Privacy-Enhanced MQTT Protocol for Massive IoT
Abstract
:1. Introduction
2. MQTT and Threat Model
2.1. Threat Model
- Confidentiality/Privacy: in the absence of proper payload encryption, subscribing to any random topic might give access to sensitive data (such as GPS coordinates).
- Integrity: in default configuration, any adversary intercepting the communication can modify, on the fly, the body of a message and, for example, add some malicious firmware updates. Such messages would then be forwarded to the subscribers.
- Availability: Without additional actions, MQTT is vulnerable to a denial-of-service attack (DoS). In particular, if an attacker succeeds in acquiring the victim’s client ID, they can substitute their own connection to the legitimate one and hence starve the victim of all its incoming data.
- Authentication: This functionality is entirely optional in MQTT. An authentication via username and password is available but, as there is no packet encryption, such credentials can be easily intercepted.
- Authorization: MQTT dependence on the WebSocket service makes it inherently vulnerable to malicious script injections.
2.2. Related Work
- no significant information should be inferred from the topics flowing through the broker;
- the broker should not achieve partner re-identification (i.e., it cannot identify who was communicating and with whom).
3. Communication Architecture and Protocol
3.1. Applying the OT Protocol to MQTT
- Topic formats: The first thing to ensure here is that the Subscribers do not receive all messages pushed to the “choice” topic (including their own) as it would congest the network unnecessarily. For that reason, the proposed topic format is “ClientName/choice” for the Receiver–Sender communication and “ClientName/data/#” otherwise. On the one hand, this solution guarantees the separation between both types of messages as the choice topic always corresponds to a higher topic level than any other data. On the other hand, it also protects it from the “+” wildcard as it is never matched by ClientName/+/….
- Manage data availability: MQTT is based on the idea that a given data will be pushed as soon as available. However, to work correctly, the scheme requires all n types of data to be sent simultaneously as the Sender does not know what data are required by the other parties. A first solution consists of sending a given piece of data as soon as it is available considering that only the topic-intended Subscribers would try and be able to correctly decrypt the packet anyway. This might cause a privacy leak: the broker can still learn by observing what topic is active at a given moment and at which frequency (e.g., learn when a light switch is activated). Moreover, if a given Receiver switches off or unsubscribes right after receiving a given message, it is also possible to infer some information on that client’s initial choices, thus violating their privacy. Hence, the solution proposed here is to always publish to all topics by pushing real data on active topics, and random values on the others.
- Data are sent on all topics at each push: as mentioned earlier, to guarantee the privacy on active topics and not assuming anything on the different clients’ interests, a Publisher must send n messages each time new data are to be pushed. Subsequently, it also means that the broker must redistribute n messages to all Subscribers. This might cause a major scalability issue as it would greatly increase the network load.
- Multiple subscribers with different choices: this model is once again not easily scalable as each Subscriber requires a different encryption to account for his own private choice (depending of its own k-topic of interest and private key). Indeed, please note that Figure 2 describes a one-to-one situation, meaning that the sending client must repeat this entire protocol with every different token received on the “choice” topic. Similar to the previous drawback, this causes massive network overload, especially considering that, while a Publisher must serve all clients’ choices, each Subscriber also receives the message encrypted for the others because of the # wildcard, without being able to decipher them correctly. Finally, this phenomenon also highlights a conceptual contradiction: while MQTT aims to decouple the client-to-client communication, this protocol bypasses all advantages offered by a broker and actually performs worse than simple one-to-one communications. In particular, the majority of messages received on the other side of the communication are useless and must be discarded.
3.2. OT-Inspired MQTT Protocol
- Sender’s side: upon sending each message encrypted with the key , the Publisher also appends this choice token. As this asset is inherently protected under the Receiver’s Privacy property of OT protocols, that value does not need to be encrypted and could simply be concatenated to the messages or stored in a specific packet field. Indeed, without the knowledge of the secret keys, no decryption is possible.
- Receiver’s side: let us imagine a Subscriber interested in topics i, j, and l. In order to detect a would-be random message, it suffices to compare the sent token to the one associated with the expected key , , and . If one of these comparisons hold, the message is decrypted. Otherwise, it is discarded and there is no overhead caused by unnecessary decryption.
- No conceptual contradictions: model_1.0 preserves the decoupled architecture advocated by the MQTT protocol. In other words, the Publisher sends data without requiring any prior communication rounds with the Receivers. This was made possible under the assumption that all participants share a knowledge of the topic-token mapping.
