Skip to main content

Advertisement

SpringerLink
Log in

Implementation of SSL/TLS Security with MQTT Protocol in IoT Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Internet of Things (IoT) is the interconnection of devices with the internet to deliver its tasks. Nowadays, security is the main concern relating to these devices. Low in power storage, low in processing capabilities and low in data storage make it hard to provide a strong set of security protocols to protect the vulnerable devices “things”. Having internet as its backbone, allows the devices to communicate seamlessly. However, without any form of protection, it would open the door for hackers or middleman to hijack the connection, steal data and sabotage the information. In this paper, Secure Socket Layer and Transport Layer Security (SSL/TLS) protocol is implemented on top of Message Queuing Telemetry Transport (MQTT) IoT application protocol and the performance of the network is evaluated and analyzed in a typical IoT testbed comprising Raspberry Pi4 and ESP32 nodes. This work focuses on energy consumption, generated overhead, system complexity and required data storage resources. Experimental results of stress testing the system indicates that SSL/TLS encryption, operating with MQTT Quality of Service (QoS) level 2, while increasing the traffic rate 3.5 orders of magnitude yields more than two thousand times the amount of overhead generated and results in 73.25 J of consumed energy. Whereas operating without the SSL/TLS encryption under the same stress testing conditions yields only 140 times the amount of overhead generated and results in a mere 18.76 J of consumed energy. This difference of 4 folds on consumed energy indicates that the SSL/TLS -enabled node battery can only last a quarter of the lifespan of the TLS-free node and concluding the SSL/TLS encryption is not a viable solution for battery-operated IoT nodes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data Availability

This research has no associated data to it that is relevant to the content of this article.

References

  1. Canedo, J., & Skjellum, A. (2016). Using machine learning to secure IoT systems. In 2016 14th annual conference on privacy, security and trust (PST), IEEE. pp. 219–222. https://doi.org/10.1109/PST.2016.7906930.

  2. Statista. Number of IoT connected devices worldwide 2019–2021, with forecasts to 2030, 22 November, 2022. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/.

  3. Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6LoWPAN based internet of things. In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob), IEEE. pp. 600–607. https://doi.org/10.1109/WiMOB.2013.6673419.

  4. Ali, I., Sabir, S., & Ullah, Z. (2016). Internet of things security, device authentication and access control: a review. International Journal of Computer Science and Information Security IJCSIS, 14(8), 456–466.

    Google Scholar 

  5. Dineva, K. & Atanasova, T. (2019). Security in iot systems. In 19th international multidisciplinary scientific geoconference SGEM 2019, pp. 569–578, no 2.1. https://doi.org/10.5593/sgem2019/2.1/S07.075.

  6. Tandale, U., Momin, B. & Seetharam, D. P. (2017). An empirical study of application layer protocols for IoT. In 2017 International conference on energy, communication, data analytics and soft computing, pp. 2447–2451. https://doi.org/10.1109/ICECDS.2017.8389890.

  7. Sethi, P., & Sarangi, S. R. (2017). Internet of things: architectures, protocols, and applications. Journal of Electrical and Computer Engineering.

  8. Tiburski, R. T., Amaral, L. A., De Matos, E., De Azevedo, D. F., & Hessel, F. (2016). The role of lightweight approaches towards the standardization of a security architecture for IoT middleware systems. IEEE Communications Magazine, 54(12), 56–62. https://doi.org/10.1109/MCOM.2016.1600462CM

    Article  Google Scholar 

  9. Jokela, P., Moskowitz, R., & Nikander, P. (2008). Using the encapsulating security payload (ESP) transport format with the host identity protocol (HIP). RFC5202l.

  10. Bensalah, F., El Kamoun, N., & Bahnasse, A. (2017). Evaluation of tunnel layer impact on VOIP performances (IP-MPLS-MPLS VPN-MPLS VPN IPsec). International Journal of Computer Science and Network Security (IJCSNS), 17(3), 87.

    Google Scholar 

  11. Thomas, S. (2000). SSL and TLS essentials, securing the web (p. 3). John Wiley and Sons.

    Google Scholar 

  12. Chen, X. (2014). Constrained application protocol for internet of things. URL: http://www.cse.wustl.edu/~jain/cse574-14/ftp/coap

  13. Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., & Krupitzer, C. (2021). Performance impact analysis of securing mqtt using tls. In Proceedings of the ACM/SPEC international conference on performance engineering, pp. 241–248.

