
“The key exchange simulator is my favorite,” Max the Microcontroller said. “It shows how two devices that have never met can agree on a shared secret over a public network. It is like two people shouting numbers across a crowded room, but using mathematical magic so that no one listening can figure out the final secret. That is the Diffie-Hellman key exchange!”
“These tools help you build intuition,” Bella the Battery encouraged. “Instead of just memorizing that AES-256 is strong, you can SEE why by playing with the numbers. Experiment with different settings and you will develop a gut feeling for what is secure and what is not. That instinct will serve you well throughout your security career!”
Understand how key length and algorithm choice affect security against brute-force attacks and emerging quantum threats.
viewof keyLength = Inputs.select([56, 64, 128, 192, 256, 384, 512, 1024, 2048, 4096], {
value: 128,
label: "Key Length (bits)"
})
viewof algorithm = Inputs.select(
["AES", "3DES", "RSA", "ChaCha20", "ECC"],
{value: "AES", label: "Algorithm"}
)
viewof attackScenario = Inputs.select(
["Single PC", "Botnet (10K nodes)", "Supercomputer", "All computers on Earth"],
{value: "Single PC", label: "Attacker Resources"}
)attackSpeeds = ({
"Single PC": 1e9,
"Botnet (10K nodes)": 1e13,
"Supercomputer": 1e15,
"All computers on Earth": 1e18
})
strengthData = {
const speed = attackSpeeds[attackScenario];
// Determine effective key bits for brute force
let effectiveBits = keyLength;
let keyNote = "";
if (algorithm === "AES") {
if (![128, 192, 256].includes(keyLength)) {
keyNote = "Note: AES only supports 128, 192, and 256-bit keys. Showing generic brute-force estimate.";
}
} else if (algorithm === "3DES") {
effectiveBits = Math.min(keyLength, 112);
keyNote = "3DES has an effective security of 112 bits regardless of nominal key size. 3DES is deprecated -- migrate to AES.";
} else if (algorithm === "ChaCha20") {
if (keyLength !== 256) {
keyNote = "Note: ChaCha20 uses 256-bit keys only. Showing generic brute-force estimate for selected key size.";
}
} else if (algorithm === "RSA") {
keyNote = "RSA security does not come from brute-forcing the key. Instead, attackers factor the public modulus. Equivalent symmetric strength: RSA-1024 ~ 80 bits, RSA-2048 ~ 112 bits, RSA-4096 ~ 128 bits.";
if (keyLength <= 1024) effectiveBits = 80;
else if (keyLength <= 2048) effectiveBits = 112;
else if (keyLength <= 3072) effectiveBits = 128;
else effectiveBits = 140;
} else if (algorithm === "ECC") {
keyNote = "ECC security level is approximately half the key size. ECC-256 provides ~128-bit security, ECC-384 provides ~192-bit security.";
effectiveBits = Math.floor(keyLength / 2);
}
const totalKeys = Math.pow(2, effectiveBits);
const bruteForceSeconds = totalKeys / speed;
const bruteForceYears = bruteForceSeconds / (365.25 * 24 * 3600);
// Quantum attack modeling
let quantumYears, quantumSeconds, quantumNote;
if (algorithm === "RSA" || algorithm === "ECC") {
// Shor's algorithm breaks RSA/ECC entirely
quantumNote = "Shor's algorithm (not Grover's) threatens RSA and ECC. A sufficiently large quantum computer would break these in polynomial time.";
quantumSeconds = 3600; // Conceptual: hours on a large quantum computer
quantumYears = quantumSeconds / (365.25 * 24 * 3600);
} else {
// Grover's algorithm halves symmetric key strength
quantumNote = "Grover's algorithm halves the effective key strength of symmetric ciphers.";
const quantumBits = effectiveBits / 2;
const quantumKeys = Math.pow(2, quantumBits);
quantumSeconds = quantumKeys / (speed * 1000);
quantumYears = quantumSeconds / (365.25 * 24 * 3600);
}
let recommendation = "";
