MQTT-E: E2E encryption in MQTT via proxy re-encryption avoiding broker overloading

IF 4.4 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Ad Hoc Networks Pub Date : 2025-04-30 DOI:10.1016/j.adhoc.2025.103878

Francesco Buccafurri , Vincenzo De Angelis , Sara Lazzaro , Anusha Vangala

{"title":"MQTT-E: E2E encryption in MQTT via proxy re-encryption avoiding broker overloading","authors":"Francesco Buccafurri , Vincenzo De Angelis , Sara Lazzaro , Anusha Vangala","doi":"10.1016/j.adhoc.2025.103878","DOIUrl":null,"url":null,"abstract":"<div><div>A smart traffic monitoring system in smart city surveillance requires publisher and subscriber MQTT-enabled vehicles to share sensitive vehicle and route data with semi-trusted RSU nodes as brokers. To ensure end-to-end confidentiality, we propose the use of an RSU broker as a proxy to perform re-encryption of the exchanged messages between publisher and subscriber vehicles. The RSU brokers are implemented as serverless edge devices with the proxy re-encryption functions designed as function-as-a-service. In peak traffic scenarios, the RSU proxy brokers can become overloaded and drop the re-encryption operations. Additionally, a malicious actor can send counterfeit re-encryption requests to overload the brokers leading to Denial-of-Service attacks. In this paper, we propose a novel solution to mitigate DoS attacks by balancing the re-encryption functions from overloaded brokers. This problem is modeled as an online optimization problem, solved using a greedy heuristic approach, and compared with a baseline approach. The objective function is to reallocate the minimum number of clients when brokers are overloaded since this operation brings additional overhead for clients. Our experimental analysis shows that the greedy approach manages to move up to 5 times fewer clients than the baseline approach, depending on the scenario considered.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"176 ","pages":"Article 103878"},"PeriodicalIF":4.4000,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S157087052500126X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

A smart traffic monitoring system in smart city surveillance requires publisher and subscriber MQTT-enabled vehicles to share sensitive vehicle and route data with semi-trusted RSU nodes as brokers. To ensure end-to-end confidentiality, we propose the use of an RSU broker as a proxy to perform re-encryption of the exchanged messages between publisher and subscriber vehicles. The RSU brokers are implemented as serverless edge devices with the proxy re-encryption functions designed as function-as-a-service. In peak traffic scenarios, the RSU proxy brokers can become overloaded and drop the re-encryption operations. Additionally, a malicious actor can send counterfeit re-encryption requests to overload the brokers leading to Denial-of-Service attacks. In this paper, we propose a novel solution to mitigate DoS attacks by balancing the re-encryption functions from overloaded brokers. This problem is modeled as an online optimization problem, solved using a greedy heuristic approach, and compared with a baseline approach. The objective function is to reallocate the minimum number of clients when brokers are overloaded since this operation brings additional overhead for clients. Our experimental analysis shows that the greedy approach manages to move up to 5 times fewer clients than the baseline approach, depending on the scenario considered.

查看原文本刊更多论文

MQTT- e：通过代理重新加密在MQTT中进行端到端加密，避免代理过载

智能城市监控中的智能交通监控系统需要支持mqtt的发布者和订阅者车辆与半可信的RSU节点作为代理共享敏感的车辆和路线数据。为了确保端到端的机密性，我们建议使用RSU代理作为代理，对发布者和订阅者载体之间交换的消息执行重新加密。RSU代理被实现为无服务器边缘设备，代理重加密功能被设计为功能即服务。在高峰流量场景中，RSU代理代理可能会过载并放弃重新加密操作。此外，恶意行为者可以发送伪造的重新加密请求，使代理过载，从而导致拒绝服务攻击。在本文中，我们提出了一种新的解决方案，通过平衡来自过载代理的重加密功能来减轻DoS攻击。将该问题建模为在线优化问题，使用贪婪启发式方法求解，并与基线方法进行比较。目标函数是在代理过载时重新分配最小数量的客户端，因为此操作会给客户端带来额外的开销。我们的实验分析表明，根据所考虑的场景，贪婪方法能够比基线方法少移动多达5倍的客户机。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ad Hoc Networks 工程技术-电信学

CiteScore

10.20

自引率

4.20%

发文量

131

审稿时长

4.8 months

期刊介绍： The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to: Mobile and Wireless Ad Hoc Networks Sensor Networks Wireless Local and Personal Area Networks Home Networks Ad Hoc Networks of Autonomous Intelligent Systems Novel Architectures for Ad Hoc and Sensor Networks Self-organizing Network Architectures and Protocols Transport Layer Protocols Routing protocols (unicast, multicast, geocast, etc.) Media Access Control Techniques Error Control Schemes Power-Aware, Low-Power and Energy-Efficient Designs Synchronization and Scheduling Issues Mobility Management Mobility-Tolerant Communication Protocols Location Tracking and Location-based Services Resource and Information Management Security and Fault-Tolerance Issues Hardware and Software Platforms, Systems, and Testbeds Experimental and Prototype Results Quality-of-Service Issues Cross-Layer Interactions Scalability Issues Performance Analysis and Simulation of Protocols.