A Token-based Protocol for Securing MQTT Communications

Security in the Internet of Things is a current and important research topic as it may encompass different aspects such as confidentiality and integrity of personal data, as well as the authentication and the authorization to access smart devices and sensors that are spreading day-by-day in our lives. In this paper we focus onto MQTT (Message Queue Telemetry Transport), a message-based communication protocol explicitly designed for low-power sensors and based upon the publish-subscribe paradigm. First of all, we describe some of the security solutions and improvements typically suggested in the literature for deployments of MQTT. Then, we present a possible alternative solution to protect specific topics in MQTT based on AugPAKE protocol. The proposed solution has been implemented through ActiveMQ middleware and successfully tested.

[1]  Manish Parmar,et al.  Composite secure MQTT for Internet of Things using ABE and dynamic S-box AES , 2017, 2017 Innovations in Power and Advanced Computing Technologies (i-PACT).

[2]  SeongHan Shin,et al.  Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 , 2012, RFC.

[3]  Luca Veltri,et al.  3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications , 2016, Comput. Commun..

[4]  Pietro Ducange,et al.  A glimpse on big data analytics in the framework of marketing strategies , 2017, Soft Computing.

[5]  Peter Priller,et al.  Securing smart maintenance services: Hardware-security and TLS for MQTT , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[6]  SeongHan Shin,et al.  A security framework for MQTT , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[7]  Axel Küpper,et al.  Applying Attribute-Based Encryption on Publish Subscribe Messaging Patterns for the Internet of Things , 2015, 2015 IEEE International Conference on Data Science and Data Intensive Systems.

[8]  Wei Peng,et al.  A secure publish/subscribe protocol for Internet of Things using identity-based cryptography , 2016, 2016 5th International Conference on Computer Science and Network Technology (ICCSNT).

[9]  Abdelouahed Zakari,et al.  New approach for securing communication over MQTT protocol A comparaison between RSA and Elliptic Curve , 2016, 2016 Third International Conference on Systems of Collaboration (SysCo).

[10]  Avijit Mathur,et al.  A secure end-to-end IoT solution , 2017 .

[11]  Mahmoud Ammar,et al.  Journal of Information Security and Applications , 2022 .

[12]  Amol Borole,et al.  MQTT based secured home automation system , 2016, 2016 Symposium on Colossal Data Analysis and Networking (CDAN).

[13]  P. Balamuralidhar,et al.  Secure MQTT for Internet of Things (IoT) , 2015, 2015 Fifth International Conference on Communication Systems and Network Technologies.

[14]  Massimo Vecchio,et al.  The Day After Mirai: A Survey on MQTT Security Solutions After the Largest Cyber-attack Carried Out through an Army of IoT Devices , 2017, IoTBDS.

[15]  Panita Pongpaibool,et al.  Authorization mechanism for MQTT-based Internet of Things , 2016, 2016 IEEE International Conference on Communications Workshops (ICC).

[16]  Mahendra Data,et al.  Architectural design of token based authentication of MQTT protocol in constrained IoT device , 2017, 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA).