Προτάσεις ασφάλειας για το πρωτόκολλο MQTT
Security enhancements for the MQTT protocol
Αγγέλου, Δημήτριος - Βασίλειος
KeywordsMQTT ; PAKE ; Attribute-based encryption ; End-to-end encryption ; Forward secure encryption
The MQTT protocol has been extensively used in software applications where asynchronous communication is needed. The aforementioned protocol follows the publish subscribe pattern which decouples the sender(publisher) from the receiver (subscriber). Publishers send messages to the broker, which is responsible for delivering these messages to the interested subscribers. Message recipients register their interest in a topic by subscribing to this topic. One of the main challenges that this protocol faces is the mutual authentication between the client and the broker. Furthermore, due to the asynchronous nature of the protocol, messages exchanged through the broker should be end-to-end encrypted. A desired property of the encryption scheme is to provide forward secrecy, which is quite challenging when the other party is offline. This master thesis examines the suitability of the PAKE protocols as an authentication mechanism for the MQTT protocol. Moreover, end-to-end encryption schemes are examined with the requirement to provide forward secrecy. The proposed scheme leverages the SRP protocol in order to provide mutual authentication between the client and the broker using a password without the reliance on PKI. Additionally, it combines the OTR protocol with a forward-secure public key encryption scheme for the encryption of the exchanged messages. Finally, the proposed scheme was implemented and it was used to secure the communication of a MQTT based chat application.