Research On Security Of Message Queuing Transport Protocol For Internet Of Things

With the development of basic communication network,more and more Internet of things devices need to interact with users.On the other hand,because of the computing performance of devices in the Internet of things,the memory storage performance and network bandwidth resources are limited,the lightweight data transmission protocol based on publish/subscribe is proposed.At the same time,with the development of Internet of things in recent years,MQTT protocol is also used in the Internet of things system more and more.Therefore,the security of data transmitted by MQTT is also more and more discussed.In this paper,we propose two schemes about the security of MQTT protocol.The first scheme proposes a lightweight key agreement scheme based on the limited computing power and bandwidth capacity of Internet of things devices.The scheme is based on Chinese remainder theory and ECDH algorithm.ECDH algorithm is based on elliptic curve for key agreement between client and proxy server,and then uses Chinese remainder theory.The security of ECDH key agreement process is further enhanced by the parameters of client and proxy server.The lightweight key agreement scheme is compared with other schemes in terms of security,computing performance,storage performance and communication performance.Through security analysis,the lightweight key agreement scheme can resist replay attack,man in the middle attack,etc.,and can successfully negotiate the shared key.It is proved that the scheme is suitable for the key agreement between the client and the proxy of MQTT protocol.Then,through the analysis of MQTT protocol,more and more demands require MQTT to transmit large data.However,there is no relevant scheme for large data transmission in the current MQTT protocol.Therefore,a scheme of data packet encryption transmission is proposed.The scheme is based on the CBC working mode of AES encryption.Each encrypted ciphertext data group is connected with the above clear text data group,which can guarantee the consistency of the data sent.The scheme also introduces time stamp as vector,which can resist replay attack to some extent.At the same time,it encrypts and transmits each group of data,and also ensures the confidentiality of data.To sum up,the two schemes,ECDH lightweight key agreement scheme based on Chinese remainder theory and CBC based data packet encryption transmission scheme,have less data interaction times,less computation and memory overhead,and can resist man in the middle attack,replay attack and identity camouflage attack,so as to realize the secure transmission of data.