A MQTT-API-compatible IoT security-enhanced platform
Hung Yu Chien, Yi Jui Chen, Guo Hao Qiu, Jian Fu Liao, Ruo-Wei Hung, Pei Chih Lin, Xi An Kou, Mao‐Lun Chiang, Chunhua Su
Abstract
Owing to its lightweight and easiness, the message queue telemetry transport (MQTT) has become one of the most popular communication protocols in the internet-of-things (IoT). However, the security supports in the MQTT are very weak. In this paper, we systematically examine the security requirements of a MQTT-based IoT system, identify the gap between the requirements and the supported functions, and design a security-enhanced MQTT framework. The framework facilitates device authentication, key agreement, and policy authorisation. Additionally, it is desirable that any MQTT-security enhancements should be compatible with existent MQTT Application Programming Interfaces (API). We propose a two-phase authentication approach that can smoothly integrate secure key agreement schemes with the current MQTT-API. To evaluate its effectiveness and efficiency, we implement prototype. Compared to its counterparts, the results show the merits of improved communication performance, MQTT-API compliance, and security robustness.