The Research And Application Of Security Technology For MQTT-based Iot Communication

With the rise of intelligent hardware,the rapid development of the Internet of Things,its security issues are also facing severe challenges.There are a large number of constrained devices in the Internet of Things(IoT).They have constrained computing power and constrained resource space,which makes it difficult to copy the security solutions of the Internet.We need to design a lightweight security solution for this purpose.The MQTT protocol is the mainstream protocol for IoT communication.The security research on MQTT-based IoT communication is a hot topic at the moment.In the context of MQTT-based IoT communication proj ect,this paper designs and implements a set of MQTT-based IoT communication security system from authentication to authorization.The main work includes the following three points:Firstly,this paper studies the communication principle based on the MQTT protocol,analyzes the security issues and current status of MQTT communication,and investigates existing security solutions for these security problems.Secondly,this paper analyzes the existing mainstream systems and the systems mentioned in most of the papers,integrates the mainstream solution to design a set of MQTT-based IOT communication security system AAMQTT from authentication to authorization according to the project scenario,and analyzes the security theory of the system.Finally,this paper implements the security system AAMQTT from the device side,front-end display interface,background interaction,database,etc,and carries out the actual test analysis on the implemented system.The MQTT-based IoT communication security system AAMQTT has the following three characteristics:First,the system authentication process abandoned the complicated and cumbersome SSL/TLS authentication scheme,but used the lightweight AugPAKE protocol.This protocol is especially suitable for restricted devices and does not require complex certificate management and storage.Second,the system uses the OAuth2.0 protocol to implement the access control of the MQTT topic,and solves the problem of privacy protection based on the specific topic of MQTT communication.Third,the system separates the authentication,authorization,and subscribe/publish,and hands over the OAuth authorization process from the device to the MQTT broker,ensuring that the entire communication process of the device uses only one protocol and can obtain the real-time access token.