Why Transport Layer Security is difficult on Internet of Things devices
Implementing Transport Layer Security (TLS) is challenging on Internet of Things (IoT) devices which often have limited processing power, memory and storage.
Root certificate stores are large and need updating
In order to make a TLS connection to an arbitrary server, a device needs to include a root certificate store — the set of certificates for all trusted Certificate Authorities. These certificates aren’t small. At the time of writing, the Mozilla CA Certificate Store, which is used by the Firefox Browser, measured 1.5 megabytes. 1.5 megabytes is tiny for a laptop or smartphone but huge for a device with a 1 megabyte of flash memory for everything.
Root certificate stores also need keeping up to date. This doesn't need to be done often but it must be possible to add and remove root certificates over time. This requires either manual updating (which takes time) or over the air updates (which consumes battery).
Checking revocation lists and updating root certificate stores is expensive
IoT devices try to conserve power by limiting their network usage. As such, performing the extra network requests needed to do this is undesirable.
The popular ESP8266 family of microcontrollers implements a subset of certificate chain checking. Instead of implementing a certificate chain and revocation, it requires the fingerprint of the server’s specific certificate to be baked into the firmware.
In order to use a certificate authority like Let’s Encrypt, which has 3 month certificate validity, the firmware would have to be updated at least that often. A device that was powered off for several months could become permanently unable to update itself.
Furthermore, if the device was talking to a server run by a third party, for example the Met Office API for checking weather conditions, certificate pinning can become almost useless. If the third party changes their certificate often, or uses multiple certificates simultaneously, it becomes impossible to use the pinning strategy.
The certificate being baked into the firmware also makes revocation hard.
Many cipher suites are not suited to IoT devices
In a browser running on a smart-phone it's possible to implement a large number of cipher suites. But this is not the case for IoT devices.
Certain cipher suites are more suitable for embedded devices because they are more efficient in memory and processing power. In particular, elliptic curve cryptography is more efficient than RSA, so using those ciphers suites is preferable, or even necessary.
However, if a device only supported the elliptic curve subset of cipher suites, it would immediately rule out talking to most of today’s web servers which use RSA certificates. Fundamentally, super low-powered devices that can’t do RSA aren’t going to be able to talk to servers using TLS.
A further pressure is the additional program memory that supporting multiple cipher suites requires. To limit the flash memory required, it would be better to offer only one carefully chosen cipher suite.