PricingBlogAbout Us

Analysis of Secure MQTT Protocol for IoT Device Communication

Verified

Added on  2022/10/06

|3
|448
|1
Report
AI Summary
This report addresses the security vulnerabilities of the MQTT protocol, a popular choice for IoT device communication. It highlights the risks associated with unencrypted data in MQTT headers and proposes a secure MQTT protocol based on the Attribute-Based Encryption (ABE) scheme, leveraging Elliptic Curve Cryptography (ECC) for lightweight encryption. The proposed protocol utilizes CP-ABE and KP-ABE, incorporating publishers, brokers (PKG), and subscribers. Furthermore, the report explores additional security enhancements, including message delay, identity obfuscation, message enforcement, and advanced DoS detection. These measures aim to prevent real-time tracking, protect user privacy, and ensure secure data transmission in IoT environments. The paper references research papers that provide the basis for the proposed secure MQTT protocol and its feasibility for various IoT requirements through simulations and evaluation of their performance.
Document Page
Securing MQTT Protocol for IoT devices
MQTT is one of the popular protocols in IoT due to its various features such as being
lightweight and its efficient use of bandwidth. It is a publish/subscribe protocol based on
TCP. A broker is used to control the distribution of information by storing, filtering and
prioritizing publisher client’s requests to the subscriber clients.
However, there exist some vulnerabilities in MQTT that put its security at risk. For example,
a message from a Publisher is published under a specific topic such that all the subscribers
under that topic can receive the message sent through a broker. The various messages are
distinguished by the message header. However, the contents in the variable header such as the
password and username are not encrypted and therefore not secure.
To solve this problem, a more secure MQTT would be the one shown in the diagram below
based on ABE scheme [1].
It makes use of a new type of message ’0000’ as well as encrypting the message through
ABE scheme which is built upon Elliptic Curve Cryptography (ECC) that is very lightweight.
To send an encrypted message, a publisher will use Spublish command, and the message can
only be decrypted by that meet all the conditions outlined in the access policy.
The protocol will use two types of ABE; CP-ABE and KPABE. It will also include three
different entities; the publisher, PKG (broker) and the subscriber
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
The paper will also explore other ways of improving security such as the prevention of real-
time tracking of users and devices by delaying the messages, identity obfuscation and
messages modification, message enforcement upon delivery to clients and during
subscription to a topic, advanced DoS detection and supporting reactive rules for
notification, logging or requesting the consent of the user [2].
Document Page
References
[1] M. Singh, M. Rajan, V. Shivraj and P. Balamuralidhar, "Secure MQTT for Internet of
Things (IoT)", 2015 Fifth International Conference on Communication Systems and
Network Technologies, p. 2, 2015. Available: 10.1109/csnt.2015.16 [Accessed 1 October
2019].
[2] R. Neisse, G. Steri and G. Baldini, "Enforcement of security policy rules for the Internet
of Things", 2014 IEEE 10th International Conference on Wireless and Mobile
Computing, Networking and Communications (WiMob), p. 3, 2014. Available:
10.1109/wimob.2014.6962166 [Accessed 1 October 2019].

You're viewing a preview

Unlock full access by subscribing today!

chevron_up_icon
1 out of 3
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.