let securityLevel = "";
if (algorithm === "AES" || algorithm === "ChaCha20") {
if (effectiveBits >= 256) {
recommendation = "Quantum-resistant for next 30+ years (128-bit post-quantum security)";
securityLevel = "Excellent";
} else if (effectiveBits >= 128) {
recommendation = "Adequate today; 64-bit post-quantum security may be insufficient long-term";
securityLevel = "Good";
} else {
recommendation = "Too weak -- DO NOT USE in production";
securityLevel = "Inadequate";
}
} else if (algorithm === "RSA") {
if (keyLength >= 4096) {
recommendation = "Strong classically, but vulnerable to quantum computers. Consider ECC for IoT efficiency.";
securityLevel = "Good (classical)";
} else if (keyLength >= 2048) {
recommendation = "Current minimum standard. Vulnerable to future quantum computers.";
securityLevel = "Adequate (classical)";
} else {
recommendation = "RSA below 2048 bits is deprecated by NIST";
securityLevel = "Inadequate";
}
} else if (algorithm === "ECC") {
if (keyLength >= 384) {
recommendation = "Excellent classical security (~192-bit equivalent). Vulnerable to quantum (Shor's).";
securityLevel = "Excellent (classical)";
} else if (keyLength >= 256) {
recommendation = "Ideal for IoT -- ~128-bit security, equivalent to RSA-3072. Vulnerable to quantum (Shor's).";
securityLevel = "Good (classical)";
} else {
recommendation = "Use 256-bit minimum for ECC in production";
securityLevel = "Inadequate";
}
} else if (algorithm === "3DES") {
recommendation = "3DES is deprecated by NIST (2023). Migrate to AES immediately.";
securityLevel = "Inadequate";
}
return {
keyLength,
effectiveBits,
algorithm,
bruteForceYears,
quantumYears,
recommendation,
securityLevel,
attackScenario,
bruteForceSeconds,
quantumSeconds,
keyNote,
quantumNote
};
}
md`### Encryption Strength Analysis
**Configuration:**
- **Algorithm**: ${strengthData.algorithm}
- **Key Length**: ${strengthData.keyLength} bits (effective security: ${strengthData.effectiveBits} bits)
- **Attacker**: ${strengthData.attackScenario}
${strengthData.keyNote ? `> ${strengthData.keyNote}` : ""}
**Security Assessment:**
| Attack Type | Time to Break | Security Level |
|:------------|:--------------|:---------------|
| **Classical Brute Force** | ${strengthData.bruteForceYears < 1e-6 ? strengthData.bruteForceYears.toExponential(2) + " years (INSTANT)" : strengthData.bruteForceYears < 1 ? (strengthData.bruteForceSeconds < 60 ? strengthData.bruteForceSeconds.toFixed(2) + " seconds" : (strengthData.bruteForceSeconds / 60).toFixed(2) + " minutes") : strengthData.bruteForceYears < 1000 ? strengthData.bruteForceYears.toFixed(2) + " years" : strengthData.bruteForceYears.toExponential(2) + " years"} | ${strengthData.securityLevel} |
| **Quantum Attack** | ${strengthData.algorithm === "RSA" || strengthData.algorithm === "ECC" ? "Broken by Shor's algorithm" : strengthData.quantumYears < 1e-6 ? strengthData.quantumYears.toExponential(2) + " years" : strengthData.quantumYears < 1 ? (strengthData.quantumSeconds < 60 ? strengthData.quantumSeconds.toFixed(2) + " seconds" : (strengthData.quantumSeconds / 60).toFixed(2) + " minutes") : strengthData.quantumYears < 1000 ? strengthData.quantumYears.toFixed(2) + " years" : strengthData.quantumYears.toExponential(2) + " years"} | ${(strengthData.algorithm === "RSA" || strengthData.algorithm === "ECC") ? "Vulnerable (Shor's)" : strengthData.effectiveBits >= 256 ? "Resistant" : "Vulnerable"} |
> ${strengthData.quantumNote}
**Recommendation**: ${strengthData.recommendation}
`Understanding the Results:
Real-World Context:
If brute-force time exceeds these timescales, encryption is effectively unbreakable by classical computers.
