Affiliation:
1. Department of Computer Science, University of York, York YO10 5GH, UK
Abstract
The Internet of Things (IoT) deployment in emerging markets has increased dramatically, making security a prominent issue in IoT communication. Several protocols are available for IoT communication; among them, Message Queuing Telemetry Transport (MQTT) is pervasive in intelligent applications. However, MQTT is designed for resource-constrained IoT devices and, by default, does not have a security scheme, necessitating an additional security scheme to overcome its weaknesses. The security vulnerabilities in MQTT inherently lead to overhead and poor communication performance. Adding a lightweight security framework for MQTT is essential to overcome these problems in a resource-constrained environment. The conventional MQTT security schemes present a single trusted scheme and perform attribute verification and key generation, which tend to be a bottleneck at the server and pave the way for various security attacks. In addition to that, using the same secret key for an extended period and a flawed key revocation system can affect the security of MQTT. To address these issues, we propose an Improved Ciphertext Policy-Attribute-Based Encryption (ICP-ABE) integrated with a lightweight symmetric encryption scheme, PRESENT, to improve the security of MQTT. In this work, the PRESENT algorithm enables the secure sharing of blind keys among clients. We evaluated a previously proposed ICP-ABE scheme from the perspective of energy consumption and communication overhead. Furthermore, we evaluated the efficiency of the scheme using provable security and formal methods. The simulation results showed that the proposed scheme consumes less energy in standard and attack scenarios than the simple PRESENT, Key Schedule Algorithm (KSA)-PRESENT Secure Message Queue Telemetry Transport (SMQTT), and ECC-RSA frameworks, with a topology of 30 nodes. In general, the proposed lightweight security framework for MQTT addresses the vulnerabilities of MQTT and ensures secure communication in a resource-constrained environment, making it a promising solution for IoT applications in emerging markets.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference34 articles.
1. Hasan, M. (2023, July 01). State of IoT 2022: Number of Connected IoT Devices Growing 18% to 14.4 Billion Globally. Available online: https://iot-analytics.com/number-connected-iot-devices/.
2. Garcia Ribera, E., Martinez Alvarez, B., Samuel, C., Ioulianou, P.P., and Vassilakis, V.G. (2022). An intrusion detection system for RPL-based IoT networks. Electronics, 11.
3. McNulty, L., and Vassilakis, V.G. (2022, January 20–22). IoT botnets: Characteristics, exploits, attack capabilities, and targets. Proceedings of the 2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP), Porto, Portugal.
4. Battery draining attacks against edge computing nodes in IoT networks;Smith;Cyber-Phys. Syst.,2020
5. Harsha, M.S., Bhavani, B.M., and Kundhavai, K. (2018, January 19–22). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Proceedings of the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India.