The Security Method in MQTT Protocol for Internet of Things

Abstract

One of the most extensive protocols on the Internet of Things is Message Queuing Telemetry Transport (MQTT). However, there is no complete security method for the security of this protocol. The confidentiality and integrity of the message cannot be ensured. In the Industrial Internet of Things, there is more and more confidential or sensitive information. Therefore, it is important to deliver the message correctly. The issue of information security has gradually received attention. MQTT, which only relies on TCP/IP, does not have encryption protection. It may become the target of a man-in-the-middle attack. This paper uses a new architecture to protect MQTT in two stages. First, it uses a one-time-password as the first-stage authentication mechanism. It is an OTP-based identity verification method and an effective algorithm to protect the device from improper use. It can eliminate the risk of unauthorized users gaining access rights. The second stage is to use the simple restriction of black and white lists. It realizes the second identity verification. Finally, to prevent sensitive information from being stolen or modified after being cracked. It encrypts the payload with Advanced Encryption Standard (AES). Ensure that confidential or sensitive information will not leak out due to attacks. In this way, the confidentiality and integrity of the data can be ensured.