Compare symmetric (AES) and asymmetric (RSA) encryption side-by-side.
viewof encryptionType = Inputs.radio(
["Symmetric (AES)", "Asymmetric (RSA)", "Hybrid (IoT Best Practice)"],
{value: "Symmetric (AES)", label: "Encryption Type"}
)
viewof userMessage = Inputs.text({
label: "Message to Encrypt",
value: "Sensor: Temperature 72F",
placeholder: "Enter your IoT message...",
width: "100%"
})encryptionData = {
const msg = userMessage || "Sensor: Temperature 72F";
const ciphertextHex = Array.from({length: Math.min(32, msg.length * 2)}, () =>
"0123456789ABCDEF"[Math.floor(Math.random() * 16)]).join('');
if (encryptionType === "Symmetric (AES)") {
return {
type: "symmetric",
algorithm: "AES-128-GCM",
keySize: 128,
keyGenTime: "< 1 ms",
encryptTime: "0.02 ms",
decryptTime: "0.02 ms",
ciphertext: ciphertextHex,
pros: ["Very fast (100-1000x faster than RSA)", "Low power consumption", "Hardware acceleration available (ESP32, STM32)"],
cons: ["Key distribution problem", "Both parties need the same key beforehand"],
speedMbps: 250,
powerMw: 5
};
} else if (encryptionType === "Asymmetric (RSA)") {
return {
type: "asymmetric",
algorithm: "RSA-2048",
keySize: 2048,
keyGenTime: "100-500 ms",
encryptTime: "1-5 ms",
decryptTime: "10-50 ms",
ciphertext: ciphertextHex + "...",
pros: ["Solves key distribution", "Digital signatures possible", "Enables PKI and certificates"],
cons: ["Very slow (100-1000x slower than AES)", "High power consumption", "Large key sizes"],
speedMbps: 0.5,
powerMw: 50
};
} else {
return {
type: "hybrid",
algorithm: "ECDH + AES-128-GCM",
keySize: "ECC-256 + AES-128",
keyGenTime: "50-200 ms (once)",
encryptTime: "0.02 ms (after handshake)",
decryptTime: "0.02 ms (after handshake)",
ciphertext: ciphertextHex,
pros: ["Best of both worlds", "Industry standard (TLS 1.3)", "Efficient for IoT"],
cons: ["More complex implementation", "Initial handshake cost"],
speedMbps: 250,
powerMw: 5
};
}
}html`<div style="
display: grid;
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
gap: 20px;
margin: 20px 0;
">
<div style="padding: 20px; background: #2C3E50; border-radius: 12px; color: white;">
<h4 style="margin: 0 0 10px 0;">${encryptionData.algorithm}</h4>
<p><strong>Key Size:</strong> ${encryptionData.keySize} bits</p>
<p><strong>Encrypt:</strong> ${encryptionData.encryptTime}</p>
<p><strong>Decrypt:</strong> ${encryptionData.decryptTime}</p>
<p><strong>Speed:</strong> ${encryptionData.speedMbps} MB/s</p>
<p><strong>Power:</strong> ${encryptionData.powerMw} mW</p>
</div>
<div style="padding: 20px; background: #16A085; border-radius: 12px; color: white;">
<h4 style="margin: 0 0 10px 0;">Advantages</h4>
<ul style="margin: 0; padding-left: 20px;">
${encryptionData.pros.map(p => `<li>${p}</li>`).join('')}
</ul>
</div>
<div style="padding: 20px; background: #E67E22; border-radius: 12px; color: white;">
<h4 style="margin: 0 0 10px 0;">Disadvantages</h4>
<ul style="margin: 0; padding-left: 20px;">
${encryptionData.cons.map(c => `<li>${c}</li>`).join('')}
</ul>
</div>
</div>`Based on your IoT requirements, select the most appropriate encryption approach:
viewof deviceType = Inputs.select(
["Battery sensor (ultra-low power)", "Smart home device", "Industrial gateway", "Medical implant", "Automotive ECU"],
{value: "Battery sensor (ultra-low power)", label: "Device Type"}
)
viewof dataType = Inputs.select(
["Sensor telemetry", "Commands/control", "Firmware updates", "Personal health data", "Financial transactions"],
