Research On Security Mechanism Of MQTT-SN Protocol In WSNs

As an application layer protocol for wireless sensor networks,MQTT-SN protocol's security problems restrict its deployment and application in wireless sensor networks.The security mechanism of MQTT-SN protocol is not clearly stipulated in the MQTT-SN protocol specification,so it is of great significance to research the security scheme for MQTT-SN protocol.By analyzing the security threats and security requirements of the MQTT-SN protocol when it is deployed in the wireless sensor networks,a security scheme for the MQTT-SN protocol based on the existing research is proposed in this thesis.This scheme cannot only provide client identity authentication,but also enables confidentiality and integrity protection of the application data.The main research work of this thesis is as follows:1.For the lack of identity authentication for the MQTT-SN client,a MQTT-SN client identity authentication scheme is proposed.This scheme completes the authentication of the MQTT-SN gateway to the MQTT-SN client,and establishes a secure connection between the MQTT broker and the MQTT-SN client.The analysis shows that the scheme can prevent the establishment of connection between the illegal MQTT-SN client and the MQTT broker.The MQTT-SN client only needs to perform 3 hash and 3 XOR operations,and the increased data storage overhead is only 128 bits.2.For the lack of application data confidentiality protection in MQTT-SN protocol,an Application Data protection scheme is designed based on identity encryption.The scheme improves the identity-based broadcast encryption algorithm,which achieves constant size public key,constant size cipher head,and constant size private key.Combining the improved algorithm and the publish process of application data of MQTT-SN protocol,the scheme realizes a one-to-many encryption communication between the MQTT-SN Publisher and subscriber client,and guarantees the confidentiality and integrity of the MQTT-SN protocol's application data without the need for the MQTT-SN Publisher to share the key with the MQTT-SN subscriber.The theoretical analysis shows that this scheme can resist the replay attack and forgery attack.The computation delay of the application data decryption is only 5.8 ms,which is 33% lower than the LSW scheme;the storage cost of the MQTT-SN subscriber is only 404 Bytes.3.A pub/sub system is built based on the MQTT-SN protocol by using the open source Mosquitto server.The scheme is implemented and verified based on the pub/sub system.The result shows that this scheme can realize the authentication of the MQTT-SN client,protect the confidentiality and integrality of the MQTT-SN protocol application data,and ensure the end-to-end security of the MQTT-SN protocol application data.