Skip to Content Java Solaris Communities Partners My Sun Sun Store United States Worldwide

Research Home
»  Spotlight Articles
»  Projects
»  Publications
»  People
»  Awards
»  Events
»  Downloads
»  Internships
»  Contrarian Minds
»  About Sun Labs
Huge Advance for Tiny Devices

Huge Advance for Tiny Devices

Sun Labs Uses Elliptic Curve Cryptography to Create "Sizzle" World's Smallest Secure Web Server: "Biggest Breakthrough in Sensor Network Security in the Last Year."

February 10, 2005 - If you're looking at the size and growth rate of the market for microprocessor-controlled devices, the word "constrained" would not come to mind. Today more than 3 billion devices already have Web access, and that number is expected to grow to 14 billion within the next five years.

Yet a thorny technical issue has indeed been holding the device market back—particularly when it comes to tiny, resource-constrained devices such as wireless network sensors, smart cards, specialized medical instruments, automotive computers, utility meters, and so on.

In a word: security. The appetite for secure, private, confidential data exchange and transactions is growing just as fast as the demand for ever-smaller, faster, less expensive devices. But the challenge of delivering adequate security for these tiny devices has proven to be, well...huge.

This was the challenge researchers, engineers, and scientists at Sun Labs set out to tackle. The technology they have developed, and the results they have achieved, have sparked broad interest within the academic community and beyond. After seeing a demonstration of Sun Labs' "Sizzle" (for Slim SSL) Web server, which uses Elliptic Curve Cryptography (ECC), Professor David Wagner of the University of California at Berkeley said "I personally believe this result is the biggest breakthrough in sensor network security in the last year." And a technical paper describing Sizzle has been selected to receive this year's Mark Weiser Best Paper Award at the IEEE Conference on Pervasive Computing and Communications (PerCom2005).

Large keys are a big problem for small devices.

Secure Sockets Layer (SSL) is the dominant protocol for securing sensitive Internet transactions like e-commerce, online banking and stock trading. However, the RSA cryptographic technology used in SSL today requires power and memory resources that many tiny devices simply haven't got.

Specifically, the problem is the size of the keys used for encryption in SSL. Currently 1024-bit RSA keys are standard, and it is expected that this size will increase to 2048 bits by the end of the decade . Such a large key size puts a severe load on both clients and servers—and the problem is particularly acute for tiny devices with small, inexpensive (typically 8-bit) processors, battery-powered operation, and very limited memory.

The Sun solution: ECC on SSL

Next Generation Cryptography Team
Next Generation Cryptography
Team

At Sun Labs, the Next Generation Cryptography Team has been working with standards bodies to develop and integrate a more efficient technology called Elliptic Curve Cryptography (ECC) into the SSL protocol. This technology was recently chosen by the National Security Agency as the next generation public-key technology for protecting sensitive U.S. Government information.

Invented in 1985 by Victor Miller and Neal Koblitz, ECC has evolved into a mature public-key technology. It offers the same security as RSA, but with substantially smaller key sizes. For example, a 160-bit ECC key provides the same level of security as a 1024-bit RSA key, and a 224-bit ECC key provides the same security as a 2048-bit RSA key. Smaller keys mean faster computation, lower power consumption, and memory and bandwidth savings.

In tests conducted in 2003, Sun Labs engineers found that, on enterprise-class 64-bit processors, ECC was about four times faster than RSA at the RSA 1024 security level. At the RSA 2048 level, ECC was more than 14 times faster. The performance advantage of ECC over RSA is even greater on small processors like the 8-bit Atmel ATmega128 used in many wireless sensor networks. On this processor, ECC is 13 times faster at the RSA 1024 security level and 38 times faster at the RSA 2048 level.

Seeding industry adoption of ECC

Transforming the lab results and the promise of ECC into tangible benefits for real-world applications is no trivial task. First and foremost, ECC must be supported by the SSL standard. Both servers and client devices must adopt the technology so that both sides can communicate successfully. For this reason, the Sun Labs team has focused on seeding industry adoption of ECC. To date, their efforts include:

  • Contribution of ECC technology to OpenSSL, which allows Apache Web servers (which currently represent 60% of the Web server market), to communicate securely and efficiently with lightweight devices using ECC technology

  • Addition of ECC support to Netscape Security Services (NSS), which powers the Mozilla/Netscape and Firefox browsers and the Sun Java System Web, Directory, and Messaging Server products

  • On-going work with standards bodies and co-authoring the IETF Internet draft to specify the use of ECC technology in the SSL protocol

To expedite real-world results, Sun Labs is also actively engaged with universities, corporations, and military technologists to identify and develop solutions to the remaining obstacles to widespread adoption of ECC-based devices.

World's smallest secure Web server

Sizzle World's Smallest Secure Web Server
"Sizzle" World's Smallest
Secure Web Server

In addition to its contributions to Open Source and its work with standards bodies, Sun Labs has used ECC technology to create the world's smallest secure Web server, delivering powerful proof of the capabilities of ECC.

This tiny Web server, about the size of a U.S. twenty-five cent coin, is designed to be embedded in a wide array of lightweight devices, including home appliances, utility meters, personal medical devices, and industrial sensors for secure monitoring and control across the Internet. This technology provides an easy-to-use highly secure and efficient wireless networking solution for linking factories, manufacturing plants, supply chains, and field operations to the central database.

Sizzle runs on the Berkeley/Crossbow "mote," a battery-powered, wireless device equipped with an 8-bit microprocessor, 128KB of FLASH memory, and a mere 4KB of RAM. In spite of its small size, Sizzle makes no compromises in terms of security. It uses 160-bit ECC which provides the same level of security as 1024-bit RSA used in secure online transactions today.

For more information

See related article "Researchers unveil smallest secure server"

Additional details about Sun's use of and advocacy for ECC technology, along with information about Sizzle, the latest version of Open SSL and Mozilla/NSS code containing ECC technology, can be found on the Sun Labs Next Generation Crypto Project Web site.

About Sun Labs

Established in 1990, Sun Microsystems Laboratories is the applied research and advanced development arm ofSun Microsystems, Inc., with locations in California andMassachusetts. Sun Labs is one of the ways Sun invests in the future, and is responsible for many of the technology advancements and inventions that have made Sun a technology powerhouse—including asynchronous and high-speed circuits, optical interconnects, 3rd-generation Web technologies, sensors, network scaling and Java technologies. Although many companies have R&D groups, Sun Labs can claim one of the highest rates of technology transfer in the industry.

Would you recommend this Sun site to a friend or colleague?
Contact About Sun News Employment Privacy Terms of Use Trademarks Copyright 1994-2008 Sun Microsystems, Inc.