The Internet of Things is constantly capturing interest from modern applications, changing our everyday life and empowering industrial applications. Interaction and the collaboration among smart devices offer new challenges to security since they conflict with economic and energy consumption requirement constraints. On the other hand, the lack of security measures could negatively impact the concrete adoption of this paradigm. This paper focuses on the Message Queuing Telemetry Transport (MQTT) protocol, widely adopted in the Internet of Things. This protocol does not implement natively secure authentication mechanisms, which are demanded to developers. Hence, this paper proposes a novel OTP (one-time password)-authentication schema for MQTT, which uses the Ethereum blockchain to implement a second-factor out-of-band channel. The proposal enables the authentication of both local and remote devices preserving user privacy and guaranteeing trust and accountability via Ethereum smart contracts.

Securing MQTT by Blockchain-Based OTP Authentication

Nardone, Roberto
2020-01-01

Abstract

The Internet of Things is constantly capturing interest from modern applications, changing our everyday life and empowering industrial applications. Interaction and the collaboration among smart devices offer new challenges to security since they conflict with economic and energy consumption requirement constraints. On the other hand, the lack of security measures could negatively impact the concrete adoption of this paradigm. This paper focuses on the Message Queuing Telemetry Transport (MQTT) protocol, widely adopted in the Internet of Things. This protocol does not implement natively secure authentication mechanisms, which are demanded to developers. Hence, this paper proposes a novel OTP (one-time password)-authentication schema for MQTT, which uses the Ethereum blockchain to implement a second-factor out-of-band channel. The proposal enables the authentication of both local and remote devices preserving user privacy and guaranteeing trust and accountability via Ethereum smart contracts.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11367/99062
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 30
  • ???jsp.display-item.citation.isi??? 17
social impact