{value: "Sensor telemetry", label: "Data Type"}
)
viewof networkType = Inputs.select(
["LoRaWAN (limited bandwidth)", "Wi-Fi", "Cellular (NB-IoT/LTE-M)", "Bluetooth LE", "Ethernet"],
{value: "Wi-Fi", label: "Network Type"}
)recommendation = {
let symmetric = "AES-128-GCM";
let asymmetric = "ECC-256 (Curve25519)";
let hash = "SHA-256";
let notes = [];
// Adjust based on device type
if (deviceType === "Battery sensor (ultra-low power)") {
symmetric = "AES-128-GCM";
notes.push("Use hardware AES acceleration to minimize power");
notes.push("Consider PSK-based TLS to avoid costly asymmetric operations");
} else if (deviceType === "Medical implant") {
symmetric = "AES-256-GCM";
notes.push("Maximum security required -- use AES-256");
notes.push("Store keys in a hardware secure element");
} else if (deviceType === "Automotive ECU") {
symmetric = "AES-128-GCM";
asymmetric = "ECC-256 (secp256r1)";
notes.push("Follow ISO 26262 and UNECE WP.29 security requirements");
}
// Adjust based on data type
if (dataType === "Personal health data" || dataType === "Financial transactions") {
symmetric = "AES-256-GCM";
notes.push("Compliance (HIPAA/PCI-DSS) requires maximum encryption strength");
} else if (dataType === "Firmware updates") {
notes.push("Always verify firmware signatures with Ed25519 or ECDSA before installation");
}
// Adjust based on network
if (networkType === "LoRaWAN (limited bandwidth)") {
asymmetric = "Ed25519 (64-byte signatures)";
notes.push("Use Ed25519 -- RSA signatures (256+ bytes) are too large for LoRaWAN payloads");
}
return {symmetric, asymmetric, hash, notes};
}
md`### Recommended Configuration
| Purpose | Algorithm | Notes |
|---------|-----------|-------|
| **Data Encryption** | ${recommendation.symmetric} | Symmetric encryption for bulk data |
| **Key Exchange/Signatures** | ${recommendation.asymmetric} | Asymmetric for handshake and authentication |
| **Integrity/Hashing** | ${recommendation.hash} | One-way fingerprint for verification |
**Additional Recommendations:**
${recommendation.notes.map(n => `- ${n}`).join('\n')}
`See how cryptographic hash functions work with the avalanche effect – a tiny input change produces a completely different output:
simpleHash = {
let hash = 0;
const input = hashInput || "";
for (let i = 0; i < input.length; i++) {
const char = input.charCodeAt(i);
hash = ((hash << 5) - hash) + char;
hash = hash & hash;
}
return Math.abs(hash).toString(16).padStart(8, '0').toUpperCase();
}
// Simulate changing one character
changedInput = {
const input = hashInput || "";
if (input.length > 0) {
const pos = Math.floor(input.length / 2);
const newChar = String.fromCharCode(input.charCodeAt(pos) + 1);
return input.substring(0, pos) + newChar + input.substring(pos + 1);
}
return input + "X";
}
changedHash = {
let hash = 0;
const input = changedInput;
for (let i = 0; i < input.length; i++) {
const char = input.charCodeAt(i);
hash = ((hash << 5) - hash) + char;
hash = hash & hash;
}
return Math.abs(hash).toString(16).padStart(8, '0').toUpperCase();
}
md`### Avalanche Effect Demonstration
| Input | Hash (simplified) |
|-------|-------------------|
| "${hashInput}" | \`${simpleHash}\` |
| "${changedInput}" | \`${changedHash}\` |
**Observation**: Even a tiny change (one character) produces a completely different hash output. This is the **avalanche effect** -- a core property of cryptographic hash functions.
