Lightweight Security Mechanism over MQTT Protocol for IoT Devices

Security is one of the main concerns with regard to the Internet of Things (IoT) networks. Since most IoT devices are restricted in resource and power consumption, it is not easy to implement robust security mechanisms. There are different methods to secure network communications; however, they are not applicable to IoT devices. In addition, most authentication methods use certificates in which signing and verifying certificates need more computation and power. The main objective of this paper is to propose a lightweight authentication and encryption mechanism for IoT constrained devices. This mechanism uses ECDHE-PSK which is the Transport Layer Security (TLS) authentication algorithm over Message Queuing Telemetry Transport (MQTT) Protocol. This authentication algorithm provides a Perfect Forward Secrecy (PFS) feature that makes an improvement in security. It is the first time that this TLS authentication algorithm is implemented and evaluated over the MQTT protocol for IoT devices. To evaluate resource consumption of the proposed security mechanism, it was compared with the default security mechanism of the MQTT protocol and the ECDHE-ECDSA that is a certificate-based authentication algorithm. They were evaluated in terms of CPU utilization, execution time, bandwidth, and power consumption. The results show that the proposed security mechanism outperforms the ECDHE-ECDSA in all tests. Keywords—Internet of Things (IoT); MQTT; Pre-Shared Keys (PSK); elliptic curve cryptography; Diffie-Hellman Ephemeral (DHE); Digital Signature Algorithm (DSA); Perfect Forward Secrecy (PFS); authentication; power consumption; wireless sensors


I. INTRODUCTION
The Internet of Things (IoT) has been developed significantly and is moving towards maturity. It can be viewed as "a global network which provides the communication between human-to-human, human-to-things, and things-tothings by making a unique identity for each object" [1]. Multiple objects which include embedded sensors, wireless communication, processors, can be linked together to make the network of IoT. The Internet of Things is a mixture of two terms. The first term is the Internet, which connects billions of users, devices, personal systems, and even business organizations. The second term is Thing, which refers to intelligent objects [2].
There are many different environments [3] where IoT objects interact automatically with their surroundings and the Internet automatically and independently, as a result, a lot of security and privacy concerns have arisen. IoT devices have become crucial to many enterprises and even cities and preserving exchanged data becomes most important. Also, objects in IoT networks are seriously resource-constrained with limited computational ability, memory, and power, so it is very difficult to implement heavy operations on them which are required by ciphering algorithms. They need a lightweight security mechanism with low resource consumption. Traditional authentication and encryption methods have a huge overhead on IoT devices. Therefore, this study focuses on the evaluation of a lightweight security mechanism that secures communication in IoT networks as well as reduces resource consumption of IoT limited devices.
Based on these requirements in IoT networks, a communication stack is needed to provide a low-power, secure, and lightweight protocol. IoT communication stack includes different types of protocols [4] [5], this paper was tried to improve the security of the MQTT application layer protocol since it built on top of TCP protocol, has low power usage and lightweight overhead than other IoT protocols [6]. In addition, because IoT networks depend on TPC/IP, in this study, Transport Layer Security (TLS) [7] is selected which is the reliable protocol and supports most of the security cipher suites. Then the TLS evaluated over MQTT protocol when using the ECDHE-PSK authentication algorithm. The results are then compared with the ECDHE-ECDSA and also with the default security mechanism of the MQTT protocol.
The rest of the paper is categorized as follows: Section II reviews previous works related to IoT security also an overview of the MQTT protocol. Section III provides details of the proposed security mechanism. Section IV describes performance evaluation and discussion on the results. Lastly, Section V concludes the paper and offers a suggestion for future work.

A. Message Queuing Telemetry Transport (MQTT) Protocol
MQTT is an open protocol, standardized by OASIS and became an ISO standard (ISO/IEC 20922:2016) [8]. This protocol is being adopted widely and used extensively by most big companies such as Amazon and Facebook to exchange data between resource-constrained devices. MQTT supports publish/subscribe architecture [9] over TCP [10] protocol. It has two components that are the client as a publisher or subscriber and the broker. The publisher publishes messages and the client subscribes to certain topics that are relevant to them and by that, receives every message published under those topics. Each message has a topic and clients can www.ijacsa.thesai.org subscribe to several topics. These topics categorized in a hierarchical system [11] similar to file paths in a computer; e.g. "home/living room/air condition/status".
MQTT has a low overhead, meaning that it sends a very small amount of extra data and the actual content of the message. The MQTT header is incredibly small (only 2 bytes) [12] in comparison with other protocols like HTTP or CoAP [13].
Among different IoT protocols the Quality of Service (QoS) [14] features of MQTT make it unique which guaranteed delivery of messages and assurance of data distribution between two parties.
MQTT has default security features [15], For instance, for authenticating purposes, MQTT offers a simple authentication method via username and password for connecting a client to the broker. Authentication options are sent in plaintext without any encryption. Therefore, developers can implement their own security mechanisms on the network and transport layer. Security can also be provided at lower layers. For instance, MQTT uses TLS on the Transport layer to protect communication between parties.

