Secure and Efficient MQTT Group Communication Design | SpringerLink
Skip to main content
Springer Nature Link
Log in

Secure and Efficient MQTT Group Communication Design

  • Chapter
  • First Online:
Computational Science/Intelligence and Applied Informatics (CSII 2019)

Part of the book series: Studies in Computational Intelligence ((SCI,volume 848))

Abstract

To facilitate the successful deployments of the Internet of Things (IoT) applications, the support of secure and efficient communication protocol and architecture is inevitable. Owing to its lightweight and easiness, the Message Queue Telemetry Transport (MQTT) has become one of the most popular communication protocols in the Internet-of-Things (IoT). However, the security supports in the MQTT are very weak: it assumes the security support from the underlying Secure Sockets Layer (SSL). The weakness incurs several key drawbacks. One is the support of SSL capacities is a pressure for those resources-constrained devices. One another and very important one is the lack of the support of secure group communication. Without efficient and secure group communication support, the MQTT-based IoT systems would suffer from deteriorated computational and communication performance, especially when there are tons of IoT devices accessing the systems. In this paper, we design a secure MQTT group communication framework in which each MQTT application would periodically updates the group key and the data communication can be efficiently and securely encrypted by the group keys. Both our prototype system and the analysis show that our design can improve the performance of security, computation, and communication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 11439
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 14299
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
JPY 18589
Price includes VAT (Japan)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Avast: Avast research finds at least 32,000 smart homes and businesses at risk of leaking data. https://press.avast.com/avast-research-finds-at-least-32000-smart-homes-and-businesses-at-risk-of-leaking-data. Accessed 7 Nov 2018

  2. MQTT: http://mqtt.org/. Accessed 7 Apr 2018

  3. AMQP: Home. https://www.amqp.org/. Accessed 7 Nov 2018

  4. CoAP—Constrained Application Protocol: Overview. http://coap.technology/. Accessed 7 Nov 2018

  5. DDS Portal—Data Distribution Services—Object Management Group. https://www.omgwiki.org/dds/. Accessed 7 Nov 2018

  6. ISO/IEC 20922:2016: Information technology—Message Queuing Telemetry Transport (MQTT) v3.1.1. https://www.iso.org/standard/69466.html. Accessed 7 Nov 2018

  7. OASIS Message Queuing Telemetry Transport (MQTT) TC|OASIS. https://www.oasis-open.org/committees/mqtt/. Accessed 7 Nov 2018

  8. Mirai (malware)—Wikipedia: https://en.wikipedia.org/wiki/Mirai_(malware). Accessed 7 Apr 2018

  9. Amazon Web Services: Security and Identity for AWS IoT. https://docs.aws.amazon.com/iot/latest/developerguide/iot-security-identity.html. Accessed 17 Jan 2019

  10. Mosquitto: http://projects.eclipse.org/projects/technology.mosquitto. Accessed 7 Nov 2018

  11. Arduino cloud: https://cloud.arduino.cc/. Accessed 7 Nov 2018

  12. Shiftr.io: https://shiftr.io/. Accessed 7 Nov 2018

  13. Mosca: https://github.com/mcollina/mosca/. Accessed 7 Nov 2018

  14. Chien, H.Y., Chen Y.J.: Security evaluation on various Arduino-compatible IoT devices. In: CISC2018, Taipei, 24, 25 May 2018

    Google Scholar 

  15. Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. In: Proceedings of EECSI 2017, Yogyakarta, Indonesia, 19–21 Sept 2017

    Google Scholar 

  16. Firdous, S.N., Baig, Z., Valli, C., Ibrahim, A.: Modelling and evaluation of malicious attacks against the IoT MQTT protocol. In: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2017)

    Google Scholar 

  17. Shin, S.H., Kobara, K., Chuang, C.C., Huang, W.-C.: A security framework for MQTT. In: 2016 IEEE Conference on Communications and Network Security (CNS): International Workshop on Cyber-Physical Systems Security (CPS-Sec) (2016)

    Google Scholar 

  18. Shin, S.H., Kobara, K.: Efficient augmented password-only authentication and key exchange for IKEv2. IETF RFC 6628, Experimental, June 2012. https://tools.ietf.org/rfc/rfc6628.txt

