This paper introduces Sizzle, the first fully-implemented end-to-end security architecture for highly constrained embedded devices. According to popular perception, publickey cryptography is beyond the capabilities of such devices. We show that elliptic curve cryptography (ECC) not only makes public-key cryptography feasible on these devices, it allows one to create a complete secure web server stack including SSL, HTTP and user application that runs efficiently within very tight resource constraints. Our small footprint HTTPS stack needs less than 4KB of RAM and interoperates with an ECC-enabled version of the Mozilla web browser. We have implemented Sizzle on the 8-bit Berkeley/Crossbow Mica2 "mote" platform where it can complete a full SSL handshake in less than 4 seconds (session reuse takes under 2 seconds) and transfer 450 bytes of application data over SSL in about 1 second. We present additional optimizations that can further improve performance. To the best of our knowledge, this is the world?s smallest secure web server (in terms of both physical dimensions and resources consumed) and significantly lowers the barrier for connecting a variety of interesting new devices (e.g. home appliances, personal medical devices) to the Internet without sacrificing end-to-end security.