Abstract
The Message Queuing Telemetry Transport (MQTT) protocol is one of the most extended protocols on the Internet of Things (IoT). However, this protocol does not implement a strong security scheme by default, which does not allow a secure authentication mechanism between participants in the communication. Furthermore, we cannot trust the confidentiality and integrity of data. Lightweight IoT devices send more and more sensible data in areas of Smart Building, Smart City, Smart House, Smart Car, Connected Car, Health Care, Smart Retail, Industrial IoT (IIoT), etc. This makes the security challenges in the protocols used in the IoT particularly important. The standard of MQTT protocol strongly recommends implement it over Transport Layer Security (TLS) instead of plain TCP. Nonetheless, this option is not possible in most lightweight devices that make up the IoT ecosystem. Quite often, the constrained resources of IoT devices prevent the use of secure asymmetric cryptography algorithms implemented by themselves. In this article, we propose making a security schema in MQTT protocol using Cryptographic Smart Cards, for both challenges, the authentication schema and the trusted data confidentiality and data integrity. We carry out this security schema without modifying the standard protocol messages. And finally, we present a time results experiment using an example implementation model with JavaCard library.
Highlights
The Internet of Things (IoT) is an ecosystem that provides the possibility of communications on the Internet to countless devices of very different types: environment sensors [1], vehicles [2], remotely controlled actuators [3], home appliances [4], health care sensors [5], industrial devices (IIoT) [6], etc
Message Queuing Telemetry Transport (MQTT) protocol was designed by IBM and in 2013 was standardized by OASIS (Open Architecture System)
We present a new method for mutual authentication [22] in the MQTT protocol
Summary
The Internet of Things (IoT) is an ecosystem that provides the possibility of communications on the Internet to countless devices of very different types: environment sensors [1], vehicles [2], remotely controlled actuators [3], home appliances [4], health care sensors [5], industrial devices (IIoT) [6], etc. These papers use different schemes and cryptography primitives to secure MQTT communications, both to authenticate and to encrypt the payload In these proposals, the IoT microcontrollers implement the security solution. We propose including a Cryptographic Smart Card: hardware secure, trustworthy, well tested and with low economic cost in the IoT devices to execute all necessary cryptographic functions, and a public key repository accessible for the broker (Fig. 2). Using these new elements, we present a new method for mutual authentication [22] in the MQTT protocol. The last section includes conclusions details and describes the opened research trends about security in IoT communications
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
