Secure MQTT Authentication and Message Exchange Methods for IoT Constrained Device

Fathan Abdul Shodiq, Rizka Reza Pahlevi, Parman Sukarno
{"title":"Secure MQTT Authentication and Message Exchange Methods for IoT Constrained Device","authors":"Fathan Abdul Shodiq, Rizka Reza Pahlevi, Parman Sukarno","doi":"10.1109/ICICyTA53712.2021.9689126","DOIUrl":null,"url":null,"abstract":"The concept of the Internet of Things (IoT) is expected to be one of the network solutions of the future. One of the protocols that are often used in IoT communication is the MQTT protocol. The MQTT protocol uses less bandwidth, is light in computing, and is fast in transmission. Thus, the MQTT protocol can be applied to constraint devices. However, the MQTT protocol lacks a security mechanism by default. The use of TLS in the MQTT protocol does not suitable for constraint devices. One of the vulnerabilities encountered in the MQTT protocol is authentication. The lack of authentication causes unauthorized nodes to use MQTT network resources which can lead to over-connection. This study used the JSON Web Token (JWT) to build a token-based authentication mechanism on MQTT as a second authentication factor other than username and password. This was done to prevent the access of unauthenticated nodes to enter the MQTT network. From the validation results, the proposed authentication mechanism is validated for brute force and sniffing attacks. The proposed authentication mechanism validated that there are not exist unauthenticated nodes that can log in into the MQTT network. In addition, the proposed authentication mechanism is validated that the message sent has been encrypted using the XXTEA encryption algorithm to maintain the confidentiality of the communication. The proposed authentication mechanism can be run on constraint devices using 405912 bytes (38% of total program storage) on publisher nodes and 406856 (38% of total program storage) on subscriber nodes.","PeriodicalId":448148,"journal":{"name":"2021 International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICyTA53712.2021.9689126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

The concept of the Internet of Things (IoT) is expected to be one of the network solutions of the future. One of the protocols that are often used in IoT communication is the MQTT protocol. The MQTT protocol uses less bandwidth, is light in computing, and is fast in transmission. Thus, the MQTT protocol can be applied to constraint devices. However, the MQTT protocol lacks a security mechanism by default. The use of TLS in the MQTT protocol does not suitable for constraint devices. One of the vulnerabilities encountered in the MQTT protocol is authentication. The lack of authentication causes unauthorized nodes to use MQTT network resources which can lead to over-connection. This study used the JSON Web Token (JWT) to build a token-based authentication mechanism on MQTT as a second authentication factor other than username and password. This was done to prevent the access of unauthenticated nodes to enter the MQTT network. From the validation results, the proposed authentication mechanism is validated for brute force and sniffing attacks. The proposed authentication mechanism validated that there are not exist unauthenticated nodes that can log in into the MQTT network. In addition, the proposed authentication mechanism is validated that the message sent has been encrypted using the XXTEA encryption algorithm to maintain the confidentiality of the communication. The proposed authentication mechanism can be run on constraint devices using 405912 bytes (38% of total program storage) on publisher nodes and 406856 (38% of total program storage) on subscriber nodes.
物联网受限设备的安全MQTT认证和消息交换方法
物联网(IoT)的概念有望成为未来的网络解决方案之一。物联网通信中经常使用的协议之一是MQTT协议。MQTT协议占用带宽少,计算量轻,传输速度快。因此,MQTT协议可以应用于约束设备。但是,MQTT协议在默认情况下缺乏安全机制。在MQTT协议中使用TLS不适合约束设备。MQTT协议中遇到的一个漏洞是身份验证。缺乏身份验证会导致未经授权的节点使用MQTT网络资源,从而导致过度连接。本研究使用JSON Web令牌(JWT)在MQTT上构建基于令牌的身份验证机制,作为用户名和密码之外的第二个身份验证因素。这样做是为了防止未经身份验证的节点进入MQTT网络。根据验证结果,验证了所提出的身份验证机制是否存在暴力破解和嗅探攻击。提出的身份验证机制验证了不存在可以登录到MQTT网络的未经身份验证的节点。此外,还验证了所提出的身份验证机制,即发送的消息已使用XXTEA加密算法进行了加密,以保持通信的机密性。提议的身份验证机制可以在约束设备上运行,在发布者节点上使用405912字节(占总程序存储的38%),在订阅者节点上使用406856字节(占总程序存储的38%)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信