- Decreased network load: subsequently to the previous point, the network load is decreased as the Publisher only needs to publish the encrypted data once, independently of the number of recipients.
3.3. Further Improvements
- On the Publisher’s side: contrary to the previous model, a topic activity does not require messages from all possible topics to be emitted. Only a fraction of the available topics are randomly chosen at each round and are needed to mask the active one. Ultimately, this reduces the Publisher’s encryption overhead.
- On the Subscribers’ side: each client is asked to subscribe to a random number of dummy topics (and not to the # wildcard). This aims to confuse the broker as it cannot make the difference between a chosen and unchosen message (thanks to sender’s indistinguishability), and hence cannot infer what the topics of interest actually were. However, it is notable that knowing what topics were never of interest (i.e., topics that are never sent to a given client) constitutes in itself a privacy leak. As a first approximation, a possible mitigation could thus be to pseudo-periodically unsubscribe from all topics and recompute a new random “dummy topics” set.
3.3.1. Countering Statistical Analysis Attacks
- Resource limitation: in case of memory-constrained devices, it only suffices to store s, p, and to recompute the hash list when needed. However, this requires additional computation power and might not be adapted for battery-powered devices.
- Vulnerable to data analysis: the main drawback of this implementation resides in its use of standardized hash functions. Indeed, a data analyst might be able to uncover the pattern and re-associate the exchanged messages.
- Managing publication and subscription set: This model requires the subscription set to be constant during a loop (i.e., in the time span between two parameters resets), whereas the publication set can (and should) be recomputed at each send. This is due to the fact that, otherwise, Subscribers would need to compute several hashing values in a row to reach the current obfuscated name of topics it was not previously subscribed to. This constant behavior is a non-issue as the broker is unable to detect that pattern thanks to the obfuscation.
- Dummy topics are no longer needed: consequently, to the previous point, one can rightly argue that the subscription set can be reduced to the “topic of interest” set as the aforementioned interest is hidden by the name randomness. This further reduces the network load, as a by-product.
3.3.2. Preventing Partners Association
3.3.3. Practical Considerations
4. Implementation
4.1. Virtual Raspberry Pi Environment
4.2. MQTT Implementation
4.3. OT-Inspired Implementation
4.4. Topic Obfuscation Implementation
4.5. Results-Traffic Observation
5. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Li, C.; Palanisamy, B. Privacy in Internet of Things: From Principles to Technologies. IEEE Internet Things J. 2019, 6, 488–505. [Google Scholar] [CrossRef]
- Fizza, K.; Banerjee, A.; Mitra, K.; Jayaraman, P.P.; Ranjan, R.; Patel, P.; Georgakopoulos, D. QoE in IoT: A vision, survey and future directions. Discov. Internet Things 2021, 1, 4. [Google Scholar] [CrossRef]
- PR Newswire. IEEE Internet of Things Survey Provides Clarity Around Definition, Future Uses and Challenges. Available online: https://www.prnewswire.com/news-releases/ieee-internet-of-things-survey-provides-clarity-around-definition-future-uses-and-challenges-193865271.html (accessed on 21 May 2021).
- MQTT.org. MQTT: The Standard for IoT Messaging. Available online: https://mqtt.org/ (accessed on 21 May 2021).
- Anthraper, J.J.; Kotak, J. Security, privacy and forensic concern of MQTT protocol. In Proceedings of the International Conference on Sustainable Computing in Science, Technology and Management (SUSCOM), Jaipur, India, 26–28 February 2019; Amity University Rajasthan: Jaipur, India, 2019. [Google Scholar] [CrossRef]
- Singh, M.; Rajan, M.; Shivraj, V.; Balamuralidhar, P. Secure MQTT for Internet of Things (IoT). In Proceedings of the 2015 Fifth International Conference on Communication Systems and Network Technologies, Gwalior, India, 4–6 April 2015; pp. 746–751. [Google Scholar] [CrossRef]
- Neisse, R.; Steri, G.; Baldini, G. Enforcement of security policy rules for the Internet of Things. In Proceedings of the 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Larnaca, Cyprus, 8–10 October 2014; pp. 165–172. [Google Scholar] [CrossRef]
- Fischer, M.; Kümper, D.; Tönjes, R. Towards improving the Privacy in the MQTT Protocol. In Proceedings of the 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, 17–21 June 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Lai, J.; Mu, Y.; Guo, F.; Chen, R.; Ma, S. Efficient k-out-of-n oblivious transfer scheme with the ideal communication cost. Theor. Comput. Sci. 2018, 714, 15–26. [Google Scholar] [CrossRef] [Green Version]
- Rabin, M.O. How To Exchange Secrets with Oblivious Transfer. In Technical ReportTR-81; Aiken Computation Lab, Harvard University: Cambridge, MA, USA, 1981. [Google Scholar]
- Even, S.; Goldreich, O.; Lempel, A. A Randomized Protocol for Signing Contracts. Commun. ACM 1985, 28, 637–647. [Google Scholar] [CrossRef]
- Wang, X.; Li, Z. Research on the security Oblivious Transfer protocol based on ECDDH. J. Physics: Conf. Ser. 2020, 1549, 032152. [Google Scholar] [CrossRef]
- Brassard, G.; Crépeau, C.; Robert, J.M. All-or-nothing disclosure of secrets. In Conference on the Theory and Application of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 1986; pp. 234–238. [Google Scholar]
- HiveMQ. MQTT Topics & Best Practices–MQTT Essentials: Part 5. Available online: https://www.hivemq.com/blog/mqtt-essentials-part-5-mqtt-topics-best-practices/ (accessed on 22 May 2021).