*Note: This uses a simplified 32-bit hash for visualization. Real SHA-256 produces a 256-bit (64-character hex) output and is collision-resistant.*
`Estimate encryption performance on your target hardware:
viewof targetMCU = Inputs.select(
["ESP32 (240 MHz)", "STM32L4 (80 MHz)", "nRF52840 (64 MHz)", "Arduino Uno (16 MHz)", "Raspberry Pi Pico (133 MHz)"],
{value: "ESP32 (240 MHz)", label: "Target Microcontroller"}
)
viewof dataSize = Inputs.range([16, 10240], {
value: 1024,
step: 16,
label: "Data Size (bytes)"
})
viewof operationsPerDay = Inputs.range([1, 10000], {
value: 100,
step: 1,
label: "Encryption Operations per Day"
})performanceEstimate = {
// Approximate cycles per byte for AES-128-GCM
const cyclesPerByte = {
"ESP32 (240 MHz)": 15, // Hardware AES
"STM32L4 (80 MHz)": 20, // Hardware AES
"nRF52840 (64 MHz)": 18, // CryptoCell
"Arduino Uno (16 MHz)": 500, // Software only
"Raspberry Pi Pico (133 MHz)": 100 // Software
};
const clockMHz = {
"ESP32 (240 MHz)": 240,
"STM32L4 (80 MHz)": 80,
"nRF52840 (64 MHz)": 64,
"Arduino Uno (16 MHz)": 16,
"Raspberry Pi Pico (133 MHz)": 133
};
const cpb = cyclesPerByte[targetMCU];
const mhz = clockMHz[targetMCU];
const totalCycles = cpb * dataSize;
const timeUs = totalCycles / mhz;
const timeMs = timeUs / 1000;
// Power estimates (rough)
const activePowerMa = {
"ESP32 (240 MHz)": 80,
"STM32L4 (80 MHz)": 25,
"nRF52840 (64 MHz)": 20,
"Arduino Uno (16 MHz)": 15,
"Raspberry Pi Pico (133 MHz)": 30
};
const powerMa = activePowerMa[targetMCU];
// Energy = Power(mW) * Time(us) / 1000 = microjoules
// Power(mW) = powerMa * 3.3V
const powerMw = powerMa * 3.3;
const energyPerOpUj = powerMw * timeUs / 1000;
const energyPerDayMj = energyPerOpUj * operationsPerDay / 1000;
// Battery life estimate (assuming 2000mAh battery at 3.3V)
const batteryMah = 2000;
const batteryMj = batteryMah * 3.3 * 3600; // mAh * V * 3600s = mJ
const batteryDays = batteryMj / energyPerDayMj;
return {
timeMs: timeMs.toFixed(3),
throughputMbps: (dataSize / (timeUs / 1e6) / 1e6).toFixed(2),
energyPerOpUj: energyPerOpUj.toFixed(1),
energyPerDayMj: energyPerDayMj.toFixed(2),
batteryDays: batteryDays > 10000 ? ">10 years" : (batteryDays / 365).toFixed(1) + " years",
note: "Estimates based on AES-128-GCM encryption only. Does not include radio transmission energy, which typically dominates total power budget."
};
}
md`### Performance Estimate for ${targetMCU}
| Metric | Value |
|--------|-------|
| **Time per Operation** | ${performanceEstimate.timeMs} ms |
| **Throughput** | ${performanceEstimate.throughputMbps} MB/s |
| **Energy per Operation** | ${performanceEstimate.energyPerOpUj} uJ |
| **Energy per Day** (${operationsPerDay} ops) | ${performanceEstimate.energyPerDayMj} mJ |
| **Battery Life (2000 mAh, crypto only)** | ${performanceEstimate.batteryDays} |
*${performanceEstimate.note}*
`You’re building a LoRaWAN sensor that sends 32-byte telemetry every 15 minutes. The maximum payload is 51 bytes. Which encryption approach is most appropriate?
