POSTER: Integration of End-to-End Security and Lightweight-SSL for Enhancing Security and Efficiency of MQTT

Abstract

Message Queue Telemetry Transport (MQTT) is one of the most popular Internet of Things (IoT) communication protocols. The MQTT standards suggest the adoption of TLS/SSL in the underlying layer to facilitate the authentication and protect the transmissions. A MQTT system consists brokers, publishers, and subscribers. However, a TLS/SSL-enabled MQTT system still cannot protect the privacy against a curious broker. The End-to-End (E2E) MQTT security is one such mechanism to ensure the security between a publisher and a subscriber, and to protect the privacy against a curious broker. Here, we notice one weakness of such E2E-MQTT solutions. The layering of the TLS/SSL channels and the E2E channel incurs the extra overhead that a message is encrypted and decrypted triple times, and it increases the broker’s unnecessary loading. In this study, we leverage the benefits of adopting both TLS/SSL and the E2E channel, while enhancing the efficiency. We keep the authentication mechanism and the integrity function of TLS/SSL, but eliminate its encryption. Some preliminary designs and evaluations verify the merits of the integrated approach.