计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 333-342.doi: 10.11896/jsjkx.221100157
刘泽超1,2, 梁涛1, 孙若尘1, 郝志强3,4, 李俊3,4
LIU Zechao1,2, LIANG Tao1, SUN Ruochen1, HAO Zhiqiang3,4, LI Jun3,4
摘要: 针对现有MQTT协议缺乏有效身份认证以及数据以明文形式传输的问题,提出了一种基于国密算法SM2,SM3,SM4的MQTT安全保护方案。通过SM2算法实现客户端与MQTT Broker之间的双向身份认证;通过SM4算法加密MQTT协议中用户名、密码、主题的消息内容等数据;通过SM3算法保证MQTT协议传输数据的完整性。将自主可控的国产密码技术应用到MQTT协议中,可有效提升该协议的安全防护能力。安全性分析和实验结果表明,所提方案在解决了MQTT协议安全问题的同时,也可以满足实际的应用需求。
中图分类号:
[1]MOUSTAFA N,TURNBULL B,CHOO K K R.An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things[J].IEEE Internet of Things Journal,2018,6(3):4815-4830. [2]WOOD D,APTHORPE N,FEAMSTER N.Cleartext DataTransmissions in Consumer Iot Medical Devices[C]//Procee-dings of the 2017 Workshop on Internet of Things Security and Privacy.2017:7-12. [3]AZROUR M,MABROUKI J,GUEZZAZ A,et al.Internet of Things security:challenges and key issues[J].Security and Communication Networks,2021,2021:1-11. [4]MILEVA A,VELINOV A,HARTMANN L,et al.Comprehensive analysis of MQTT 5.0 susceptibility to network covert channels[J].Computers & Security,2021,104:102207. [5]NAIK N.Choice of Effective Messaging Protocols for IoT Systems:MQTT,CoAP,AMQP and HTTP[C]//2017 IEEE International Systems Engineering Symposium(ISSE).IEEE,2017:1-7. [6]DINCULEANĂ D,CHENG X.Vulnerabilities and limitations of MQTT protocol used between IoT devices[J].Applied Sciences,2019,9(5):848. [7]ZHANG L,GE Y.Identity Authentication Based on Domestic Commercial Cryptography with Blockchain in the Heteroge-neous Alliance Network[C]//2021 IEEE International Confe-rence on Consumer Electronics and Computer Engineering(ICCECE).IEEE,2021:191-195. [8]SHEN C X,GONG B.The innovation of trusted cmputing based on the domestic cryptography[J].Journal of Cryptologic Research,2015,2(5):381-389. [9]SINGH M,RAJAN M A,SHIVRAJ V L,et al.Secure mqtt for Internet of Things(iot)[C]//2015 fifth International Confe-rence on Communication Systems and Network Technologies.IEEE,2015:746-751. [10]BISNE L,PARMAR M.Composite Secure MQTT for Internet of Things Using ABE and Dynamic S-box AES[C]//2017 Innovations in Power and Advanced Computing Technologies(IPACT).IEEE,2017:1-5. [11]BHAWIYUGA A,DATA M,WARDA A.Architectural Design of Token Based Authentication of MQTT protocol in Constrai-ned IoT device[C]//2017 11th International Conference on Tele-communication Systems Services and Applications(TSSA).IEEE,2017:1-4. [12]CALABRETTA M,PECORI R,VELTRI L.A Token-basedProtocol for Securing MQTT Communications[C]//2018 26th International Conference on Software,Telecommunications and Computer Networks(SoftCOM).IEEE,2018:1-6. [13]SU W T,CHEN W C,CHEN C C.An Extensible and Transpa-rent Thing-to-thing Security Enhancement for mqtt Protocol in Iot Environment[C]//2019 Global IoT Summit(GIoTS).IEEE,2019:1-4. [14]CHIEN H Y,CHEN Y J,QIU G H,et al.A MQTT-API-compatible IoT security-enhanced platform[J].Int.J.Sens.Networks,2020,32(1):54-68. [15]DE RANGO F,POTRINO G,TROPEA M,et al.Energy-aware dynamic Internet of Things security system based on Elliptic Curve Cryptography and Message Queue Telemetry Transport protocol for mitigating replay attacks[J].Pervasive and Mobile Computing,2020,61:101105. [16]SANJUAN E B,CARDIEL I A,CERRADA J A,et al.Message queuing telemetry transport(MQTT) security:a cryptographic smart card approach[J].IEEE Access,2020,8:115051-115062. [17]PATEL C,DOSHI N.A novel MQTT security framework in generic IoT model[J].Procedia Computer Science,2020,171:1399-1408. [18]AMANLOU S,BAKAR K A A.Lightweight security mecha-nism over MQTT protocol for IoT devices[J].International Journal of Advanced Computer Science and Applications,2020,11(7):202-207. [19]GU Z C,GUO Y B,FANG C.End-to-end security solution for message queue telemetry transport protocol based on proxy re-encryption[J].Journal of Computer Applications,2021,41(5):1378-1385. [20]SPINA M G,DE RANGO F,MAROTTA G M.Lightweight Dynamic Topic-centric End-to-end Security Mechanism for MQTT[C]//2021 IEEE/ACM 25th International Symposium on Distributed Simulation and Real Time Applications(DS-RT).IEEE,2021:1-7. [21]MENDOZA-CARDENAS F,LEON-AGUILAR R S,QUIROZ-ARROYO J L.CP-ABE Encryption over MQTT for an IoT System with Raspberry Pi[C]//2022 56th Annual Conference on Information Sciences and Systems(CISS).IEEE,2022:236-239. [22]ZHANG Y,HE D,ZHANG M,et al.A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm[J].Frontiers of Computer Science,2020,14(3):1-14. [23]ABED S,JAFFAL R,MOHD B J,et al.Performance evaluation of the SM4 cipher based on field-programmable gate array implementation[J].IET Circuits,Devices & Systems,2021,15(2):121-135. [24]TOLDINAS J,LOZINSKIS B,BARANAUSKAS E,et al.MQTT Quality of Service VersusEnergy Consumption[C]//2019 23rd International Conference Electronics.IEEE,2019:1-4. [25]AL ENANY M O,HARB H M,ATTIYA G.A Compara-tive Analysis of MQTT and IoT Application Protocols[C]//2021 International Conference on Electronic Engineering(ICEEM).IEEE,2021:1-6. |
|