B. The Transport Layer Security (TLS) and its cipher suits
TLS protocol [16] is a widely used secure-channel protocol that allows secure end-to-end communication between two devices. It utilizes cryptography for data protection and device authenticity. This protocol contains two main protocols: the TLS handshake protocol and the TLS record protocol. The handshake protocol allows the client and server to authenticate each other and to negotiate an encryption algorithm, MAC algorithms, and session keys for data encryption in the TLS record [17]. The TLS Record Protocol secures the connection after the TLS Handshake Protocol established using symmetric cryptography such as RC4 or AES [18] and hash functions like SHA-1 [19]. The operation is determined by the cipher suite which applied and its name represents the involved algorithms. For example, the TLS-ECDHE-ECDSA-CHACHA20-POLY1305-SHA256 cipher suite uses ECDHE as the keyexchange algorithm, ECDSA as the authentication algorithm, CHACHA20-POLY1305 as the stream cipher, and SHA256 as the hash algorithm to preserve message integrity of the handshake process.
There are some alternatives for securing end-to-end communications in networks with resource-constrained devices. For instance, using a protocol like Datagram TLS (DTLS) [20] was suggested in the past. It was developed to secure UDP-based protocols such as CoAP. It was originally developed to protect web application communication and its executions have heavy overhead [21] in IoT networks. Further, DTLS implementation is complex since it works on top of the UDP protocol. Since DTLS using UDP as a transport protocol, it cannot ensure reliability as much as TLS can, although it employs a "sequence number" field for verification. Furthermore, DTLS is not resistant against Denial of Service (DoS) attacks [22]. As a result, the use of (TLS) is becoming compulsory for most of the communications since it provides a better security level.

C. Elliptic Curve Diffie Hellman Ephemeral (ECDHE) Key
exchange algorithm ECDHE is an algorithm used for key exchange which lets two entities to make a shared secret. In fact, it is an adaption of the Diffie-Hellman (DH) [23] key exchange protocol that employs elliptic curve cryptography to minimize the key length and improve performance. Elliptic curves are used widely in various key exchange methods which include the DH key agreement. ECC [24] provides a security level similar to RSA but with smaller key sizes [25] that result in fast calculations and less power consumption for IoT devices.
In the ECDHE algorithm, each party must generate a key pair (include a public key and a private key). Public keys are Ephemeral therefore a unique session key made for each session and provide the Perfect Forward Secrecy (PFS) [26] feature. This feature guarantees that the session keys will not be compromised by making a unique session key for each session. Previous key exchange algorithms like RSA [27] and ECDH [28] cannot provide the (PFS) feature because of their static public keys. There are some papers that compared RSA and ECDH-based cryptography together. According to measurement results in [29], the overall execution time of TLS-ECDH is faster than TLS-RSA. In [30] the power consumption and performance of RSA, DH, and ECDH key exchange algorithms are compared and the results showed the ECDH algorithm is better than others. Although ECDH outperforms RSA and DH algorithms, it cannot provide forward secrecy feature that is possible by using ECDHE algorithm.

D. Elliptic Curve Digital Signature Algorithm (ECDSA)
Authentication algorithm The U.S. National Institute of Standards and Technology (NIST) developed the Digital Signature Algorithm (DSA) [31] for use in their Digital Signature Standard (DSS) in 1991. In a Digital Signature, the signer's Private Key is used to sign, and the signatory's Public Key is used to verify the signature by the recipient. The ECDSA [32] is an elliptic curve variant of the DSA algorithm that produces cryptographically digital signatures by using the Elliptic curve. This algorithm applies (160/256 bits) which is much smaller rather than (1024/2048 bits) in DSA and RSA [33]. In [34] they considered ECDSA performance compared with RSA and concluded how employing various ECC curves and also RSA key sizes impact energy consumption in IoT nodes. The results showed that ECDSA was better than RSA to secure IoT communications with resource-constrained devices since RSA has large key sizes. Although ECDSA eliminates the issues of RSA and DSA algorithms, its resource consumption is still high for IoT resource-constrained devices due to signing and verifying the certificate.

