How to Authenticate MQTT Sessions Without Channel and Broker Security

How to Authenticate MQTT Sessions Without Channel and Broker Security

Reto E. Koenig (Department of Computer Science, Bern University of Applied Sciences, Switzerland), Lukas Laederach (Bern University of Applied Sciences, Switzerland) and Cédric von Allmen (Bern University of Applied Sciences, Switzerland)
DOI: 10.4018/978-1-7998-2444-2.ch006
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


This chapter describes a new but state-of-the-art approach to provide authenticity in MQTT sessions using the means of zero-knowledge proofs. This approach completely voids session hijacking for the MQTT protocol and provides authenticity. The presented approach does not require the broker to keep any secrets for session handling. The presented approach allows completely anonymous but authentic sessions; hence, the broker does not need any priory knowledge of the client party. As it is especially targeted for applications within the world of internet of things (IoT), the presented approach is designed to require only the minimum in extra power in terms of energy and space. The approach does not introduce any new concept, but simply combines a state of the art cryptographic Zero-Knowledge Proof of identity with the existing MQTT 5.0 specification. Thus, no protocol extension is required in order to provide the targeted security properties. The described approach is completely agnostic to the application layer at the client side and is only required during MQTT session establishment.
Chapter Preview

Security Model

The main security parameter is denoted by 978-1-7998-2444-2.ch006.m04. We write 978-1-7998-2444-2.ch006.m05 if 978-1-7998-2444-2.ch006.m06 is assigned to the output of algorithm 978-1-7998-2444-2.ch006.m07 with input 978-1-7998-2444-2.ch006.m08. An algorithm is efficient if it runs in probabilistic polynomial time (ppt) in the length of its input. For the remainder of this paper, all algorithms are ppt if not explicitly mentioned otherwise. If $\emph{S}$ is a set, we write $a \leftarrow_R \emph{S}$ to denote that 978-1-7998-2444-2.ch006.m09 is chosen uniformly at random from $\emph{S}$. For a message 978-1-7998-2444-2.ch006.m10, we call 978-1-7998-2444-2.ch006.m11 a block, while 978-1-7998-2444-2.ch006.m12 denotes the number of blocks in a message 978-1-7998-2444-2.ch006.m13. For a list we require that we have unique, injective, and efficiently reversible encoding, which maps the list to 978-1-7998-2444-2.ch006.m14.

Complete Chapter List

Search this Book: