VPN is - probably - secure and - certainly - greedy!

In previous posts, I suggested that Private Networks was recommended to secure data transmission between IoT Devices and Clouds. I got valid feedback that VPN was as safe. I agree IPSec with AES-256 encryption is secure way to transmit data over the internet. It would difficult (unrealistic?) task to decrypt the data...

However, it comes with some costs in terms of additional data to be transmitted.

(I'll keep the - other - security risk of D-DOS on Internet for a subsequent article...)

How does VPN encryption affect IoT devices?

I thoroughly searched for actual numbers of CPU and power usage impact as well as data overheads of IPsec with AES-256 encryption compared to simple IP (on a Private Network). Well, everyone agrees there is an impact, and the specialist say, how much depends on many factors...

For example, a high-end server with a powerful CPU may only experience a 10% CPU usage impact with IPsec, while a low-end device with a less powerful CPU may experience a 20% CPU usage impact.

The power usage impact will also vary depending on the device's overall power consumption. A device with a high power consumption may only experience a 1% power usage impact with IPsec, while a device with a low power consumption may experience a 10% power usage impact.

These numbers really depend on hardware platform and configuration. The actual and relative impact will vary depending on the specific hardware and configuration.

The data overheads will also vary from 6% to 200% depending on the IPsec configuration and packet size. A configuration with more security features will have higher data overheads, and a case with bigger data packets will suffer less from encryption than cases with smaller ones.

In any case, you’ll agree that substantial impact is to be expected on CPU, Power and data usage... and for most IoT devices, this is an important consideration!

Specifically, what does it mean for data usage?

Let’s take a concrete example on the data overhead.

The encryption process used by IPsec with AES-256 encryption adds about 60 to 100 bytes of overhead to each data packet that is being transmitted. This means that more data will need to be transmitted over the VPN connection in order to send the same amount of unencrypted data.

Let’s assume a typical data packet is about 600 bytes. The amount of encryption overhead is then about 10% - note this is in the lower range… It means that for every 1GB of data that is transmitted, an additional 0.10GB of overhead will be added.

So, for a use case requiring to transmit 1GB of data for 10,000 IoT devices per month, the total amount of additional data to be transmitted due to encryption overhead would be:

0.10GB/GB x 1GB x 10,000 devices = 1,000GB

This means almost 1TB of additional data is transferred due to encryption every months. I let you evaluate the cost that this means with your current mobile network provider.

So, the additional data to be transmitted due to VPN encryption overhead can have a significant impact on your operation costs. This is something to keep in mind when choosing your IoT connectivity solution of an IoT project.