Options:
Correct: B
AES-128-GCM provides strong symmetric encryption with a 16-byte authentication tag (12-byte nonce + 16-byte tag = 28 bytes overhead, leaving 23 bytes for data per message – tight but feasible with compression). Ed25519 produces 64-byte signatures, which exceed the single-message payload but can authenticate batches or be sent separately. RSA-2048 signatures (256 bytes) far exceed the 51-byte payload limit. While LoRaWAN includes AES-128 application-layer encryption, additional end-to-end encryption is recommended for sensitive data since the network server can decrypt LoRaWAN’s built-in encryption.
Scenario: Utility company deploys smart meters that report power consumption every 15 minutes over cellular (NB-IoT).
Given:
Security Requirement: Utility needs data authenticity (prevent false billing) and integrity (detect tampering).
Option Analysis:
Option 1: RSA-2048 Signatures
Performance on ARM Cortex-M4 @ 64 MHz:
Annual energy:
10-year energy: 15,140 J Battery capacity: 246,000 J Crypto overhead: 15,140 / 246,000 = 6.2% – Acceptable
Signature size: 256 bytes Total message: 32 + 256 = 288 bytes Transmission time: 288 x 8 / 250,000 = 9.2 ms
Option 2: Ed25519 Signatures
Performance on ARM Cortex-M4 @ 64 MHz:
Annual energy:
10-year energy: 303 J Battery capacity: 246,000 J Crypto overhead: 303 / 246,000 = 0.12% – Excellent
Signature size: 64 bytes Total message: 32 + 64 = 96 bytes Transmission time: 96 x 8 / 250,000 = 3.1 ms (3x faster than RSA)
Option 3: HMAC-SHA256 (Symmetric Authentication)
Performance on ARM Cortex-M4 @ 64 MHz:
Annual energy:
10-year energy: 9.5 J Battery capacity: 246,000 J Crypto overhead: 9.5 / 246,000 = 0.004% – Negligible
Authentication tag size: 32 bytes Total message: 32 + 32 = 64 bytes Transmission time: 64 x 8 / 250,000 = 2.0 ms (fastest)
Comparison:
| Metric | RSA-2048 | Ed25519 | HMAC-SHA256 |
|---|---|---|---|
| Energy per operation | 43.2 mJ | 0.864 mJ | 0.027 mJ |
| 10-year crypto energy | 15,140 J | 303 J | 9.5 J |
| Signature/tag size | 256 bytes | 64 bytes | 32 bytes |
| Total message size | 288 bytes | 96 bytes | 64 bytes |
| Transmission time | 9.2 ms | 3.1 ms | 2.0 ms |
| Non-repudiation | Yes | Yes | No |
| Key management | Complex (PKI) | Medium (PKI) | Simple (pre-shared) |
Decision:
The utility chooses Ed25519 signatures because:
HMAC is rejected because it lacks non-repudiation (the utility cannot prove to a court that a specific meter generated a reading, since both the meter and the server share the same key).
Fleet-Wide Impact:
| Metric | RSA-2048 | Ed25519 | Savings |
|---|---|---|---|
| Total fleet energy (10 years) | 151 MJ | 3 MJ | 148 MJ saved |
| Cellular data usage (10 years) | 100 GB | 33 GB | 67 GB saved |
| Cellular cost ($0.10/MB) | $10,000 | $3,300 | $6,700 saved |
ROI: Switching from RSA to Ed25519 saves $6,700 in cellular fees alone over 10 years for this 10,000-meter deployment. Implementation cost for Ed25519 library: ~$5,000 one-time. Pays for itself in the first 2 years.
