Access Control on Internet of Things based on Publish/Subscribe using Authentication Server and Secure Protocol

Abstract

This study proposes a prototype model from access control security system in the Internet of Things (IoT) that uses the Message Queuing Telemetry Transport (MQTT) protocol as its communication and fog computing as its architecture with the authentication server and secure protocol. In the MQTT protocol, there are security mechanism issues such as publisher (device) authentication and data privacy protection is still not good. This causes the integrity and confidentiality of a data used by the subscriber to be less secure. Device nodes and gateway devices in IoT that become publishers will be authenticated to obtain tokens using authentication server via HTTPS. Tokens are embedding with sensor data inside secure payload format and publish to MQTT broker. Authentication server will perform management and validation credentials on all publishers and secure payload in MQTT broker. In addition, SSL certificates are applied to the MQTT protocol to secure their communications. Based on evaluation and security analysis, the application of access control mechanisms can be implemented on the MQTT protocol and can secure the integrity and confidentiality of data that sent from the device to the cloud over the internet. In the overhead analysis, there is a significant increase in payload because of the payload data sent with the token, but the latency of delivery time, CPU, memory usage is still up to a reasonable limit of not more than 50%.