The Internet of Things (IoT) consists of any device that can be connected to the Internet. These devices can communicate with each other and gather data, which can be analyzed to help someone or be sent to different networks to solve other problems. With its rapid rise in society, the need for more security in machine-to-machine (M2M) communication becomes increasingly necessary. Therefore, the success of IoT is dependent on sufficiently addressing concerns surrounding data privacy, cryptocurrency mining attacks, home invasion, remote vehicle access and more. To address these concerns, we will improve the existing security in Message Queuing Telemetry Transport (MQTT) using payload encryption with AES-384 and compare it with the TLS approach. MQTT is a lightweight communication protocol for IoT that uses broker-based communication and publishing/subscribing operations to create a connection and communicate between devices. Our project aims to improve the current standard by increasing the maximum 256-bit key size to 384-bits and the number of rounds of AES to combat cyberattacks. In this project, we propose a secure communication scheme using Elliptic Curve Diffie Hellman (ECDH) and Secure Hashing Algorithm 3 (SHA) 512 internally for key distribution to encrypt and decrypt topic keys. Topic-based key sharing is proposed to create keys for each topic that is used to encrypt/decrypt the payload. Our work is built upon this proposition and evaluates the performance of AES-384.
As the Internet of Things (IoT) increases, the exposure of sensitive information is increasingly becoming a major concern. Several people claim that even though it is possible to connect all kinds of devices together, we still should not do this because of privacy concerns. What if an attacker could manage to hack into one of the several interconnected smart devices and control a garage door or even a car? IoT can enrich our lives in countless ways as long as proper security mechanisms are in place to bolster smarter, more efficient and interconnected devices. A smartwatch could connect to a smart speaker and recommend workout playlists when it senses physical activity, a smart light bulb connected to a smart door lock could turn the lights on and off, or a smart thermostat could change the room temperature upon entering or leaving the house, saving electricity. The success of IoT depends on sufficiently addressing a wide variety of privacy concerns. To address these concerns, we will improve the existing security in MQTT (an IoT protocol), while considering the efficiency and constraints of IoT devices. We will implement payload encryption in MQTT with AES-384 to increase security, allowing for safer message delivery across networks.