Use the calculator tools to evaluate these criteria:
Step 1: Assess Power Budget
| Device Type | Daily Energy Budget | Crypto Allocation | Suitable Algorithms |
|---|---|---|---|
| Coin cell (CR2032) | ~20 mJ | <1 mJ/day | AES-128-GCM with HW accel, ChaCha20 |
| AA battery | ~200 mJ | <10 mJ/day | AES-GCM, Ed25519 |
| Solar + supercap | Variable | <50 mJ/operation | AES-GCM, ECDH |
| Wall-powered | Unlimited | Any | AES-256-GCM, RSA-2048 acceptable |
Use the Performance Estimator tool to calculate:
If AES-128-GCM takes 0.5 ms @ 30 mA on your MCU:
Energy per operation = 0.030 A x 3.3 V x 0.0005 s = 0.05 mJ
Daily budget: 200 mJ
Max encryptions: 200 / 0.05 = 4,000/dayStep 2: Evaluate Bandwidth Constraints
| Network Type | Max Payload | Encryption Overhead | Algorithm Choice |
|---|---|---|---|
| LoRaWAN SF10 | 51 bytes | <20 bytes | AES-GCM (28-byte overhead), truncated HMAC |
| NB-IoT | 1,600 bytes | <100 bytes | Any modern algorithm |
| Sigfox | 12 bytes | <8 bytes | Truncated HMAC-SHA256 (4-8 bytes); full crypto impractical |
| Wi-Fi | 1,500 bytes | Any | Any algorithm |
Use the Encryption Strength Calculator to verify:
LoRaWAN example:
- Payload: 32 bytes sensor data
- AES-GCM overhead: 12 (nonce) + 16 (tag) = 28 bytes
- Total: 32 + 28 = 60 bytes
- Verdict: Exceeds 51-byte limit at SF10
Alternative:
- Use AES-GCM with truncated 8-byte tag (reduced but acceptable security)
- Total: 32 + 12 + 8 = 52 bytes -- still tight
- Or: Use LoRaWAN's built-in AES-128 + truncated HMAC for extra integrityStep 3: Security Requirements vs Performance Trade-offs
Use this decision matrix:
| Requirement | Symmetric | Asymmetric | Hybrid |
|---|---|---|---|
| Confidentiality only | AES-128-GCM | Too slow for bulk data | Not needed |
| Authenticity + integrity | HMAC (no non-repudiation) | Ed25519 | Ed25519 for auth + AES for data |
| Key exchange problem | Cannot solve alone | ECDH | ECDH once, then AES |
| Legal non-repudiation | Cannot provide | Digital signature (Ed25519) | Sign hash of encrypted data |
Example Selection Process:
Medical device (insulin pump):
Analysis with calculator tools:
Option 1: AES-128-GCM + HMAC
- Energy: 0.05 mJ/message x 1,440 messages/day = 72 mJ/day
- Budget check: 72 / 300 = 24% -- Acceptable
- Non-repudiation: No (HMAC uses shared key)
Option 2: AES-128-GCM + Ed25519 signatures
- Energy: 0.05 (AES) + 0.4 (Ed25519) = 0.45 mJ/message
- Total: 0.45 x 1,440 = 648 mJ/day
- Budget check: 648 / 300 = 216% -- Exceeds budget!
Option 3: Optimize -- Sign every 10th message
- Ed25519 signatures: 144/day x 0.4 mJ = 57.6 mJ
- AES-GCM: 1,440/day x 0.05 mJ = 72 mJ
- Total: 129.6 mJ/day
- Budget check: 129.6 / 300 = 43% -- AcceptableDecision: Use AES-GCM for all messages (confidentiality + integrity), plus Ed25519 signature every 10th message for non-repudiation. Intermediate messages authenticated by the GCM authentication tag.
The Mistake: Developers optimize per-message encryption energy but forget that TLS/DTLS handshakes consume 10-100x more energy than individual messages.
The Problem:
TLS 1.3 handshake involves multiple round trips:
Total handshake energy (ESP32, cellular network):
Per-message encryption (AES-GCM):
Energy Calculation Error:
Developer thinks:
"I send 96 messages/day, each costs 0.05 mJ to encrypt"
Daily crypto energy = 96 x 0.05 = 4.8 mJ -- looks great!
