Litcius/Paper detail

MQTT-I: Achieving End-to-End Data Flow Integrity in MQTT

Francesco Buccafurri, Vincenzo De Angelis, Sara Lazzaro

2024IEEE Transactions on Dependable and Secure Computing35 citationsDOI

Abstract

MQTT has become the de facto standard in the IoT. Although standard MQTT lacks built-in security features, several proposals have been made to address this gap. Unfortunately, no existing proposal aims to offer end-to-end data flow integrity in the threat model of untrusted broker. Consider that, the broker has a privileged role, since it is in the middle of communication between publishers and subscribers. Our paper attempts to bridge this gap by introducing a new protocol called MQTT-I, which achieves end-to-end data flow integrity. Our solution is inspired by approaches based on Merkle Hash Trees, commonly used in the context of outsourced data to guarantee data integrity. Our solution aligns with the specific nature of MQTT, in which: (1) publishers and subscribers dynamically join and leave the system, (2) the decoupling principle holds, meaning that publishers and subscribers do not establish any form of agreement, and (3) data, whose integrity should be protected, are multi-topic streams. Moreover, the proposed solution allows us to find the right balance between performance and security. We perform both theoretical and experimental analysis to demonstrate that the introduced security features come with an acceptable overhead in terms of computational and energy cost.

Topics & Concepts

MQTTComputer scienceData integrityComputer networkHash functionComputer securityMerkle treeContext (archaeology)End-to-end principleHash chainInternet of ThingsPaleontologyBiologyCloud Data Security SolutionsBlockchain Technology Applications and SecuritySecurity and Verification in Computing
MQTT-I: Achieving End-to-End Data Flow Integrity in MQTT | Litcius