Security in the Internet of Things is a current and important research topic as it may encompass different aspects such as confidentiality and integrity of personal data, as well as the authentication and the authorization to access smart devices and sensors that are spreading day-by-day in our lives. In this paper we focus onto MQTT (Message Queue Telemetry Transport), a message-based communication protocol explicitly designed for low-power sensors and based upon the publish-subscribe paradigm. First of all, we describe some of the security solutions and improvements typically suggested in the literature for deployments of MQTT. Then, we present a possible alternative solution to protect specific topics in MQTT based on AugPAKE protocol. The proposed solution has been implemented through ActiveMQ middleware and successfully tested.
A Token-based Protocol for Securing MQTT Communications
Riccardo Pecori
;Luca Veltri
2018-01-01
Abstract
Security in the Internet of Things is a current and important research topic as it may encompass different aspects such as confidentiality and integrity of personal data, as well as the authentication and the authorization to access smart devices and sensors that are spreading day-by-day in our lives. In this paper we focus onto MQTT (Message Queue Telemetry Transport), a message-based communication protocol explicitly designed for low-power sensors and based upon the publish-subscribe paradigm. First of all, we describe some of the security solutions and improvements typically suggested in the literature for deployments of MQTT. Then, we present a possible alternative solution to protect specific topics in MQTT based on AugPAKE protocol. The proposed solution has been implemented through ActiveMQ middleware and successfully tested.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.