A Comprehensive Survey of Authentication Mechanisms in MQTT Broker Implementations

Authors

  • A. Renuka Devi, M. Chandra Mohan

Keywords:

Internet of Things, MQTT, Authentication, One time password

Abstract

The MQTT (Message Queuing Telemetry Transport) protocol has emerged as a prominent communication means in the world and the messaging applications. As MQTT deployments continue to grow in scale and complexity, ensuring robust authentication mechanisms becomes paramount to safeguarding the confidentiality, integrity and availability of MQTT communication. This survey paper provides a comprehensive analysis of authentication mechanisms in MQTT protocol, encompassing a wide range of approaches, from basic username/password authentication to advanced techniques such as client certificates, OAuth 2.0 integration, and token-based authentication. The paper begins by examining the foundational concepts of MQTT protocol and the importance of authentication in securing MQTT deployments. It then proceeds to systematically explore various authentication mechanisms available in MQTT, detailing their strengths, weaknesses. Furthermore, the survey investigates recent advancements in MQTT authentication, and the authentication schemes in different MQTT broker implementations. Additionally, the paper discusses challenges and open research areas in MQTT authentication, offering insights into potential future directions for research and development. By synthesizing existing literature and providing critical insights, this survey paper becomes an invaluable resource for researchers, practitioners, and IoT stakeholders seeking to understand, evaluate, comprehend and implement authentication mechanisms in MQTT protocol effectively.

Downloads

Download data is not yet available.

References

Karthikeyan, S.; Patan, R.; Balamurugan, B. Enhancement of Security in the Internet of Things (IoT) by Using X. 509 Authentication Mechanism. In Recent Trends in Communication, Computing, and Electronics; Springer: Singapore, 2019; pp. 217–225.

M. Calabretta, R. Pecori and L. Veltri, "A Token-based Protocol for Securing MQTT Communications," 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 2018, pp.1-6,doi: 0.23919/SOFTCOM.2018.8555834.

Calabretta, Marco & Pecori, Riccardo & Vecchio, Massimo & Veltri, Luca. (2018). MQTT-Auth: a Token-based Solution to Endow MQTT with Authentication and Authorization Capabilities. Journal of Communications Software and Systems. 14. 10.24138/jcomss.v14i4.604.

4.A. Bhawiyuga, M. Data and A. Warda, "Architectural design of token based authentication of MQTT protocol in constrained IoT device," 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), Lombok, Indonesia, 2017, pp. 1-4.

A. Niruntasukrat, C. Issariyapat, P. Pongpaibool, K. Meesublak, P. Aiumsupucgul and A. Panya, “Authorization mechanism for MQTT-based Internet of Things,” 2016 IEEE International Conference on Communications Workshops (ICC), Kuala Lumpur, 2016, pp. 290-295. DOI: 10.1109/ICCW.2016.7503802.

S. Shin, K. Kobara, Chia-Chuan Chuang and Weicheng Huang, “A security framework for MQTT,” 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, 2016,pp.432-436.DOI: 10.1109/CNS.2016.7860532.

M. A. A. da Cruz, J. J. P. C. Rodrigues, P. Lorenz, V. V. Korotaev and V. H. C. de Albuquerque, "In.IoT—A New Middleware for Internet of Things," in IEEE Internet of Things Journal, vol. 8, no. 10, pp. 7902-7911, 15 May15, 2021, doi: 10.1109/JIOT.2020.3041699.

F. A. Shodiq, R. R. Pahlevi and P. Sukarno, "Secure MQTT Authentication and Message Exchange Methods for IoT Constrained Device," 2021 International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA), Bandung, Indonesia, 2021, pp. 70-74.

Shingala, “JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT),” 2019, doi.org/10.48550/arXiv.1903.02895.

B.S.Bali, F. Jaafar, P.Zavarasky, “Lightweight authentication for MQTT to improve the security of IoT communication” ICCSP '19: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, January 2019, Pages 6–12, https://doi.org/10.1145/3309074.3309081.

A. A. Wardana and R. S. Perdana, "Access Control on Internet of Things based on Publish/Subscribe using Authentication Server and Secure Protocol," 2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE), Bali, Indonesia, 2018, pp. 118-123, doi: 10.1109/ICITEED.2018.8534855.

Bersani, Florent, and Hannes Tschofenig. The EAP-PSK protocol: A pre-shared key extensible authentication protocol (EAP) method. No. rfc4764. 2007.

Clancy, T., and H. Tschofenig. Extensible Authentication Protocol-Generalized Pre-Shared Key (EAP-GPSK) Method. No. rfc5433. 2009.

Nguyen, Kim Thuat, Nouha Oualha, and Maryline Laurent. "Authenticated key agreement mediated by a proxy re-encryptor for the internet of things." Computer Security–ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II 21. Springer International Publishing, 2016.

Ashibani, Yosef, and Qusay H. Mahmoud. "A multi-feature user authentication model based on mobile app interactions." IEEE Access 8 (2020): 96322-96339.

Salman, Ola, et al. "Identity-based authentication scheme for the Internet of Things." 2016 IEEE Symposium on Computers and Communication (ISCC). IEEE, 2016.

P. Kumar, A. Braeken, A. Gurtov, J. Iinatti and P. H. Ha, "Anony-mous secure framework in connected smart home environments", IEEE Transactions on Information Forensics and Security, vol. 12, no. 4, pp. 968-979, 2017.

W. Xi, C. Qian, J. Han, K. Zhao, S. Zhong, X.-Y. Li, et al., "Instant and robust authentication and key agreement among mobile devices", Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 616-627, 2016.

H. Yan, Y. Wang, C. Jia, J. Li, Y. Xiang and W. Pedrycz, "IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT", Future Generation Computer Systems, vol. 95, pp. 344-353, Jun. 2019.

B. B. Gupta, A. Gaurav, K. T. Chui and C. -H. Hsu, "Identity-Based Authentication Technique for IoT Devices," 2022 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, 2022, pp. 1-4, doi: 10.1109/ICCE53296.2022.9730173.

Annashree Nivethitha, S., Chanthini Baskar, and Manivannan Doraipandian. "Mutual Authentication Scheme for the Management of End Devices in IoT Applications." Advances in Electrical and Computer Technologies: Select Proceedings of ICAECT 2019. Singapore: Springer Singapore, 2020. 221-231.

Lu, Yanrong, et al. "A secure and efficient mutual authentication scheme for session initiation protocol." Peer-to-Peer Networking and Applications 9 (2016): 449-459.

Qingru Ma, Haowen Tan, Tianqi Zhou, Mutual authentication scheme for smart devices in IoT-enabled smart home systems,Computer Standards & Interfaces,Volume 86,2023,

Zhang, Yanbin, et al. "A mutual authentication scheme for establishing secure device-to-device communication sessions in the edge-enabled smart cities." Journal of Information Security and Applications 58 (2021): 102683.

Ma, Qingru, Haowen Tan, and Tianqi Zhou. "Mutual authentication scheme for smart devices in IoT-enabled smart home systems." Computer Standards & Interfaces 86 (2023): 103743.

Bisma, Mariam, et al. "A model-driven framework for ensuring role based access control in IoT devices." Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence. 2020.

Downloads

Published

12.06.2024

How to Cite

A. Renuka Devi. (2024). A Comprehensive Survey of Authentication Mechanisms in MQTT Broker Implementations. International Journal of Intelligent Systems and Applications in Engineering, 12(4), 4513–4522. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/7140

Issue

Vol. 12 No. 4 (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.