III. PROPOSED SECURITY MECHANISM AND EXPERIMENTS
Security in IoT networks is the main concern for developers. Since most IoT nodes are limited in resource and power, they require a security mechanism that fits their limitations. This research provides a lightweight security mechanism for IoT resource-constrained devices over the MQTT protocol.
(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 7, 2020 204 | P a g e www.ijacsa.thesai.org Previous authentication methods (like RSA and ECDSA) use a certificate to authenticate devices. Although using a certificate provides a high level of security, signing and verifying certificate uses a high computational process that increases CPU and power consumption. Therefore, instead of using certificate-based authentication algorithms, the proposed mechanism uses the PSK authentication algorithm that uses a pre-shared key to authenticate other parties along with the ECDHE key exchange algorithm. The symbols used to describe different processes in the proposed mechanism are illustrated in Table I. The ECDHE is used for the key exchange process in the proposed security mechanism. In this process, to use ECC, each party must agree on the domain parameters (p, a, b, G, n, h) that define the elliptic curve. Also, the client and server should have a key pair for elliptic curve cryptography, including a private key (a random integer) and a public key Q ( ). Therefore, the private key and the public key are for client and the keys and are for server. Then, the client and the server exchange their public keys. They calculate the secret key with using their own private key and other party's public key. The client computes and the server computes . The shared secret key (S) is equal for both parties since [29].
ECDHE algorithm does not provide authentication on its own, because the key is different every time and any of the parties cannot be confident that the key is from the intended party. Therefore, the Pre Shared Key (PSK) [35] authentication algorithm is used along with ECDHE in order to authenticate both parties.
The PSK authentication algorithm applies a string of characters (64 hexadecimal digits) which is used as an authentication key (shared secret) and shared previously between the client and the server to text encryption. When the secret key is shared between them, they authenticate each other through the four-step procedure Shared Key authentication algorithm [36]. The benefit of the PSK algorithm is to avoid heavy public key calculation to authenticate. The only problem of it is that if the attacker can obtain the shared secret key, previous and future sessions would be compromised. When the proposed mechanism uses PSK along with ECDHE key exchange algorithm, it provides the Perfect Forward Secrecy (PFS) feature that protects past sessions against future compromises by providing a distinct key for each session. Even if the attacker accesses this shared secret somehow, it would only compromise that specific session. Previous or future sessions would not be compromised.

A. Test Environment Architecture
To set up the architecture of the test environment, different suitable hardware was selected.
As can be seen in Fig. 1, there are two Raspberry Pi devices which act as MQTT publisher and subscriber and connected to the router using Wi-Fi connection. The ODROID-C1 acts as the MQTT broker connected through an Ethernet connection to the router. In addition, they connect to the power supply with a power cable. The power measurement hardware device placed between the publisher and the power supply to measure the energy consumption. The parameters that used in the test environment to evaluate the proposed security mechanism are shown in Table II.   Table III illustrates the different layer protocols used in the test environment.

B. Test Environment Equipment
The Raspberry Pi Zero W embeds Wi-Fi and Bluetooth v4.1. Its processor is a 1GHz BCM2835 SOC (32-bit ARMbased processor) that operates with 512MB RAM. The ODROID-C1 Single Board Computer (SBC) equipped with an Ethernet interface and two High-Speed USB A-type connectors. It has 1Gbyte DDR3 RAM and 1.5GHz Quad-Core ARMv7 processor. The power measurement device can measure voltages up to 30V and currents up to 5.1A. The AP-Router has Wi-Fi and LAN ports used to connect the Raspberry Pi devices and The ODROID-C1 together.
Besides hardware equipment, some analyzer tools and software used to measure the evaluation metrics. The PERF performance analyzer tool used to monitor CPU clock and execution time. The NMON analyzing tool was used to monitor the CPU utilization percentage. The Wireshark software used to monitor packets transferred between the clients and the broker to calculate bandwidth consumption. The OpenSSL used for Raspberry Pi devices that act as clients and also for the broker, and the C scripts run on the clients. In addition, The Eclipse Paho MQTT installed on the Raspberry Pi devices that act as MQTT clients, and the Eclipse Mosquitto installed on the ODROID-C1 acts as an MQTT broker. Two cipher suites were chosen according to the Internet Engineering Task  Force  (IETF): TLS-ECDHE-ECDSA-CHACHA20POLY1305-SHA256 and TLS-ECDHE-PSK-CHACHA20POLY1305-SHA256.
The Raspberry Pi device (publisher) starts the tests. A script on it specifies which cipher suite to be used, and then it sends messages to the Broker several times. The resource consumption by each of the MQTT transactions was measured and registered. After all the tests were done, tables and graphs related to the test data were generated.

