计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 333-342.doi: 10.11896/jsjkx.221100157

• 信息安全 • 上一篇    下一篇

基于国密算法的MQTT安全机制研究与实现

刘泽超1,2, 梁涛1, 孙若尘1, 郝志强3,4, 李俊3,4   

  1. 1 哈尔滨工程大学计算机科学与技术学院 哈尔滨150001
    2 电子政务建模仿真国家工程实验室 北京100037
    3 国家工业信息安全发展研究中心 北京100040
    4 三亚学院信息与智能工程学院 海南 三亚572022
  • 收稿日期:2022-11-19 修回日期:2023-12-15 出版日期:2024-02-15 发布日期:2024-02-22
  • 通讯作者: 李俊(lijun@cisc-cert.org.cn)
  • 作者简介:(liuzechao@hrbeu.edu.cn)
  • 基金资助:
    国家重点研发计划(2021YFB3101602);工信部产业基础再造和制造业高质量发展专项项目(TC220A04X-1);基础科研项目(JCKY2020604C011)

Research and Implementation of MQTT Security Mechanism Based on Domestic CryptographicAlgorithms

LIU Zechao1,2, LIANG Tao1, SUN Ruochen1, HAO Zhiqiang3,4, LI Jun3,4   

  1. 1 College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China
    2 Modeling and Emulation in E-Government National Engineering Laboratory,Beijing 100037,China
    3 China National Industrial Information Security Development Research Center,Beijing,100040,China
    4 School of Information & Intelligence Engineering,University of Sanya,Sanya,Hainan 572022,China
  • Received:2022-11-19 Revised:2023-12-15 Online:2024-02-15 Published:2024-02-22
  • About author:LIU Zechao,born in 1985,Ph.D,asso-ciate professor,master supervisor.His main research interests include indus-trial information security and crypto-graphy.LI Jun,born in 1986,Ph.D.His main research interests include industrial Internet security and data security.
  • Supported by:
    National Key R & D Program of China(2021YFB3101602),Special Project for Industrial Foundation Reconstruction and High Quality Development of Manufacturing Industry by the Ministry of Industry and Information Technology(TC220A04X-1) and Basic Research Program(JCKY2020604C011).

PDF (PC)

1529

摘要: 针对现有MQTT协议缺乏有效身份认证以及数据以明文形式传输的问题,提出了一种基于国密算法SM2,SM3,SM4的MQTT安全保护方案。通过SM2算法实现客户端与MQTT Broker之间的双向身份认证;通过SM4算法加密MQTT协议中用户名、密码、主题的消息内容等数据;通过SM3算法保证MQTT协议传输数据的完整性。将自主可控的国产密码技术应用到MQTT协议中,可有效提升该协议的安全防护能力。安全性分析和实验结果表明,所提方案在解决了MQTT协议安全问题的同时,也可以满足实际的应用需求。

关键词: 国密算法, MQTT协议, 身份认证, 数据加密

Abstract: Aiming at the problem that existing MQTT protocol lacks effective identity authentication and data plaintext transmission,an MQTT security protection scheme is designed based on domestic cryptography algorithms SM2,SM3 and SM4.Two-way identity authentication between the client and MQTT Broker is realized by SM2 algorithm.SM4 algorithm is used to encrypt the username,password,and message contents of subjects in MQTT protocol.SM3 algorithm is used to ensure the integrity of data transmitted by MQTT protocol.Applying self-controllable domestic cryptography technology to MQTT protocol can effectively improve the security protection capability of the protocol.The security analysis and experimental results show that the proposed scheme can not only solve the security problem of MQTT protocol,but also meet the practical application requirements.

Key words: Domestic cryptographic algorithms, MQTT protocol, Identity authentication, Data encryption

中图分类号: 

