Security Architecture and Protocols for Secure MQTT-SN

Abstract

Message Queuing Telemetry Transport (MQTT) is a de facto standard for various Internet of Things (IoT) and industrial IoT applications. The data produced by a publisher are delivered to several subscribers via an MQTT broker. However, the MQTT standard lacks security-related functionalities, such as mutual authentication, access control, control message security, and end-to-end security. According to a recent report, many security threats and flaws associated with MQTT have been identified worldwide. This paper proposes security architecture and protocols to bootstrap MQTT security in the wireless sensor network. Security bootstrapping for MQTT includes security credential generation and distribution; registration protocol for joining MQTT entities such as publishers, subscribers, and brokers to the security controller; and rekeying protocol for group membership management. Special attention is given to the end-to-end security between the publishers and subscribers because the data from the publishers should not be corrupted by, and exposed to, the compromised broker. Both security analysis and performance evaluation show that our proposed security architecture and protocols for secure MQTT can be a viable solution to enhance MQTT security.