SEEMQTT: Secure End-to-End MQTT-Based Communication for Mobile IoT Systems Using Secret Sharing and Trust Delegation

The publish/subscribe (Pub/Sub) model offers a communication scheme that is appropriate for a variety of mobile Internet of Things (IoT) systems (e.g., autonomous vehicles). In most of these systems, ensuring the end-to-end (E2E) security of exchanged information is a critical requirement. However, the Pub/Sub scheme lacks appropriate mechanisms to ensure the E2E security, even when state-of-the-art solutions, such as transport layer security (TLS) or attribute-based encryption (ABE), were adopted. These solutions either do not offer E2E security or are infeasible to be adopted in mobile IoT systems with resource-constrained platforms. In this article, we propose a framework, so-called SEEMQTT, to ensure secure E2E Pub/Sub-based communication for mobile IoT systems. Our solution allows the publisher to encrypt the published messages and control which subscribers can decrypt these messages without violating the decoupling requirement of the Pub/Sub model. Our solution leverages multiple honest-but-curious KeyStores to store secret shares generated from a secret key using a secret sharing scheme. The links between the publisher and every KeyStores are secured using identity-based encryption (IBE). The publisher uses the secret key to encrypt published messages. Trust delegation is used to authorize certain subscribers to access these shares and consequently decrypt the published messages. We provide an Arduino-based library that implements our proposed protocol. Also, we perform an extensive performance evaluation using real IoT hardware. Experimental results show that adopting our proposed solution, SEEMQTT, makes E2E security for mobile IoT systems feasible.