Comparative Analysis of Cryptography Library in IoT

The paper aims to do a survey along with a comparative analysis of the various cryptography libraries that are applicable in the field of Internet of Things (IoT). The first half of the paper briefly introduces the various cryptography libraries available in the field of cryptography along with a list of all the algorithms contained within the libraries. The second half of the paper deals with cryptography libraries specifically aimed for application in the field of Internet of Things. The various libraries and their performance analysis listed down in this paper are consolidated from various sources with the aim of providing a single comprehensive repository for reference to the various cryptography libraries and the comparative analysis of their features in IoT.

💡 Research Summary

The paper presents a comprehensive survey and comparative analysis of cryptographic libraries that are suitable for Internet of Things (IoT) applications. It is divided into two main sections. The first part reviews general‑purpose cryptographic libraries such as OpenSSL, Bouncy Castle, Crypto++, and Botan. For each library the authors list supported symmetric ciphers (AES, ChaCha20, etc.), asymmetric algorithms (RSA, ECC, DSA), hash functions (SHA‑2, SHA‑3, BLAKE2), and authentication protocols (TLS 1.3, DTLS). They also discuss licensing models, community activity, and the presence of hardware‑acceleration hooks or side‑channel countermeasures. This section highlights that while these libraries are feature‑rich and widely audited, their code footprints (often several hundred kilobytes) and memory requirements make them unsuitable for most constrained IoT nodes.

The second part focuses on lightweight, IoT‑oriented libraries: mbed TLS, WolfSSL, TinyCrypt, ARM CryptoCell SDK, MicroECC, and a few integrated stacks such as wolfMQTT. The authors describe each library’s design goals—modular compilation, minimal RAM usage, optional hardware off‑loading—and enumerate the exact algorithms they implement. For example, mbed TLS offers AES‑GCM, ChaCha20‑Poly1305, ECC curves P‑256/P‑384, and RSA‑2048, all selectable at compile time. WolfSSL provides a full TLS 1.3 implementation, DTLS 1.2, and a rich set of AEAD ciphers, with explicit APIs for leveraging CryptoCore, Intel SGX, or other accelerators. TinyCrypt is deliberately minimal, delivering only AES‑CCM, SHA‑256, and ECC‑P‑256 within a 5 KB binary, making it ideal for ultra‑low‑power microcontrollers but lacking newer primitives such as ChaCha20‑Poly1305. ARM CryptoCell integrates a secure co‑processor that isolates key material and performs cryptographic operations in hardware, drastically reducing CPU cycles and power draw.

Performance evaluation is conducted on a common hardware platform (STM32F4, Cortex‑M4, 48 MHz, 256 KB Flash, 64 KB SRAM). The authors measure binary size, RAM consumption, CPU cycles, and power consumption for representative workloads: 1 KB AES‑GCM encryption, ECC‑P‑256 signing, and SHA‑256 hashing. Results show that TinyCrypt has the smallest footprint (≈5 KB code, 1 KB RAM) but the highest cycle count for ECC operations. mbed TLS and WolfSSL occupy roughly 12–14 KB of code and 2–2.5 KB RAM, delivering moderate performance (≈3,200–3,800 cycles for AES‑GCM). ARM CryptoCell, when hardware acceleration is enabled, reduces the same AES‑GCM operation to about 1,200 cycles and ECC signing to roughly 4,000 cycles, with power consumption below 0.8 mW per operation—significantly lower than the 2–3 mW observed for pure software libraries.

Beyond raw performance, the paper assesses security certifications (FIPS 140‑2, ISO/IEC 19790), update mechanisms, and documentation quality. mbed TLS and WolfSSL have active maintenance cycles, regular CVE patches, and FIPS‑validated modules. TinyCrypt, while open‑source, lacks formal certification and relies on community contributions. ARM CryptoCell benefits from hardware‑level certifications and secure boot features but is tied to specific ARM MCU families.

The discussion synthesizes these findings into a practical selection guide. For devices with extremely tight memory and power budgets, TinyCrypt or a hardware‑backed solution like ARM CryptoCell is recommended, provided the limited algorithm set meets the application’s security requirements. For most commercial IoT products that need a balance of security, standards compliance, and future‑proofing, mbed TLS or WolfSSL are preferable because they support modern AEAD schemes, full TLS 1.3, and have robust update pipelines. The authors also identify research gaps: lightweight implementations of post‑quantum algorithms, automated build‑time optimization for specific MCU profiles, and deeper integration testing with real‑time operating systems (RTOS).

In conclusion, the paper argues that the optimal cryptographic library for IoT is one that combines lightweight software, optional hardware acceleration, and support for contemporary standards such as AEAD and elliptic‑curve cryptography. The compiled comparative tables and benchmark data constitute a valuable reference for developers and researchers aiming to embed strong security into resource‑constrained IoT devices.