On the Efficiency of a Lightweight Authentication and Privacy Preservation Scheme for MQTT

Abstract

The Internet of Things (IoT) deployment in emerging markets has increased dramatically, making security a prominent issue in IoT communication. Several protocols are available for IoT communication; among them, Message Queuing Telemetry Transport (MQTT) is pervasive in intelligent applications. However, MQTT is designed for resource-constrained IoT devices and, by default, does not have a security scheme, necessitating an additional security scheme to overcome its weaknesses. The security vulnerabilities in MQTT inherently lead to overhead and poor communication performance. Adding a lightweight security framework for MQTT is essential to overcome these problems in a resource-constrained environment. The conventional MQTT security schemes present a single trusted scheme and perform attribute verification and key generation, which tend to be a bottleneck at the server and pave the way for various security attacks. In addition to that, using the same secret key for an extended period and a flawed key revocation system can affect the security of MQTT. To address these issues, we propose an Improved Ciphertext Policy-Attribute-Based Encryption (ICP-ABE) integrated with a lightweight symmetric encryption scheme, PRESENT, to improve the security of MQTT. In this work, the PRESENT algorithm enables the secure sharing of blind keys among clients. We evaluated a previously proposed ICP-ABE scheme from the perspective of energy consumption and communication overhead. Furthermore, we evaluated the efficiency of the scheme using provable security and formal methods. The simulation results showed that the proposed scheme consumes less energy in standard and attack scenarios than the simple PRESENT, Key Schedule Algorithm (KSA)-PRESENT Secure Message Queue Telemetry Transport (SMQTT), and ECC-RSA frameworks, with a topology of 30 nodes. In general, the proposed lightweight security framework for MQTT addresses the vulnerabilities of MQTT and ensures secure communication in a resource-constrained environment, making it a promising solution for IoT applications in emerging markets.