Enhancing MQTT security for internet of things: Lightweight two-way authorization and authentication with advanced security measures

被引：0

作者：

Bangare, Pallavi S. ^{[1
]}

Patil, Kishor P. ^{[1
]}

机构：

[1] Department of E&TC, Sinhgad Academy of Engineering, Savitribai Phule Pune University, Pune

来源：

Measurement: Sensors | 2024年 / 33卷

关键词：

Advanced encryption standard; Internet of things; Markel tree; Message queuing telemetry transport; Security;

D O I：

10.1016/j.measen.2024.101212

中图分类号：

学科分类号：

摘要：

The MQTT (Message Queuing Telemetry Transport) protocol used the pub-sub model for IoT communication. Bolstering security with two-way authentication becomes a critical necessity. This paper presents a novel algorithm that fortifies MQTT with enhanced security measures, utilizing a refined MQTT implementation that integrates with a Merkle tree. HBMQTT Broker increases security as it uses different plugins, like the authentication plugin and the authorization plugin. These plugins serve to add extra layers of protection, reinforcing security protocols and heightening resilience to potential threats. The Merkle tree integration enhances data security during data transmission, effectively distinguishing between authentic and inauthentic data streams. Merkle trees generate tokens, which are used for secure data transmission. The algorithm is tested with four different hacking adversarial attacks: man-in-The-Middle (MITM), malware attack, denial of service (DoS), and phishing attack. Space and time complexity are also calculated for these attacks. © 2024 The Author(s)

引用

共 20 条

[1] Mukhandi M., Portugal D., Pereira S., Couceiro M.S., A novel solution for securing robot communications based on the MQTT protocol and ROS, 2019 IEEE/SICE International Symposium on System Integration (SII), pp. 608-613, (2019)
[2] Vithanage N.N.N., Thanthrige S.S.H., Kapuge M.C.K.P., Malwenna T.H., Liyanapathirana C., Wijekoon J.L., A secure corroboration protocol for Internet of Things (IoT) devices using MQTT version 5 and LDAP, 2021 International Conference on Information Networking (ICOIN), pp. 837-841, (2021)
[3] Lohachab A., Karambir, ECC based inter-device authentication and authorization scheme using MQTT for IoT networks, J. Inf. Secur. Appl., 46, pp. 1-12, (2019)
[4] Sharma B., Sekharan C.N., Zuo F., Merkle-tree based approach for ensuring integrity of electronic medical records, IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, pp. 983-987, (2018)
[5] Chen F., Huo Y., Zhu J., Fan D., A review on the study on MQTT security challenge, 2020 IEEE International Conference on Smart Cloud (SmartCloud), Washington, DC, USA, pp. 128-133, (2020)
[6] Calabretta M., Pecori R., Vecchio M., Veltri L., MQTT-auth: a token-based solution to endow MQTT with authentication and authorization capabilities, Journal of Communications Software and Systems, 14, 4, pp. 320-331, (2018)
[7] Yin X., He J., Guo Y., Han D., Li K.-C., Castiglione A., An efficient two-factor authentication scheme based on the merkle tree, Sensors, 20, (2020)
[8] Xu J., Wei L., Zhang Y., Wang A., Zhou F., Gao C.-Z., Dynamic Fully Homomorphic encryption-based Merkle Tree for lightweight streaming authenticated data structures, J. Netw. Comput. Appl., 107, pp. 113-124, (2018)
[9] Stoev I., Zaharieva S., Borodzhieva A., Staevska G., An approach for securing MQTT protocol in ESP8266 WiFi module, 2020 XI National Conference with International Participation (ELECTRONICA), Sofia, Bulgaria, pp. 1-4, (2020)
[10] Patel C., Doshi N., A novel MQTT security framework in generic IoT model, Third International Conference on Computing and Network Communications (CoCoNet'19), Procedia Computer Scienc, 171, pp. 1399-1408, (2020)

← 1 2 →