The Internet of Things on AWS – Official Blog

Elliptic Curve Cryptography and Forward Secrecy Support in AWS IoT

by Rameez Loladia | on | Permalink | Comments |  Share

Introduction

AWS IoT now supports Elliptic Curve Cryptography (ECC) for devices connecting to AWS IoT using TLS. You can now request an EC-based certificate for your device from AWS IoT or register your device using an existing EC-based certificate in order to establish a TLS connection. You can also connect your devices to AWS IoT using EC-based cipher suites for enhanced security on your TLS communications.

This blog will discuss the use of EC-based certificates to establish TLS connections. First, it will describe how to request an EC-based certificate from AWS IoT. Next, it will show you how to connect to AWS IoT using Elliptic Curve Diffie-Hellman Ephemeral(ECDHE) TLS cipher suites that provides forward secrecy.

In this blog post, we assume you are familiar with AWS IoT and the process of creating an AWS IoT certificate or registering your own certificate. We are going to use the AWS CLI to perform the procedures. If you don’t have the AWS CLI installed, follow these steps. If you have the AWS CLI installed, make sure you are using the most recent version.

For information about authentication in AWS IoT or how to use AWS IoT-generated certificates, see the AWS IoT Developer Guide.

Elliptic Curve Cryptography

ECC is an approach to public key cryptography based on elliptic curves over finite fields. The security of ECC systems rests on the elliptic curve discrete logarithm problem, rather than the RSA’s integer factorization problem. ECC allows devices to maintain a high security bar. ECC uses smaller keys than RSA for the same cryptographic strength.

Symmetric Key Size (bits) RSA Key Size (bits) Elliptic Curve Key size (bits)
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 512
National Institute of Standards and Technology (NIST)-recommended key sizes

 

As you can see from the NIST recommended key sizes table, to achieve 128-bit of security level, a 256-bit ECC key is equivalent in strength to a 3072-bit RSA key. Due to advances in cryptanalysis, recommended key lengths increase based on the period of time for which the information needs to be protected and the increased computational power that becomes available for a malicious user to attack the system. To achieve the next 256-bit level of security, a 512-bit elliptic curve key would be required. For an equivalent level of security, 15,360-bit RSA encryption keys are required.

EC Diffie-Hellman Ephemeral(ECDHE) cipher suites and Forward Secrecy(FS)

To provide forward secrecy for the traffic on <custom-endpoint>.iot.<region>.amazonaws.com, AWS IoT supports the EC Digital Signature Algorithm (ECDSA) and EC Diffie-Hellman Ephemeral (ECDHE) cipher suites for TLS. Forward secrecy is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. That means a malicious user who learns the private key of your device should not be able to decrypt any previous communication protected under that key. Under EC Diffie-Hellman Ephemeral cipher suites, the client and server establish a shared session secret that is independent of the long-term certified private keys used to authenticate the key exchange. In RSA key exchange cipher suites, the client-selected random session secret is encrypted using the server’s public key and sent over the wire. That means if the server’s private key gets compromised or cracked in the future, it can be used to decrypt all previous session secrets and used to decrypt any past recorded session traffic. The server itself can be authenticated and identified using RSA or EC-based certificates.

Creating an EC-based certificate using AWS IoT

In this section, you will use the AWS IoT API to create an EC-based certificate.

First, using Openssl in a terminal, you will create an ECC key pair. AWS IoT allows you to request an EC-based certificate with keys on the NIST P-256 or NIST P-384 curves. The following command creates an ECC key pair using NIST P-256 ECC curve:

$ openssl ecparam -out ecckey.key -name prime256v1 -genkey

Next, using the generated ECC key, you will create a certificate signing request (CSR):

$ openssl req -new -sha256 -key ecckey.key -nodes -out eccCsr.csr

During the CSR process, you will be prompted for information about your device. Enter the information that is appropriate for your device.

Using this CSR, you can now use the CreateCertificateFromCsr API to request an EC-based certificate from AWS IoT:

$ aws iot create-certificate-from-csr --certificate-signing-request file://eccCsr.csr --certificate-pem-outfile eccCert.crt --set-as-active

Registering your own EC-based certificate with AWS IoT

If you have your own EC-based certificate, use the following CLI command to register it with AWS IoT. This assumes you have already registered the CA certificate with AWS IoT that has signed and issued the device certificate. For more information, see the “Use Your Own Certificates” section of Authentication in AWS IoT .

$ aws iot register-certificate --certificate-pem file://myEccCertificate.crt --set-as-active

Performing MQTT operations using EC-based certificate and ECDHE cipher suites

Using the EC-based certificate you created/registered, you can now establish a TLS session and connect to AWS IoT using any mutually supported cipher suite. In the following example, you will use the MQTT mosquitto client to connect and publish to AWS IoT using the ECDHE-ECDSA-AES128-GCM-SHA256 cipher suite. This assumes you have the permissions required to connect and publish attached to the certificate. For more information, see Authorization in the AWS IoT Developer Guide.

$ mosquitto_pub --cafile AWSIoTCACert.crt --cert eccCert.crt --key ecckey.key -h XXXXXXXXXXXXXX.iot.us-east-1.amazonaws.com -d -p 8883 -q 1 -t foo/bar -i test --tls-version tlsv1.2 -m “HelloWorld” --ciphers ECDHE-ECDSA-AES128-GCM-SHA256

Conclusion

As part of our continuing efforts to keep the communication between AWS IoT and devices/applications as secure as possible, we have enabled support for ECC and forward secrecy using ECDHE ciphers.

We hope you found this walkthrough useful. Feel free to leave your feedback in the comments.