- Tzeng, W.G. Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters. IEEE Trans. Comput. 2004, 53, 232–240. [Google Scholar] [CrossRef]
- Chou, T.; Orlandi, C. The Simplest Protocol for Oblivious Transfer. In Progress in Cryptology—LATINCRYPT; Lecture Notes in Computer Science; Lauter, K., Rodríguez-Henríquez, F., Eds.; Springer International Publishing: Berlin/Heidelberg, Germany, 2015; Volume 9230, pp. 40–58. [Google Scholar] [CrossRef] [Green Version]
- Opensource.com. What Is a Raspberry Pi? Available online: https://opensource.com/resources/raspberry-pi (accessed on 22 May 2021).
- Raspbian.com. About Raspbian. Available online: https://www.raspbian.org/RaspbianAbout (accessed on 22 May 2021).
- Eclipse Foundation, Cedalo, Moquitto. Eclipse Moquitto—An Open Source MQTT Broker. Available online: https://mosquitto.org/ (accessed on 22 May 2021).
- Pypi.org. paho-mqtt 1.5.1. Available online: https://pypi.org/project/paho-mqtt/ (accessed on 22 May 2021).
- Nth Party Ltd. Github-otc. Available online: https://github.com/nthparty/otc (accessed on 22 May 2021).
- Nth Party Ltd. Github-Oblivious. Available online: https://github.com/nthparty/oblivious (accessed on 22 May 2021).
- Pynacl.readthedocs.io. Secret Key Encryption. Available online: https://pynacl.readthedocs.io/en/latest/secret/ (accessed on 22 May 2021).
- Mafi-mcfly. Github-aotp-mqtt. Available online: https://github.com/mafi-mcfly/aotp-mqtt (accessed on 22 May 2021).
- HiveMQ. Retained Messages—MQTT Essentials: Part 8 Author Portrait. Available online: https://www.hivemq.com/blog/mqtt-essentials-part-8-retained-messages/ (accessed on 22 May 2021).
Available Topics | Subscription to Sensor/+/Room1 | Subscription to Sensor/House1/# |
---|---|---|
sensor/ | ||
sensor/house1 | sensor/house1 | |
sensor/house1/room1 | sensor/house1/room1 | sensor/house1/room1 |
sensor/house1/room2 | sensor/house1/room2 | |
sensor/house2 | ||
sensor/house2/room1 | sensor/house2/room1 | |
sensor/house2/room2 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hue, A.; Sharma, G.; Dricot, J.-M. Privacy-Enhanced MQTT Protocol for Massive IoT. Electronics 2022, 11, 70. https://doi.org/10.3390/electronics11010070
Hue A, Sharma G, Dricot J-M. Privacy-Enhanced MQTT Protocol for Massive IoT. Electronics. 2022; 11(1):70. https://doi.org/10.3390/electronics11010070
Chicago/Turabian StyleHue, Axelle, Gaurav Sharma, and Jean-Michel Dricot. 2022. "Privacy-Enhanced MQTT Protocol for Massive IoT" Electronics 11, no. 1: 70. https://doi.org/10.3390/electronics11010070
APA StyleHue, A., Sharma, G., & Dricot, J. -M. (2022). Privacy-Enhanced MQTT Protocol for Massive IoT. Electronics, 11(1), 70. https://doi.org/10.3390/electronics11010070