  19. Bhawiyuga, A., Data, M., Warda, A.: Architectural design of token based authentication of MQTT protocol in constrained IoT device. In: 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), Lombok, Indonesia, 26–27 Oct 2017

    Google Scholar 

  20. Mektoubi, A., Lalaoui, H., Belhadaoui, H., Rifi, M., Zakari, A.: New approach for securing communication over MQTT protocol A comparison between RSA and Elliptic Curve. In: 2016 Third International Conference on Systems of Collaboration (SysCo), Casablanca, Morocco (2016)

    Google Scholar 

  21. Espinosa-Aranda, J.L., Vallez, N., Sanchez-Bueno, C., Aguado-Araujo, D., Bueno, G., Deniz, O.: Pulga, a tiny open-source MQTT broker for flexible and secure IoT deployments. In: 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 28–30 Sept 2015

    Google Scholar 

  22. Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.O.: AUPS: an open source Authenticated publish/subscribe system for the internet of things. Inf. Syst. 62, 29–41 (2016)

    Article  Google Scholar 

  23. Lesjak, C., Hein, D., Hofmann, M., Maritsch, M., Aldrian, A., Priller, P., Ebner, T., Ruprechter, T., Pregartne, G.: Securing smart maintenance services: hardware-security and TLS for MQTT. In: IEEE 13th International Conference on Industrial Informatics (INDIN), Cambridge, UK, 22–24 July 2015

    Google Scholar 

  24. Arduino project: https://www.arduino.cc/. Accessed 7 Apr 2018

  25. Raspberry pi: https://www.raspberrypi.org/. Accessed 7 Apr 2018

  26. Arduino UNO wifi: https://www.arduino.cc/en/Guide/ArduinoUnoWiFi. Accessed 7 Apr 2018

  27. Arduino MKR1000: https://www.arduino.cc/en/Main/ArduinoMKR1000?s_tact=C3970CMW. Accessed 7 Apr 2018

  28. WeMos D1: https://wiki.wemos.cc/products:d1:d1_mini. Accessed 7 Apr 2018

  29. Chien, H.Y., et al.: A MQTT-API-compatible IoT security-enhanced platform. submitted to the Int. J. Sens. Netw.

    Google Scholar 

  30. Introducing JSON: https://www.json.org/. Accessed 7 Nov 2018

  31. NODE.JS: http://www.debugrun.com/a/cZomeQJ.html/. Accessed 7 Nov 2018

  32. XMPP: About XMPP. https://xmpp.org/about/. Accessed 7 Nov 2018

  33. Locke, D.: MQ Telemetry Transport (MQTT) V3.1 Protocol Specification. IBM Developer Works Technical Library, August 2010. http://www.ibm.com/developerworks/webservices/library/ws-mqtt/index.html

Download references

Acknowledgements

This project is partially supported by the National Science Council, Taiwan, R.O.C., under grant no. MOST 107-2218-E-260-001 and Chunhua Su is supported by JSPS Kiban(B) 18H03240 and JSPS Kiban(C) 18K11298.

Author information

Authors and Affiliations

  1. Department of Information Management, National Chi Nan University, Puli, Taiwan

    Hung-Yu Chien

  2. Department of Information and Communication Engineering, ChaoYang University of Technology, Taichung City, Taiwan

    Xi-An Kou & Mao-Lun Chiang

  3. Division of Computer Science, The University of Aizu, Aizuwakamatsu, Japan

    Chunhua Su

Authors
  1. Hung-Yu Chien
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xi-An Kou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mao-Lun Chiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunhua Su
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hung-Yu Chien .

Editor information

Editors and Affiliations

  1. Software Engineering and Information Technology Institute, Central Michigan University, Mount Pleasant, MI, USA

    Roger Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Chien, HY., Kou, XA., Chiang, ML., Su, C. (2020). Secure and Efficient MQTT Group Communication Design. In: Lee, R. (eds) Computational Science/Intelligence and Applied Informatics. CSII 2019. Studies in Computational Intelligence, vol 848. Springer, Cham. https://doi.org/10.1007/978-3-030-25225-0_13

Download citation

Publish with us

Policies and ethics