Top

Wireless Personal Communications

Published in:

25-07-2023

Implementation of SSL/TLS Security with MQTT Protocol in IoT Environment

Authors: Iqbal Luqman Bin Mohd Paris, Mohamed Hadi Habaebi, Alhareth Mohammed Zyoud

Published in: Wireless Personal Communications | Issue 1/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Internet of Things (IoT) is the interconnection of devices with the internet to deliver its tasks. Nowadays, security is the main concern relating to these devices. Low in power storage, low in processing capabilities and low in data storage make it hard to provide a strong set of security protocols to protect the vulnerable devices “things”. Having internet as its backbone, allows the devices to communicate seamlessly. However, without any form of protection, it would open the door for hackers or middleman to hijack the connection, steal data and sabotage the information. In this paper, Secure Socket Layer and Transport Layer Security (SSL/TLS) protocol is implemented on top of Message Queuing Telemetry Transport (MQTT) IoT application protocol and the performance of the network is evaluated and analyzed in a typical IoT testbed comprising Raspberry Pi4 and ESP32 nodes. This work focuses on energy consumption, generated overhead, system complexity and required data storage resources. Experimental results of stress testing the system indicates that SSL/TLS encryption, operating with MQTT Quality of Service (QoS) level 2, while increasing the traffic rate 3.5 orders of magnitude yields more than two thousand times the amount of overhead generated and results in 73.25 J of consumed energy. Whereas operating without the SSL/TLS encryption under the same stress testing conditions yields only 140 times the amount of overhead generated and results in a mere 18.76 J of consumed energy. This difference of 4 folds on consumed energy indicates that the SSL/TLS -enabled node battery can only last a quarter of the lifespan of the TLS-free node and concluding the SSL/TLS encryption is not a viable solution for battery-operated IoT nodes.

previous article Research on Four Acoustic Tube Signal Acquisition Based on Dual-Microphone Mode and Parameter Feature for Cochlear Implant

next article High Capacity 64-Quadrature Amplitude Modulation Based Optical Coherent Transceiver for 60 GHz Radio over Fiber System

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Canedo, J., & Skjellum, A. (2016). Using machine learning to secure IoT systems. In 2016 14th annual conference on privacy, security and trust (PST), IEEE. pp. 219–222. https://doi.org/10.1109/PST.2016.7906930.

Statista. Number of IoT connected devices worldwide 2019–2021, with forecasts to 2030, 22 November, 2022. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/.

Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6LoWPAN based internet of things. In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob), IEEE. pp. 600–607. https://doi.org/10.1109/WiMOB.2013.6673419.

Ali, I., Sabir, S., & Ullah, Z. (2016). Internet of things security, device authentication and access control: a review. International Journal of Computer Science and Information Security IJCSIS, 14(8), 456–466.

Dineva, K. & Atanasova, T. (2019). Security in iot systems. In 19th international multidisciplinary scientific geoconference SGEM 2019, pp. 569–578, no 2.1. https://doi.org/10.5593/sgem2019/2.1/S07.075.

Tandale, U., Momin, B. & Seetharam, D. P. (2017). An empirical study of application layer protocols for IoT. In 2017 International conference on energy, communication, data analytics and soft computing, pp. 2447–2451. https://doi.org/10.1109/ICECDS.2017.8389890.

Sethi, P., & Sarangi, S. R. (2017). Internet of things: architectures, protocols, and applications. Journal of Electrical and Computer Engineering.

Tiburski, R. T., Amaral, L. A., De Matos, E., De Azevedo, D. F., & Hessel, F. (2016). The role of lightweight approaches towards the standardization of a security architecture for IoT middleware systems. IEEE Communications Magazine, 54(12), 56–62. https://doi.org/10.1109/MCOM.2016.1600462CMCrossRef

Jokela, P., Moskowitz, R., & Nikander, P. (2008). Using the encapsulating security payload (ESP) transport format with the host identity protocol (HIP). RFC5202l.

10.

Bensalah, F., El Kamoun, N., & Bahnasse, A. (2017). Evaluation of tunnel layer impact on VOIP performances (IP-MPLS-MPLS VPN-MPLS VPN IPsec). International Journal of Computer Science and Network Security (IJCSNS), 17(3), 87.

11.

Thomas, S. (2000). SSL and TLS essentials, securing the web (p. 3). John Wiley and Sons.

12.

Chen, X. (2014). Constrained application protocol for internet of things. URL: http://www.cse.wustl.edu/~jain/cse574-14/ftp/coap

13.

Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., & Krupitzer, C. (2021). Performance impact analysis of securing mqtt using tls. In Proceedings of the ACM/SPEC international conference on performance engineering, pp. 241–248.

14.

Baranauskas, E., Toldinas, J., & Lozinskis, B. (2019). Evaluation of the impact on energy consumption of MQTT protocol over TLS. In CEUR workshop proceedings: IVUS 2019 international conference on information technologies: Proceedings of the international conference on information technologies, Kaunas, Lithuania, April 25, 2019, Vol. 2470, pp. 56–60. CEUR-WS.

