Adaptive Optimization of TLS Overhead for Wireless Communication in Critical Infrastructure

TL;DR

This paper proposes to leverage the degrees of freedom in configuring TLS to dynamically adapt algorithms, parameters, and other settings to best meet the currently occurring resource and security constraints in a wireless communication scenario.

Abstract

With critical infrastructure increasingly relying on wireless communication, using end-to-end security such as TLS becomes imperative. However, TLS introduces significant overhead for resource-constrained devices and networks prevalent in critical infrastructure. In this paper, we propose to leverage the degrees of freedom in configuring TLS to dynamically adapt algorithms, parameters, and other settings to best meet the currently occurring resource and security constraints in a wireless communication scenario. Consequently, we can make the best use of scarce resources to provide tightened security for wireless networks in critical infrastructure.

Figures (7)

• Figure 1: With critical infrastructure becoming more widespread and interconnected, a shift from traditional wired networks ①, ② to wireless networks with private ③, shared ④, and public ⑤ infrastructure becomes necessary.
• Figure 2: Our comprehensive measurement setup enables the analysis of the overhead of TLS across various dimensions.
• Figure 3: The average bandwidth overhead of a full TLS handshake varies widely across different authentication mechanisms as well as TLS libraries.
• Figure 4: While the bandwidth overhead of TLS messages mainly depends on the security level of the used ECC curve, small variations exist even for curves with the same security.
• Figure 5: We propose to extend a TLS library with a profile selector that chooses algorithms and parameters tailored to current resource constraints based on pre-computed profiles.