MARAS: Mutual Authentication and Role-Based Authorization Scheme for Lightweight Internet of Things Applications

4Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.

Abstract

The Internet of things (IoT) accommodates lightweight sensor/actuator devices with limited resources; hence, more efficient methods for known challenges are sought after. Message queue telemetry transport (MQTT) is a publish/subscribe-based protocol that allows resource-efficient communication among clients, so-called brokers, and servers. However, it lacks viable security features beyond username/password checks, yet transport-layer security (TLS/HTTPS) is not efficient for constrained devices. MQTT also lacks mutual authentication among clients and brokers. To address the issue, we developed a mutual authentication and role-based authorization scheme for lightweight Internet of things applications (MARAS). It brings mutual authentication and authorization to the network via dynamic access tokens, hash-based message authentication code (HMAC)-based one-time passwords (HOTP), advanced encryption standard (AES), hash chains, and a trusted server running OAuth2.0 along with MQTT. MARAS merely modifies “publish” and “connect” messages among 14 message types of MQTT. Its overhead to “publish” messages is 49 bytes, and to “connect” messages is 127 bytes. Our proof-of-concept showed that the overall data traffic with MARAS remains lower than double the traffic without it, because “publish” messages are the most common. Nevertheless, tests showed that round-trip times for a “connect” message (and its “ack”) are delayed less than a percentile of a millisecond; for a “publish” message, the delays depend on the size and frequency of published information, but we can safely say that the delay is upper bounded by 163% of the network defaults. So, the scheme’s overhead to the network is tolerable. Our comparison with similar works shows that while our communication overhead is similar, MARAS offers better computational performance as it offloads computationally intensive operations to the broker side.

Cite

CITATION STYLE

APA

Şeker, Ö., Dalkılıç, G., & Çabuk, U. C. (2023). MARAS: Mutual Authentication and Role-Based Authorization Scheme for Lightweight Internet of Things Applications. Sensors, 23(12). https://doi.org/10.3390/s23125674

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free