Welcome to the InfoSci Platform
How to Authenticate MQTT Sessions Without Channel and Broker Security

How to Authenticate MQTT Sessions Without Channel and Broker Security

Reto E. Koenig, Lukas Laederach, Cédric von Allmen
Copyright: © 2020 |Pages: 10
ISBN13: 9781799824442|ISBN10: 1799824446|ISBN13 Softcover: 9781799824459|EISBN13: 9781799824466
DOI: 10.4018/978-1-7998-2444-2.ch006
Cite Chapter Cite Chapter

MLA

Koenig, Reto E., et al. "How to Authenticate MQTT Sessions Without Channel and Broker Security." Applied Approach to Privacy and Security for the Internet of Things, edited by Parag Chatterjee, et al., IGI Global, 2020, pp. 129-138. https://doi.org/10.4018/978-1-7998-2444-2.ch006

APA

Koenig, R. E., Laederach, L., & von Allmen, C. (2020). How to Authenticate MQTT Sessions Without Channel and Broker Security. In P. Chatterjee, E. Benoist, & A. Nath (Eds.), Applied Approach to Privacy and Security for the Internet of Things (pp. 129-138). IGI Global. https://doi.org/10.4018/978-1-7998-2444-2.ch006

Chicago

Koenig, Reto E., Lukas Laederach, and Cédric von Allmen. "How to Authenticate MQTT Sessions Without Channel and Broker Security." In Applied Approach to Privacy and Security for the Internet of Things, edited by Parag Chatterjee, Emmanuel Benoist, and Asoke Nath, 129-138. Hershey, PA: IGI Global, 2020. https://doi.org/10.4018/978-1-7998-2444-2.ch006

Export Reference

Mendeley
Favorite

Abstract

This chapter describes a new but state-of-the-art approach to provide authenticity in MQTT sessions using the means of zero-knowledge proofs. This approach completely voids session hijacking for the MQTT protocol and provides authenticity. The presented approach does not require the broker to keep any secrets for session handling. The presented approach allows completely anonymous but authentic sessions; hence, the broker does not need any priory knowledge of the client party. As it is especially targeted for applications within the world of internet of things (IoT), the presented approach is designed to require only the minimum in extra power in terms of energy and space. The approach does not introduce any new concept, but simply combines a state of the art cryptographic Zero-Knowledge Proof of identity with the existing MQTT 5.0 specification. Thus, no protocol extension is required in order to provide the targeted security properties. The described approach is completely agnostic to the application layer at the client side and is only required during MQTT session establishment.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.