15.

Shapsough, S., Aloul, F., & Zualkernan, I. A. (2018). Securing low-resource edge devices for IoT systems. In 2018 International symposium in sensing and instrumentation in IoT Era (ISSI), IEEE. pp. 1–4.

16.

Laaroussi, Z., & Novo, O. (2021). A performance analysis of the security communication in CoAP and MQTT. In 2021 IEEE 18th Annual consumer communications & networking conference (CCNC), IEEE. pp. 1–6.

17.

Silva, C., Toasa, R., Martinez, H. D., Veloz, J., & Gallardo, C. (2017). Secure push notification service based on MQTT protocol for mobile platforms. In XII Jornadas Iberoamericanas de Ingeniería de Software e Ingeniería del Conocimiento y Congreso Ecuatoriano en Ingeniería de Software, pp. 69–84.

18.

Alghamdi, K., Alqazzaz, A., Liu, A., & Ming, H. (2018). Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications. In Proceedings of the eighth ACM conference on data and application security and privacy, pp. 95–102.

19.

Saverimoutou, A., Mathieu, B., & Vaton, S. (2017). Which secure transport protocol for a reliable HTTP/2-based web service: TLS or QUIC?. In 2017 IEEE symposium on computers and communications (ISCC), IEEE. pp. 879–884. https://doi.org/10.1109/ISCC.2017.8024637.

20.

Seufert, M., Schatz, R., Wehner, N., Gardlo, B., & Casas, P. (2019). Is QUIC becoming the new TCP? On the potential impact of a new protocol on networked multimedia QoE. In 2019 Eleventh international conference on quality of multimedia experience (QoMEX), IEEE. pp. 1–6. https://doi.org/10.1109/QoMEX.2019.8743223.

21.

Lampkin, V., Leong, W. T., Olivera, L., Rawat, S., Subrahmanyam, N., Xiang, R., & Locke, D. (2012). Building smarter planet solutions with mqtt and ibm websphere mq telemetry. IBM Redbooks.

22.

Wukkadada, B., Wankhede, K., Nambiar, R., & Nair, A. (2018). Comparison with HTTP and MQTT in internet of things (IoT). In 2018 International conference on inventive research in computing applications (ICIRCA), IEEE. pp. 249–253. https://doi.org/10.1109/ICIRCA.2018.8597401.

23.

Habaebi, M. H., Al-Haddad, A., Zyoud, A., & Hijazi, G. (2018). Micro search engine for IoT: An IoT search engine prototype for private networks. Recent Advances in Electrical and Electronic Engineering, 11(2), 123–131. https://doi.org/10.2174/2352096511666180117144450CrossRef

24.

Hijazi, G., Hadi Habaebi, M., Al-Haddad, A., & Zyoud, A. M. (2021). Stress testing MQTT server for private IOT networks. International Journal of Electronics and Telecommunications, 67(2), 229–234.

25.

Carlsson, F., & Eriksson, K.-G. (2018). Comparison of security level and current consumption of security implementations for MQTT (Master Dissertation). Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-40760.

26.

Yassein, M. B., Shatnawi, M. Q., Aljwarneh, S., & Al-Hatmi, R. (2017). Internet of things: Survey and open issues of MQTT protocol. In 2017 International conference on engineering & MIS (ICEMIS), IEEE. pp. 1–6. https://doi.org/10.1109/ICEMIS.2017.8273112.

27.

Rodríguez, C., Baez, M., Daniel, F., Casati, F., Trabucco, J. C., Canali, L., & Percannella, G. (2016). REST APIs: A large-scale analysis of compliance with principles and best practices. In International conference on web engineering, Springer, Cham. pp. 21–39. https://doi.org/10.1007/978-3-319-38791-8_2.

28.

Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., & Berners-Lee, T. (1999). Hypertext transfer protocol–HTTP/1.1.

29.

ESP 32 Series Datasheet (2018). https://www.espressif.com/sites/default/files/documentation/esp32_datasheet_en.pdf

Title: Implementation of SSL/TLS Security with MQTT Protocol in IoT Environment
Authors: Iqbal Luqman Bin Mohd Paris
Mohamed Hadi Habaebi
Alhareth Mohammed Zyoud
Publication date: 25-07-2023
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 1/2023
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-023-10605-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2023

Energy Management and Optimal Allocations of Resource in Ultra-dense 5G Networks Using OGDNG Theory with GWO Method

Network-Coding-Enabled and QoS-Aware Message Delivery for Wireless Sensor Networks

High Capacity 64-Quadrature Amplitude Modulation Based Optical Coherent Transceiver for 60 GHz Radio over Fiber System

Design of High Gain Metasurface Antenna Using Hybrid African Vulture’s Optimization and Capuchin Search Algorithm for RF Energy Harvesting

Blockchain Framework for Collaborative Clinical Trials Auditing

Sensor Architecture and Routing Algorithm for Surveillance of International Border Using Linear Wireless Sensor Network