Testing crypto performance and power consumption

With the release of the SecureMark-TLS benchmark by the Embedded Microprocessor Benchmark Consortium (EEMBC) this summer, it is now possible to gather information about the performance and power consumption of typically-used cryptographic functions on M-class microcontrollers (MCUs). This benchmark was developed in response to developers’ need to answer questions like "How long does it take to execute a Transport Layer Security (TLS) handshake with state-of-the-art cryptography?" and "Which MCU should I use in my product if I want to have a signature verification time of under 200 milliseconds?"

Two scores have already been submitted on the EEMBC SecureMark-TLS website, which you can access below. Contributing new scores to the EEMBC is essential to give developers more insight into various MCU offerings.

Visit EEMBC Website

We first presented the SecureMark-TLS benchmark at Arm TechCon 2018 this fall. A recording of the presentation is available below, taken from the EEMBC YouTube channel.

After our presentation, we were approached by several participants who noted that the benchmark could also be used in research projects. The EEMBC group working on SecureMark-TLS has developed a reference implementation, based on Mbed TLS, which is available to all EEMBC members.

What does this reference implementation do and how can it be used?

The reference implementation comes in three parts; namely, code for:

  • The device under test (DUT).
  • The input/output (I/O) manager.
  • The host system (typically used on a Windows laptop).

The most important code is on the DUT itself, because it has to execute the cryptographic functions based on the triggers received by the host system via a universal asynchronous receiver-transmitter (UART). As with some other EEMBC benchmarks, the code on the DUT is split into three parts; namely, code that:

  • Handles UART communication by parsing requests and returning responses.
  • Implements the benchmark functionality, which cannot be changed if you plan to get your score published by EEMBC.
  • Can be tailored to the specific needs of the DUT. For example, if the test must use a cryptographic function that the DUT implements in hardware, the function must either be integrated into Mbed TLS, which is used as the reference crypto implementation, or an alternative crypto library has to be used instead.

The I/O manager is an Arduino-based device that relays commands from the host to the DUT and returns the responses. The host system executes the tests using a script and offers a convenient user interface to display results. Power measurements are provided by a separate device, which was developed by STMicroelectronics.

How to implement SecureMark-TLS

To implement the SecureMark-TLS benchmark in research projects, use the reference implementation to test various compiler and toolchain settings and different crypto implementations, play with configuration options provided by crypto libraries, handcraft assembly optimizations, and so on.

In a nutshell, SecureMark-TLS gives developers a way to test their hardware and software, and the effort of building a test setup is minimal because the code and related user guides are available.

I would strongly encourage you to take a look at the uploaded scores, and contribute your own scores to EEMBC using the link below.

Visit EEMBC Website