IV. PERFOMANCE EVALUATION AND DISCUSSION
The proposed security mechanism evaluation was done using a real test environment. In order to evaluate the developed mechanism, three types of scenarios were conducted and the results of them investigated to conclude which security mechanism is more appropriate for the IoT devices. The first scenario is the default security mechanism of MQTT, the second scenario is the ECDHE-ECDSA security mechanism, and the last scenario is the proposed security mechanism which is the ECDHE-PSK. In each scenario, 30 messages with 152byte length were sent and the test repeated 60 times and the average values were calculated.
The work tested based on four evaluation metrics: including CPU utilization, execution time, bandwidth usage, and power consumption. All these performance metrics tested on three scenarios. Fig. 2 compares the average CPU utilization percentage between three security mechanisms. As can be seen, ECDHE-ECDSA consumed the most CPU percentage, about 60%, since the signing and verification process needs more computation. In comparison, the ECDHE-PSK security mechanisms used 10% less than the ECDHE-ECDSA because it does not use any certificate for authentication. The default security mechanism of MQTT, which used only a simple user name and password for authentication, utilized the lowest CPU.

B. Average Execution Time
According to the bar chart shown in Fig. 3, the highest execution time related to the ECDHE-ECDSA is 2.91 seconds. While the average time fell to 2.58 seconds when the ECDHE-PSK security mechanism executed on the device.

C. Average Bandwidth Consumption
To measure the consumed bandwidth for each security mechanism the following bandwidth equation was used: Consumed Bandwidth (bps) = As shown in Fig. 4, in the default security mechanism of MQTT, the average bandwidth consumption was only 80,391 bps. In the implementation of MQTT with ECDHE-ECDSA security mechanism, the average bandwidth consumption has been increased significantly and reached 154,269 bps because of the certificate which is transferred between publisher and broker in this security mechanism. While the proposed mechanism used only 3 0 4 bps more than the default security mechanism of the MQTT, its average bandwidth consumption is around 118,475 bps. As can be seen, the authentication mechanism has an effect on increasing bandwidth consumption where extra packets are added to negotiate and they include extra bytes for handling authentication parameters.

D. Average Power Consumption
Power consumption is the other metric. When the traffic volume increases, it will result in higher processing. Therefore, the power consumption increases too. As shown in Fig. 5, the ECDHE-ECDSA security mechanism used by far the highest power due to the signing and verifying certificate.

V. CONCLUSION AND FUTURE WORK
The aim of this paper was to propose a lightweight security mechanism for the IoT resource-constrained devices over the MQTT protocol. Since authentication is an unavoidable step to secure communication, the impact of the different authentication algorithms on IoT nodes was evaluated. Most secure authentication algorithms for securing the TLS communications like RSA and ECDSA use a certificate to authenticate other parties that is heavy for IoT devices. The use of a Pre-shared key instead of a certificate can be useful to authenticate IoT devices. Therefore the performance and resource consumption of the ECDHE-PSK authentication algorithm with the ECDHE-ECDSA certificate-based authentication algorithm was evaluated and compared. Since the PSK algorithm does not require a certificate to authenticate; it can decrease the resource consumption of IoT devices significantly. In addition, the ECDHE-PSK provides the Perfect Forward Secrecy (PFS) feature to ensure more secure communication.
After running different evaluations, the proposed security mechanism ECDHE-PSK outperformed ECDHE_ECDSA in all evaluation metrics. It utilized less CPU, execution time, bandwidth, and energy than the ECHDE-ECDSA security mechanism which is one of the most popular and reliable TLS authentication algorithms recently used. It is clear that using a certificate to validate the data will result in more data transfer as well as more CPU usage. The increase in these two factors has an effect on the amount of power consumption too. IoT devices are usually vulnerable because their hardware cannot accommodate the required certificates while reducing power consumption and CPU processing. By using ECDHE-PSK the IoT devices can overcome these limitations.
Since the IoT field is still a new research topic, the existing IoT simulators do not support the latest cipher suites and security mechanisms on the MQTT protocol. Therefore, to evaluate the proposed mechanism, a real testbed was required. It was the first time that this TLS authentication algorithm was implemented and evaluated over the MQTT protocol. Real environment scenarios testing are the only way to determine which security algorithms are more suitable for IoT devices.
An interesting issue for future work is implementing this security mechanism on a bigger scale with more IoT devices and sensors to evaluate different metrics where the network is under high traffic load. Besides this, some attack scenarios can be simulated to evaluate attack resistance of the security mechanism against common attacks.