Evaluating Security of MQTT Protocol in Internet of Things

The Internet of Things (IoT) has revolutionized the way people interact, communicate, and perform daily activities in various domains ranging from households to industries and cities. MQTT is one of the commonly adopted protocols for implementing IoT. However, IoT systems that are connected through MQTT are susceptible to security breaches as MQTT was not originally designed with security as a priority. The credentials and messages transmitted in plaintext by default, thereby compromising data confidentiality and integrity. This study presents a comprehensive analysis of the MQTT protocol, including experimentation on an MQTT system using various cryptographic implementations, such as AES-CBC, RSA, and ECC AES Hybrid Scheme, to assess the processing time and message size. The findings indicate that payload encryption increases processing time and message bytes. Among the cryptographic implementations, RSA incurs the highest processing time, followed by ECC AES Hybrid Scheme and AES- CBC. Furthermore, the study demonstrates the effectiveness of attack prevention between standard MQTT and secured MQTT implementations by simulating various IoT attacks, such as black-box penetration attack, identity spoofing, DoS attack, and MITM attack. The results and subsequent discussion provide insights that answer the research question, revealing the cryptographic algorithms that result in the most overhead on the standard MQTT implementation and their capacity to resist common attacks.