Reality with new TLS handshake per message:
"I send 96 messages/day, each requires a new TLS handshake"
Daily energy = 96 x (420 + 100) = 49,920 mJ
= ~50 J/day
= ~18,250 J/year
Battery (2x AA = 10 Wh = 36 kJ)
Lifetime = 36,000 / 18,250 = 1.97 years
Target was 5 years!The Fix: TLS Session Resumption
// WRONG: New handshake every message
void send_message_wrong() {
WiFiClientSecure client;
client.connect(server, 443); // Full handshake
client.write(data, len);
client.stop(); // Closes connection
}
// CORRECT: Persistent connection with session resumption
WiFiClientSecure client;
void setup() {
client.connect(server, 443); // Full handshake ONCE
}
void send_message_correct() {
if (!client.connected()) {
client.connect(server, 443); // Session resumption (fast)
}
client.write(data, len);
// Keep connection open for next message
}Energy Comparison:
| Approach | Handshakes/Day | Handshake Energy | Messages/Day | Message Energy | Total |
|---|---|---|---|---|---|
| New connection/message | 96 | 40,320 mJ | 96 | 9,600 mJ | 49,920 mJ |
| Persistent connection | 1 | 420 mJ | 96 | 9,600 mJ | 10,020 mJ |
| Session resumption (1h timeout) | 24 | 1,200 mJ | 96 | 9,600 mJ | 10,800 mJ |
Savings: Persistent connection reduces daily energy from 50 J to 10 J – a 5x improvement with no security compromise.
Implementation Pattern:
// Keep TLS connection alive up to 1 hour
unsigned long last_message_time = 0;
const unsigned long KEEPALIVE_TIMEOUT = 3600000; // 1 hour
void send_data(const uint8_t *data, size_t len) {
unsigned long now = millis();
// Close connection if inactive for >1 hour
if (now - last_message_time > KEEPALIVE_TIMEOUT) {
client.stop();
}
// Reconnect if needed (uses session resumption if available)
if (!client.connected()) {
client.connect(server, 443);
// Session resumption: ~50 mJ vs full handshake: ~420 mJ
}
client.write(data, len);
last_message_time = now;
}Key Insight: When using the interactive tools, always include handshake energy in your total calculation. For cellular IoT devices, handshake energy often dominates the crypto overhead.
Use this formula:
Total daily energy = (messages_per_day x message_energy)
+ (handshakes_per_day x handshake_energy)
Where:
handshakes_per_day = min(messages_per_day, 24) // With 1-hour keep-aliveThese tools help you explore trade-offs in IoT cryptography:
| Tool | Tests Understanding Of | Informs Decisions About | Common Insight |
|---|---|---|---|
| Encryption Strength Calculator | Key size vs attack time | Minimum acceptable key length | 128-bit = billions of years, 56-bit = hours on supercomputer |
| Encryption Comparison | Symmetric vs asymmetric speed | When to use each type | AES: 100-1000x faster than RSA |
| Algorithm Selection Guide | Device constraints | Hardware-appropriate crypto | Battery sensors need lightweight crypto, not RSA |
| Hash Demonstrator | Avalanche effect | Why small changes matter | One bit flip = completely different hash |
| Performance Estimator | Energy per operation | Battery lifetime impact | Crypto energy is small; radio transmission dominates |
Use Pattern: Start with the Strength Calculator (understand keyspace) -> Compare Algorithms (speed/energy) -> Selection Guide (apply to your device) -> Verify with Performance Estimator.
Theory:
Hands-On:
Implementation Guides:
Real-World Examples:
These interactive tools help you:
Experiment with different configurations to develop intuition about IoT cryptography. The key takeaway: security decisions are always trade-offs between protection level, performance, energy, bandwidth, and cost.
::
::
| If you want to… | Read this |
|---|---|
| Deepen understanding of symmetric algorithms | Symmetric Encryption |
| Explore asymmetric and ECC algorithms | ECC & Asymmetric Crypto |
| Try structured labs with exercises | Encryption Labs |
| Play cryptography challenge games | Encryption Games |
Continue to Encryption Labs for hands-on Wokwi simulations and practice exercises implementing cryptographic operations on ESP32 microcontrollers.