New approach for securing communication over MQTT protocol A comparaison between RSA and Elliptic Curve

Abstract

The Internet of things (IoT) is the interconnection of physical objects with the Internet network using existing technologies and communication protocols. The speed up and massive uses of this network's type in a multitude domain, from large industrial applications to small every day's uses, raises new serious problematic related to security. Indeed, recent reports on cyber security highlighted the Internet of things' vulnerability, and the risks continue to increase exponentially, especially with the deployment of intelligent networks [1]. These objects connected to the Internet network will create a lot of new attack attempts and present a considerable danger for the integrity of data. To avoid disastrous consequences, security approaches must take place to ensure a set of criteria, namely: resistance to attack, data authenticity, access control and user privacy [2]. Due to limited IoT capacities as a CPU, memory, bandwidth and the energy, a new kind of protocols and concepts have been developed and/or improved to satisfy the specific quality of service of this network's type. Among these protocols we find “Message Queue Telemetry Transport” (MQTT). It is an open source protocol created by IBM that uses the Publish/Subscribe pattern and requires only a small bandwidth. In this work, we propose a new approach of secured communication based on the MQTT protocol. Indeed, in an unsecured network, we use standard techniques and algorithms of cryptography such as digital signatures, hash functions and the RSA algorithm to secure communications, data and keys exchanges in an IoT network.