DOI QR코드

DOI QR Code

Securing the MQTT Protocol using the LEA Algorithm

LEA 알고리즘을 이용한 MQTT 프로토콜 보안

  • Laksmono Agus Mahardika Ari (Dept. of Computer Information Convergence Engineering, Pusan National University) ;
  • Iqbal Muhammad (Dept. of Computer Information Convergence Engineering, Pusan National University) ;
  • Pratama Derry (Dept. of Computer Information Convergence Engineering, Pusan National University) ;
  • Howon Kim (Dept. of Computer Information Convergence Engineering, Pusan National University)
  • Published : 2024.05.23

Abstract

IoT is becoming more and more popular, along with the massive availability of cheap and easy-to-use IoT devices. One protocol that is often used in IoT devices is the Message Queuing Telemetry Transport (MQTT) protocol. By default, the MQTT protocol does not activate encrypted data security features. This MQTT default feature makes the transmitted and received message data vulnerable to attacks, such as eavesdropping. Therefore, this paper will design and implement encrypted data security using the lightweight cryptography algorithm. The focus of this paper will be on securing MQTT message data at the application layer. We propose a method for encrypting specific MQTT message fields while maintaining compatibility with the protocol's functionalities. The paper then analyzes the timing performance of the MQTT-LEA implementation on the Raspberry Pi 3+. Our findings demonstrate the feasibility of using LEA at the application layer to secure MQTT message communication on resource-constrained devices.

Keywords

Acknowledgement

This work is financially supported by Korea Ministry of Land, Infrastructure and Transport (MOLIT) as 「Innovative Talent Education Program for Smart City」.

References

  1. Bako Ali and Ali Ismail Awad, "Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes", in Sensors 18, no. 3: 817, 2018.
  2. B. Mishra and A. Kertesz, "The Use of MQTT in M2M and IoT Systems: A Survey," in IEEE Access vol. 8, 2020.
  3. Ahmed J. Hintaw, Selvakumar Manickam, Mohammed Faiz Aboalmaaly, and Shankar Karuppayah, "MQTT vulnerabilities, attack vectors and solutions in the internet of things (IoT)", IETE Journal of Research 69 No. 6, pp: 3368-3397, 2023. https://doi.org/10.1080/03772063.2021.1912651
  4. OASIS. MQTT Version 5.0 Committee Specification 02. 15 May 2018.
  5. Deukjo Hong, Jung-Keun Lee, Dong-Chan Kim, Daesung Kwon, Kwon Ho Ryu, and Dong-Geon Lee. "LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors". 14th International Workshop on Information Security Applications - Volume 8267 (WISA 2013). Pages 3-27.
  6. Eclipse MosquittoTM, An open source MQTT Broker. Available online: https://mosquitto.org/ (accessd on 8 April 2024)
  7. Eclipse Paho C Client Library for the MQTT Protocol. Available online: https://github.com/eclipse/paho.mqtt.c (accessd on 8 April 2024)