Implementation of Event-Based Dynamic Authentication on MQTT Protocol

This paper proposes an authentication mechanism on the MQ Telemetry Transport (MQTT) protocol. The exchange of data in the IoT system became an important activity. The MQTT protocol is a fast and lightweight communication protocol for IoT. One of the problems with the MQTT protocol is that there is no security mechanism in the initial setup. One security attack may occur during the client registration phase. The client registration phase has a vulnerability to accept false clients due to the absence of an authentication mechanism. An authentication mechanism has been previously made using Transport Layer Security (TLS). However, the TLS mechanism consumes more than 100 KB of data memory and is not suitable for devices that have limitations. Therefore, a suitable authentication mechanism for constraint devices is required. This paper proposes a protocol for authentication mechanisms using dynamic and event-based authentication for the MQTT protocol. The eventbased is used to reduce the computing burden of constraint devices. Dynamic usage is intended to provide different authentication properties for each session so that it can improve authentication security. As results, the applied of the event-based dynamic authentication protocol was successful in the constraint devices of  microcontrollers and broker. The microcontroller, as a client, is able to process the proposed protocol. The client uses 52% of the memory for the proposed protocol and only consumes 2% higher than the protocol without security. The broker can find authentic clients and constraint devices capable of computing to carry out mutual authentication processes to clients. The broker uses a maximum of 4.3 MB of real memory and a maximum CPU usage of 3.7%.

[1]  L. Tippett Statistical Tables: For Biological, Agricultural and Medical Research , 1954 .

[2]  Craig Valli,et al.  Modelling and Evaluation of Malicious Attacks against the IoT MQTT Protocol , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[3]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[4]  Matti Siekkinen,et al.  TLS and energy consumption on a mobile device: A measurement study , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[5]  Nitin Naik,et al.  Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP , 2017, 2017 IEEE International Systems Engineering Symposium (ISSE).

[6]  Jin Hee Chung Adaptive Energy-Efficient SSL/TLS Method Using Fuzzy Logic for the MQTT-Based Internet of Things , 2016 .

[7]  Maslina Daud,et al.  Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework , 2016, ICC 2016.

[8]  Zidong Wang,et al.  Event-based security control for discrete-time stochastic systems , 2016 .

[9]  Budi Rahardjo,et al.  Attack scenarios and security analysis of MQTT communication protocol in IoT system , 2017, 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI).

[10]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[11]  Tapan Kumar Hazra,et al.  File encryption using Fisher-Yates Shuffle , 2015, 2015 International Conference and Workshop on Computing and Communication (IEMCON).

[12]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[13]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..