  14. Baranauskas, E., Toldinas, J., & Lozinskis, B. (2019). Evaluation of the impact on energy consumption of MQTT protocol over TLS. In CEUR workshop proceedings: IVUS 2019 international conference on information technologies: Proceedings of the international conference on information technologies, Kaunas, Lithuania, April 25, 2019, Vol. 2470, pp. 56–60. CEUR-WS.

  15. Shapsough, S., Aloul, F., & Zualkernan, I. A. (2018). Securing low-resource edge devices for IoT systems. In 2018 International symposium in sensing and instrumentation in IoT Era (ISSI), IEEE. pp. 1–4.

  16. Laaroussi, Z., & Novo, O. (2021). A performance analysis of the security communication in CoAP and MQTT. In 2021 IEEE 18th Annual consumer communications & networking conference (CCNC), IEEE. pp. 1–6.

  17. Silva, C., Toasa, R., Martinez, H. D., Veloz, J., & Gallardo, C. (2017). Secure push notification service based on MQTT protocol for mobile platforms. In XII Jornadas Iberoamericanas de Ingeniería de Software e Ingeniería del Conocimiento y Congreso Ecuatoriano en Ingeniería de Software, pp. 69–84.

  18. Alghamdi, K., Alqazzaz, A., Liu, A., & Ming, H. (2018). Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications. In Proceedings of the eighth ACM conference on data and application security and privacy, pp. 95–102.

  19. Saverimoutou, A., Mathieu, B., & Vaton, S. (2017). Which secure transport protocol for a reliable HTTP/2-based web service: TLS or QUIC?. In 2017 IEEE symposium on computers and communications (ISCC), IEEE. pp. 879–884. https://doi.org/10.1109/ISCC.2017.8024637.

  20. Seufert, M., Schatz, R., Wehner, N., Gardlo, B., & Casas, P. (2019). Is QUIC becoming the new TCP? On the potential impact of a new protocol on networked multimedia QoE. In 2019 Eleventh international conference on quality of multimedia experience (QoMEX), IEEE. pp. 1–6. https://doi.org/10.1109/QoMEX.2019.8743223.

  21. Lampkin, V., Leong, W. T., Olivera, L., Rawat, S., Subrahmanyam, N., Xiang, R., & Locke, D. (2012). Building smarter planet solutions with mqtt and ibm websphere mq telemetry. IBM Redbooks.

    Google Scholar 

  22. Wukkadada, B., Wankhede, K., Nambiar, R., & Nair, A. (2018). Comparison with HTTP and MQTT in internet of things (IoT). In 2018 International conference on inventive research in computing applications (ICIRCA), IEEE. pp. 249–253. https://doi.org/10.1109/ICIRCA.2018.8597401.

  23. Habaebi, M. H., Al-Haddad, A., Zyoud, A., & Hijazi, G. (2018). Micro search engine for IoT: An IoT search engine prototype for private networks. Recent Advances in Electrical and Electronic Engineering, 11(2), 123–131. https://doi.org/10.2174/2352096511666180117144450

    Article  Google Scholar 

  24. Hijazi, G., Hadi Habaebi, M., Al-Haddad, A., & Zyoud, A. M. (2021). Stress testing MQTT server for private IOT networks. International Journal of Electronics and Telecommunications, 67(2), 229–234.

    Google Scholar 

  25. Carlsson, F., & Eriksson, K.-G. (2018). Comparison of security level and current consumption of security implementations for MQTT (Master Dissertation). Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-40760.

  26. Yassein, M. B., Shatnawi, M. Q., Aljwarneh, S., & Al-Hatmi, R. (2017). Internet of things: Survey and open issues of MQTT protocol. In 2017 International conference on engineering & MIS (ICEMIS), IEEE. pp. 1–6. https://doi.org/10.1109/ICEMIS.2017.8273112.

  27. Rodríguez, C., Baez, M., Daniel, F., Casati, F., Trabucco, J. C., Canali, L., & Percannella, G. (2016). REST APIs: A large-scale analysis of compliance with principles and best practices. In International conference on web engineering, Springer, Cham. pp. 21–39. https://doi.org/10.1007/978-3-319-38791-8_2.

  28. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., & Berners-Lee, T. (1999). Hypertext transfer protocol–HTTP/1.1.

  29. ESP 32 Series Datasheet (2018). https://www.espressif.com/sites/default/files/documentation/esp32_datasheet_en.pdf

Download references

Funding

This work was conducted in IoT and Wireless Communication Protocols Lab, ECE Department, International Islamic University Malaysia (IIUM).

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, International Islamic University Malaysia, Kuala Lumpur, