| Abstract |
MQTT is a lightweight topic-based publish-subscribe protocol widely used in edge computing and IoT environments, and has become an industry standard adopted in various real-world scenarios such as finance, smart cities and medical environments. However, The server-side of MQTT, known as the broker, process data in plaintext, exposing a large attack surface. This paper introduces a security enhancement system for MQTT based on Trusted Execution Environment to address the deficiencies in the existing security mechanisms of MQTT. The system leverages TEE to implement secure MQTT brokers, introduces a lightweight authentication and key agreement protocol, TAKA, for end-to-end security between clients and trusted brokers, and integrates CapBAC for access control authorization to further enhance the broker's security against malicious users. The experimental evaluation of the system prototype demonstrates that while ensuring a high level of communication security, the overhead introduced by TEE is within an acceptable range. © 2024 IEEE. |
