Analysis of Secure MQTT Protocol for IoT Device Communication

Verified

Added on 2022/10/06

AI Summary

Securing MQTT Protocol for IoT devices
MQTT is one of the popular protocols in IoT due to its various features such as being
lightweight and its efficient use of bandwidth. It is a publish/subscribe protocol based on
TCP. A broker is used to control the distribution of information by storing, filtering and
prioritizing publisher client’s requests to the subscriber clients.
However, there exist some vulnerabilities in MQTT that put its security at risk. For example,
a message from a Publisher is published under a specific topic such that all the subscribers
under that topic can receive the message sent through a broker. The various messages are
distinguished by the message header. However, the contents in the variable header such as the
password and username are not encrypted and therefore not secure.
To solve this problem, a more secure MQTT would be the one shown in the diagram below
based on ABE scheme [1].
It makes use of a new type of message ’0000’ as well as encrypting the message through
ABE scheme which is built upon Elliptic Curve Cryptography (ECC) that is very lightweight.
To send an encrypted message, a publisher will use Spublish command, and the message can
only be decrypted by that meet all the conditions outlined in the access policy.
The protocol will use two types of ABE; CP-ABE and KPABE. It will also include three
different entities; the publisher, PKG (broker) and the subscriber

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The paper will also explore other ways of improving security such as the prevention of real-
time tracking of users and devices by delaying the messages, identity obfuscation and
messages modification, message enforcement upon delivery to clients and during
subscription to a topic, advanced DoS detection and supporting reactive rules for
notification, logging or requesting the consent of the user [2].

References
[1] M. Singh, M. Rajan, V. Shivraj and P. Balamuralidhar, "Secure MQTT for Internet of
Things (IoT)", 2015 Fifth International Conference on Communication Systems and
Network Technologies, p. 2, 2015. Available: 10.1109/csnt.2015.16 [Accessed 1 October
2019].
[2] R. Neisse, G. Steri and G. Baldini, "Enforcement of security policy rules for the Internet
of Things", 2014 IEEE 10th International Conference on Wireless and Mobile
Computing, Networking and Communications (WiMob), p. 3, 2014. Available:
10.1109/wimob.2014.6962166 [Accessed 1 October 2019].