Abstract

Internet of things (IoT) allows devices especially with low process capability and power consumption, to transmit data to each other using various communication technologies such as wired, wireless network and radio frequency. It also makes easier to access these data from anywhere by storing them in the cloud or database. Nowadays, IoT applications in diverse areas including sensitive personal information such as especially health, financial, industry have become widespread. When huge number of devices with limited resources are connected to IoT application, provided security gains significant importance to ensure the integrity, confidentiality, accessibility of these data. In addition, the availability of a variety of specialized devices and communication technologies demonstrate the hassle of providing a standard security mechanism. When device features with their low process capability and power consumption are taken into account, message queue telemetry transport (MQTT) is the most appropriate lightweight communication protocol. In this study, the MQTT security is defined, and preliminary work related to MQTT on basic security issues such as privacy, authentication and access control is examined. This study is based on the previous work that is interested in open authorization (OAuth 2.0) protocol, which is recommended to gain authorization. In this study, in addition to the OAuth token, authentication is performed in two steps using a HMAC-based one-time password (HOTP) due to its short life span. Since MQTT protocol does not have bidirectional authentication other than using transport layer security (TLS), mutual authentication is provided by using one-time password (OTP) with hash chain. Advanced encryption standard (AES) is used for providing confidentiality to prevent against potential security vulnerabilities. Finally, security analysis has been discussed by giving an alternative solution by using these methods against selected attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.