Abstract
Owing to its simplicity and easiness to use, Message Queue Telemetry Transport (MQTT) is very popular and there are many deployments globally. The experiences from the widely deployments also manifest its critical weaknesses: lack of enough security support and poor flexibility/scalability. In light of these experiences and reports, the newest MQTT standard called MQTT 5.0 amends several new functions and extensions. MQTT 5.0 has the great potentials to extend and increase new functions and features. One of the mostly-discussed limitations of the its precedent MQTT systems is its lack of end-to-end (publisher-to-subscriber) security support. In this paper, we design two end-to-end security schemes for MQTT 5.0. To the best of our knowledge, this is the first end-to-end security support designed for MQTT 5.0.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO/IEC 20922:2016, Information technology -- Message Queuing Telemetry Transport (MQTT) v3.1.1. https://www.iso.org/standard/69466.html. Accessed 25 Mar 2022
OASIS, MQTT Version 5.0, 07 March 2019. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html. Accessed 01 Apr 2022
Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. In: Proceedings of EECSI 2017, Yogyakarta, Indonesia, 19–21 September 2017, pp. 19–21 (2017)
HiveMQ Homepage, Enhanced Authentication. https://www.hivemq.com/blog/mqtt5-essentials-part11-enhanced-authentication/. Accessed 02 Apr 2022
HiveMQ Homepage, User Properties - MQTT 5 Essentials Part 6. https://www.hivemq.com/blog/mqtt5-essentials-part6-user-properties/. Accessed 24 Mar 2022
Steve Internet Guide, Understanding and Using MQTT v5 Request Response. http://www.steves-internet-guide.com/mqttv5-request-response/. Accessed 14 Mar 2022
Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source authenticated publish/subscribe system for the Internet of Things. Inf. Syst. 62, 29–41 (2016)
Neisse, R., Steri, G., Baldini, G.: Enforcement of security policy rules for the internet of things. In: 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Larnaca, pp. 165–172 (2014)
Shin, S. H., Kobara, K.: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2. IETF RFC 6628, Experimental, June 2012. https://tools.ietf.org/rfc/rfc6628.txt. Accessed 05 Feb 2022
Chien, H.Y., et al.: A MQTT-API-compatible IoT security-enhanced platform. Int. J. Sens. Netw. 32(1), 54–68 (2020)
Chien, H.-Y., Lin, P.C., Chiang, M.L.: Efficient MQTT platform facilitating secure group communication. J. Internet Technol. 21(7), 1929–1940 (2020)
Mektoubi, A., Lalaoui, H., Belhadaoui, H., Rifi, M., Zakari, A.: New approach for securing communication over MQTT protocol A comparison between RSA and Elliptic Curve. In: 2016 Third International Conference on Systems of Collaboration (SysCo), Casablanca, pp. 1–6 (2016)
Singh, M., Rajan, M.A., Shivraj, V.L., Balamuralidhar, P.: Secure MQTT for internet of things (IoT). In 2015 Fifth International Conference on Communication Systems and Network Technologies, IEEE, India, pp. 746–751, 4–6 April 2015
Lee, H., Lim, J., Kwon T.: MQTLS: toward secure MQTT communication with an untrusted broker. In: 2019 International Conference on Information and Communication Technology Convergence (ICTC), pp. 53–58 (2019)
Ciou, P.-P., Chien, H.-Y.C.: An implementation of challenge-response authentication for MQTT 5.0 IoT system. In: The 2021 International Conference on Emerging Industry and Health Promotion (EIHP 2021), Puli, 3–4 July 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chien, HY. (2022). Design of End-To-End Security for MQTT 5.0. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)