How to Authenticate MQTT Sessions Without Channel and Broker Security

Koenig, Reto E.; Laederach, Lukas; von Allmen, Cédric

doi:10.4018/978-1-7998-2444-2.ch006

Back

Journal article

How to Authenticate MQTT Sessions Without Channel and Broker Security

Koenig, Reto E. Department of Computer Science, Bern University of Applied Sciences, Switzerland
Laederach, Lukas Bern University of Applied Sciences, Switzerland
von Allmen, Cédric Bern University of Applied Sciences, Switzerland

Published in:

Applied Approach to Privacy and Security for the Internet of Things. - IGI Global. - 2020, p. 129-138

English This chapter describes a new but state-of-the-art approach to provide authenticity in MQTT sessions using the means of zero-knowledge proofs. This approach completely voids session hijacking for the MQTT protocol and provides authenticity. The presented approach does not require the broker to keep any secrets for session handling. The presented approach allows completely anonymous but authentic sessions; hence, the broker does not need any priory knowledge of the client party. As it is especially targeted for applications within the world of internet of things (IoT), the presented approach is designed to require only the minimum in extra power in terms of energy and space. The approach does not introduce any new concept, but simply combines a state of the art cryptographic Zero-Knowledge Proof of identity with the existing MQTT 5.0 specification. Thus, no protocol extension is required in order to provide the targeted security properties. The described approach is completely agnostic to the application layer at the client side and is only required during MQTT session establishment.

Language

English

Open access status

green

Identifiers

DOI 10.4018/978-1-7998-2444-2.ch006
ISSN 1948-9730

Persistent URL

https://sonar.ch/global/documents/197133

Statistics

Document views: 8 File downloads:

fulltext.pdf: 0