Scribd
Upload
307 views16 pages

Cis 700/002: Special Topics: Secure MQTT For Iot: Sangdon Park Cis 700/002: Security of Embs/Cps/Iot

This document proposes a secure MQTT protocol called SMQTT that uses attribute-based encryption (ABE). SMQTT adds ABE to the existing MQTT protocol to authenticate IoT devices and encrypt communication channels between devices. The SMQTT protocol involves devices registering attributes with a package key generator (PKG) broker and the broker distributing public and private keys. Encrypted messages are tagged with attributes and only devices with matching private keys can decrypt. The document discusses pros and cons of this approach and potential issues verifying receiver attributes.

Uploaded by

Shanaya chauhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
307 views16 pages

Cis 700/002: Special Topics: Secure MQTT For Iot: Sangdon Park Cis 700/002: Security of Embs/Cps/Iot

This document proposes a secure MQTT protocol called SMQTT that uses attribute-based encryption (ABE). SMQTT adds ABE to the existing MQTT protocol to authenticate IoT devices and encrypt communication channels between devices. The SMQTT protocol involves devices registering attributes with a package key generator (PKG) broker and the broker distributing public and private keys. Encrypted messages are tagged with attributes and only devices with matching private keys can decrypt. The document discusses pros and cons of this approach and potential issues verifying receiver attributes.

Uploaded by

Shanaya chauhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

CIS 700/002 : Special Topics :


Secure MQTT for IoT


Sangdon Park
CIS 700/002: Security of EMBS/CPS/IoT
Department of Computer and Information Science
School of Engineering and Applied Science
University of Pennsylvania

March 30, 2017


What is MQTT?

•  Message Queue Telemetry Transport


(MQTT) is a publish-subscribe-based
“lightweight” messaging protocol over
TCP/IP protocol

https://en.wikipedia.org/wiki/MQTT
2
Why MQTT?

•  Quite popular
–  Facebook Messenger
–  AWS IoT
•  Lightweight
–  Minimize code footprint on devices
–  Reduce network bandwidth usages

3
The goal of “Secure” MQTT

•  Authenticate each IoT device


•  Encrypt communication channels btw IoT
devices
–  Focus of this paper

4
“Secure” MQTT Alternatives

•  MQTT + SSL/TLS
–  Storing and managing the certificates are
cumbersome
–  SSL/TLS is weak on various attacks (e.g.,
BEAST, CRIME, RC4, Heartbleed)
–  (we think) key revocation is not simple

5
Contributions

•  Proposes a secure MQTT protocol


–  MQTT + Attribute Based Encryption (ABE)

6
Public-key Encryption

•  Identity of a receiver
–  The public key of the receiver
PublicB
3. Send
Enc (text, PublicB)
Sender A Receiver B
PublicCA PrivateB

2. Obtain the PublicCA 1.  Register the


public key of B public key
(PublicB, SignCA)
CA
PrivateCA
7
Identity Based Encryption

•  Identity of a receiver
–  ID of the receiver
B@gmail.com
3. Send
Enc (text, PublicPKG, B@gmail.com)
Sender A Receiver B
B@gmail.com 2. PrivateB

2. Approve and send


PrivateB = Gen(PrivatePKG,
B@gmail.com)
PublicPKG 1.  Authenticate
itself using
B@gmail.com
Private Key8 Generator
PrivatePKG
Attribute Based Encryption (ABE)

•  Identity of a receiver
–  Attributes of the receiver
AttB
3. Send
Enc (text, PublicPKG, AttB)
Sender A Receiver B
AttB 2. PrivateB

2. Approve and send


PrivateB = Gen(PrivatePKG,
AttB)
PublicPKG 1. Authenticate
itself using AttB

Private Key9 Generator


PrivatePKG
Attributes

•  An attribute of receivers
–  A predicate

Send
Sender A Enc (“Temp”, PublicPKG, AttB)
(e.g., Temperature Receiver B
sensor)

10
Proposed Secure MQTT (SMQTT)

•  SMQTT = MQTT+ABE
–  Update MQTT protocol for ABE
–  Use the ABE scheme based on lightweight
Elliptic Curve Cryptography
–  Types of ABE
•  Ciphertext-Policy ABE (CP-ABE)
•  Key-Policy ABE (KP-ABE)
SMQTT Protocol

•  Setup phase

Publisher PKG Subscriber


(Temperature sensor) (Broker) (heater)

1. Register URI and attributes


2. Register URI and attributes

3. Generate PublicPKG
and PrivatePKG

4. Publish PublicPKG

5. Publish Privateheater
12

Note. The universe of all attributes U


is known for all entities
SMQTT Protocol

•  Encryption/Publish phase

Publisher PKG Subscriber


(Temperature sensor) (Broker) (heater)

1. Set attributes A (e.g., A = “a


heater or an air conditioner”)

2. Send Enc (“Temp”, PublicPKG, A)

2. Send Enc (“Temp”, PublicPKG, A)

OR
2. Send Enc (“Temp”, PublicPKG, A)
13
SMQTT Protocol

•  Decryption phase

Publisher PKG Subscriber


(Temperature sensor) (Broker) (heater)

1. Recv. C = Enc (“Temp”, PublicPKG, A)

2. Dec(C, PublicPKG, Privateheater)

14
Performance Analysis

•  System details

•  Setup phase time of PKG

15
Discussion
•  Pros/Cons of SMQTT protocol for IoT

•  Pros
–  Prior key distribution is not required
–  Broadcast encrypted messages

•  Cons
–  How does PKG verify the attribute of a receiver?
•  “PKG verifies attributes and other details given by the
device”
•  Any adversary can claim any attributes

16

You might also like