Date of Award


Document Type

Dissertation - SCU Access Only


Santa Clara : Santa Clara University, 2022.

Degree Name

Doctor of Philosophy (PhD)


Computer Science and Engineering

First Advisor

Yuhong Liu

Second Advisor

Behnam Dezfouli


The Internet of Things (IoT) has increased communication on the internet immensely ever since it became a significant presence in people’s daily lives . IoT devices are almost in every field like factories, agriculture, health care, smart cities, homes, autonomous driving, and many more. In most cases, the communication between two devices must be secured to prevent eavesdropping, tampering, forgery, and other types of attacks. E-Health is an example of an environment that exposes sensitive data that must be protected. There is a need to find a protocol to satisfy these requirements to achieve a decent level of security to cope with the most relevant requirements demanded by different IoT applications. Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security for data sent between applications over the internet and has been considered a promising approach to secure IoT applications. TLS protocol offers different cipher suites such that each is a combination of symmetric and asymmetric cryptography, as this approach provides a suitable compromise between performance and security when transmitting data securely. With symmetric cryptography, which is based on symmetric-key cryptography (SKC), data are encrypted and decrypted with a secret key known to both sender and recipient. Symmetric cryptography is efficient in terms of computation; therefore, it can easily be used on IoT devices. Asymmetric cryptography, which is based on public-key cryptography (PKC), uses a key pair: a public key and a private key. TLS uses PKC for several algorithms, such as authentication, signature validation, and symmetric-key generation. All these algorithms require intensive computation, up to 1,000 times more than what SKC requires. The PKC computation overhead may not fit the resource constraints of the IoT station. When an IoT station establishes an end-to-end secure session with a server, the TLS handshake protocol is used, which includes several steps. In each step, a message is exchanged between the two parties. The first part of this study analyses each step as a whole and calculates the time and energy consumed by the IoT station to execute that step. The second part focuses on each message and performs a comprehensive study of the cryptographic algorithm used by that message. This is done by annotating their source codes and running empirical measurements on two state-of-the-art low-power wireless IoT platforms. Specifically, we present fine-grained resource consumption of the building blocks of the TLS protocol. The last part of this study proposes a framework for offloading the processing overhead of TLS protocol to Wi-Fi access points (APs) in deployments where multiple APs exist. The offloading includes the computation by the PKC algorithms, which usually consume a significant amount of resources, and keeps only the lightweight SKC computation for the IoT station. Within this framework, the main problem is finding the AP with sufficient computation and communication capacities to ensure secure and efficient transmissions for the stations associated with that AP. Based on the data-driven profiles obtained from empirical measurements, the proposed framework offloads heavy security computations from the stations to the APs. We model the association problem as an optimization process with a multi-objective function. The goal is to achieve maximum network throughput via the minimum number of APs while satisfying the security requirements and the APs’ computation and communication capacities. The optimization problem is solved using genetic algorithms, with constraints extracted from a physical testbed. Experimental results demonstrate the practicality and feasibility of this comprehensive framework in terms of time and energy efficiency as well as security.

SCU Access Only

To access this paper, please log into or create an account in Scholar Commons using your email address.