A Secure MQTT Framework from PUF-based Key Establishment

In this paper, we first propose a PUF-based key establishment (KE1+) protocol because PUFs (Physically Unclonable Functions) can be an alternative to perfect tamper-resistant modules, and a better solution to provide security against side-channel attacks. The KE1+ protocol (an improved version of KE1 [33]) additionally provides mutual authentication and efficiency optimization for client side. Then, we propose a secure MQTT framework (for short, S-MQTT) where the KE1+ protocol is executed for key establishment whenever needed between publishers/subscribers and a broker. This S-MQTT does not require any certificate validation/revocation checks on both publishers/subscribers and broker sides which can simplify the initial setup of publishers/subscribers. Also, we explain implementation details and performance overhead of S-MQTT that makes use of MQTT open source project Mosquitto 1.4.10 [20]. With average processing times of S-MQTT publisher, we show that S-MQTT publisher is much more efficient than the previous work [34].

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Jacques Stern,et al.  The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes , 1996, ASIACRYPT.

[4]  SeongHan Shin,et al.  On Finding Secure Domain Parameters Resistant to Cheon's Algorithm , 2015, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Stefan Katzenbeisser,et al.  Physical Unclonable Functions , 2012, Datenschutz und Datensicherheit - DuD.

[6]  Srinivas Devadas,et al.  Secure and robust error correction for physical unclonable functions , 2010, IEEE Design & Test of Computers.

[7]  Martin Nemzow,et al.  Rethinking Public Key Infrastructures and Digital Certificates and Privacy , 2001 .

[8]  Kazukuni Kobara,et al.  Key Establishment Using Physically Unclonable Functions , 2015, 2015 International Conference on Computational Science and Computational Intelligence (CSCI).

[9]  David Naccache,et al.  Towards Hardware-Intrinsic Security - Foundations and Practice , 2010, Information Security and Cryptography.

[10]  SeongHan Shin,et al.  Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 , 2012, RFC.

[11]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[12]  SeongHan Shin,et al.  A security framework for MQTT , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[13]  Boris Skoric,et al.  Strong Authentication with Physical Unclonable Functions , 2007, Security, Privacy, and Trust in Modern Data Management.

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Stefan Katzenbeisser,et al.  PUF-Based Authentication Protocols - Revisited , 2009, WISA.

[16]  J. Bekenstein How does the Entropy/Information Bound Work? , 2004, quant-ph/0404042.