You can view the full text of this article for free using the link below.

Title: A MQTT-API-compatible IoT security-enhanced platform

Authors: Hung-Yu Chien; Yi-Jui Chen; Guo-Hao Qiu; Jian Fu Liao; Ruo-Wei Hung; Pei-Chih Lin; Xi-An Kou; Mao-Lun Chiang; Chunhua Su

Addresses: Department of Information Management, National Chi Nan University, PuLi, Nantou 54561, Taiwan ' Department of Information Management, National Chi Nan University, PuLi, Nantou 54561, Taiwan ' Department of Computer Science and Information Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Department of Computer Science and Information Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Department of Computer Science and Information Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Department of Information and Communication Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Department of Information and Communication Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Department of Information and Communication Engineering, Chaoyang University of Technology, Wufeng, Taichung 41349, Taiwan ' Division of Computer Science, The University of Aizu, Aizuwakamatsu-shi, Fukushima 965-8580, Japan

Abstract: Owing to its lightweight and easiness, the message queue telemetry transport (MQTT) has become one of the most popular communication protocols in the internet-of-things (IoT). However, the security supports in the MQTT are very weak. In this paper, we systematically examine the security requirements of a MQTT-based IoT system, identify the gap between the requirements and the supported functions, and design a security-enhanced MQTT framework. The framework facilitates device authentication, key agreement, and policy authorisation. Additionally, it is desirable that any MQTT-security enhancements should be compatible with existent MQTT Application Programming Interfaces (API). We propose a two-phase authentication approach that can smoothly integrate secure key agreement schemes with the current MQTT-API. To evaluate its effectiveness and efficiency, we implement prototype. Compared to its counterparts, the results show the merits of improved communication performance, MQTT-API compliance, and security robustness.

Keywords: transport layer issues; security and privacy; MQTT; message queue telemetry transport; internet of things; authentication.

DOI: 10.1504/IJSNET.2020.104463

International Journal of Sensor Networks, 2020 Vol.32 No.1, pp.54 - 68

Received: 31 Mar 2019
Accepted: 22 Jul 2019

Published online: 12 Jan 2020 *

Full-text access for editors Access for subscribers Free access Comment on this article