The Cost of OSCORE and EDHOC for Constrained Devices

Abstract

Many modern IoT applications rely on the Constrained Application Protocol (CoAP). Recently, the Internet Engineering Task Force (IETF) proposed two novel protocols for securing it. These are: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the CoAP's payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols which are especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and μEDHOC libraries for regular microcontrollers and μOSCORE-TEE and μEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the latter class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. We present an evaluation of our implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Our implementations are available as open-source software.