  • TP309.2
[1]MOUSTAFA N,TURNBULL B,CHOO K K R.An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things[J].IEEE Internet of Things Journal,2018,6(3):4815-4830.
[2]WOOD D,APTHORPE N,FEAMSTER N.Cleartext DataTransmissions in Consumer Iot Medical Devices[C]//Procee-dings of the 2017 Workshop on Internet of Things Security and Privacy.2017:7-12.
[3]AZROUR M,MABROUKI J,GUEZZAZ A,et al.Internet of Things security:challenges and key issues[J].Security and Communication Networks,2021,2021:1-11.
[4]MILEVA A,VELINOV A,HARTMANN L,et al.Comprehensive analysis of MQTT 5.0 susceptibility to network covert channels[J].Computers & Security,2021,104:102207.
[5]NAIK N.Choice of Effective Messaging Protocols for IoT Systems:MQTT,CoAP,AMQP and HTTP[C]//2017 IEEE International Systems Engineering Symposium(ISSE).IEEE,2017:1-7.
[6]DINCULEANĂ D,CHENG X.Vulnerabilities and limitations of MQTT protocol used between IoT devices[J].Applied Sciences,2019,9(5):848.
[7]ZHANG L,GE Y.Identity Authentication Based on Domestic Commercial Cryptography with Blockchain in the Heteroge-neous Alliance Network[C]//2021 IEEE International Confe-rence on Consumer Electronics and Computer Engineering(ICCECE).IEEE,2021:191-195.
[8]SHEN C X,GONG B.The innovation of trusted cmputing based on the domestic cryptography[J].Journal of Cryptologic Research,2015,2(5):381-389.
[9]SINGH M,RAJAN M A,SHIVRAJ V L,et al.Secure mqtt for Internet of Things(iot)[C]//2015 fifth International Confe-rence on Communication Systems and Network Technologies.IEEE,2015:746-751.
[10]BISNE L,PARMAR M.Composite Secure MQTT for Internet of Things Using ABE and Dynamic S-box AES[C]//2017 Innovations in Power and Advanced Computing Technologies(IPACT).IEEE,2017:1-5.
[11]BHAWIYUGA A,DATA M,WARDA A.Architectural Design of Token Based Authentication of MQTT protocol in Constrai-ned IoT device[C]//2017 11th International Conference on Tele-communication Systems Services and Applications(TSSA).IEEE,2017:1-4.
[12]CALABRETTA M,PECORI R,VELTRI L.A Token-basedProtocol for Securing MQTT Communications[C]//2018 26th International Conference on Software,Telecommunications and Computer Networks(SoftCOM).IEEE,2018:1-6.
[13]SU W T,CHEN W C,CHEN C C.An Extensible and Transpa-rent Thing-to-thing Security Enhancement for mqtt Protocol in Iot Environment[C]//2019 Global IoT Summit(GIoTS).IEEE,2019:1-4.
[14]CHIEN H Y,CHEN Y J,QIU G H,et al.A MQTT-API-compatible IoT security-enhanced platform[J].Int.J.Sens.Networks,2020,32(1):54-68.
[15]DE RANGO F,POTRINO G,TROPEA M,et al.Energy-aware dynamic Internet of Things security system based on Elliptic Curve Cryptography and Message Queue Telemetry Transport protocol for mitigating replay attacks[J].Pervasive and Mobile Computing,2020,61:101105.
[16]SANJUAN E B,CARDIEL I A,CERRADA J A,et al.Message queuing telemetry transport(MQTT) security:a cryptographic smart card approach[J].IEEE Access,2020,8:115051-115062.
[17]PATEL C,DOSHI N.A novel MQTT security framework in generic IoT model[J].Procedia Computer Science,2020,171:1399-1408.
[18]AMANLOU S,BAKAR K A A.Lightweight security mecha-nism over MQTT protocol for IoT devices[J].International Journal of Advanced Computer Science and Applications,2020,11(7):202-207.
[19]GU Z C,GUO Y B,FANG C.End-to-end security solution for message queue telemetry transport protocol based on proxy re-encryption[J].Journal of Computer Applications,2021,41(5):1378-1385.
[20]SPINA M G,DE RANGO F,MAROTTA G M.Lightweight Dynamic Topic-centric End-to-end Security Mechanism for MQTT[C]//2021 IEEE/ACM 25th International Symposium on Distributed Simulation and Real Time Applications(DS-RT).IEEE,2021:1-7.
[21]MENDOZA-CARDENAS F,LEON-AGUILAR R S,QUIROZ-ARROYO J L.CP-ABE Encryption over MQTT for an IoT System with Raspberry Pi[C]//2022 56th Annual Conference on Information Sciences and Systems(CISS).IEEE,2022:236-239.
[22]ZHANG Y,HE D,ZHANG M,et al.A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm[J].Frontiers of Computer Science,2020,14(3):1-14.
[23]ABED S,JAFFAL R,MOHD B J,et al.Performance evaluation of the SM4 cipher based on field-programmable gate array implementation[J].IET Circuits,Devices & Systems,2021,15(2):121-135.
[24]TOLDINAS J,LOZINSKIS B,BARANAUSKAS E,et al.MQTT Quality of Service VersusEnergy Consumption[C]//2019 23rd International Conference Electronics.IEEE,2019:1-4.
[25]AL ENANY M O,HARB H M,ATTIYA G.A Compara-tive Analysis of MQTT and IoT Application Protocols[C]//2021 International Conference on Electronic Engineering(ICEEM).IEEE,2021:1-6.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发