A Novel MQTT 5.0-Based Over-the-Air Updating Architecture Facilitating Stronger Security

Abstract

Over-the-air (OTA) updating is a critical mechanism for secure internet of things (IoT) systems for remotely updating the firmware (or keys) of IoT devices. Message queue telemetry transport (MQTT) is a very popular internet of things (IoT) communication protocol globally. Therefore, MQTT also becomes popular in facilitating the OTA mechanism in many IoT platforms, such as the Amazon IoT platform. In these IoT platforms, the MQTT broker acts as the message broker and as an OTA server simultaneously; in these broker-based OTA architectures, it is quite common that an IoT application manager not only uploads the new firmware/software to the broker but also delegates his signing authority on the firmware/software to the same broker. If the broker is secure and trusted, this OTA model works well; however, it incurs lots of security concerns if the broker is not fully trusted or if it is curious. Many MQTT deployments do not own their own brokers, but rely on a third-party broker, which sometimes is a freeware program or is maintained by a curious third party. Therefore, a secure OTA process should protect privacy against these brokers. This paper designs a novel MQTT-based OTA model in which an IoT application manager can fully control the OTA process through an end-to-end (E2E) channel. We design the model using MQTT 5.0’s new features and functions. The analysis shows that the new model greatly enhances security and privacy properties while maintaining high efficiency.