Cryptology ePrint Archive: Report 2019/740

A Secure Publish/Subscribe Protocol for Internet of Things

Lukas Malina and Gautam Srivastava and Petr Dzurenda and Jan Hajny and Radek Fujdiak

Abstract: The basic concept behind the emergence of Internet of Things (IoT) is to connect as many objects to the Internet as possible in an attempt to make our lives better in some way. However, connecting everyday objects like your car or house to the Internet can open up major security concerns. In this paper, we present a novel security framework for the Message Queue Transport Telemetry (MQTT) protocol based on publish/subscribe messages in order to enhance secure and privacy-friendly Internet of Things services. MQTT has burst onto the IoT scene in recent years due to its lightweight design and ease of use implementation necessary for IoT. Our proposed solution provides 3 security levels. The first security level suits for lightweight data exchanges of non-tampered messages. The second security level enhances the privacy protection of data sources and data receivers. The third security level offers robust long-term security with mutual authentication for all parties. The security framework is based on light cryptographic schemes in order to be suitable for constrained and small devices that are widely used in various IoT use cases. Moreover, our solution is tailored to MQTT without using additional security overhead.

Category / Keywords: applications / MQTT, Security, Cryptography, IoT, Digital Signature, Privacy

Original Publication (in the same form): ARES/IoT-SECFOR 2019

Date: received 21 Jun 2019

Contact author: malina at feec vutbr cz

Available format(s): PDF | BibTeX Citation

Note: The final publication appears in proceedings of ARES 2019.

Version: 20190624:070019 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]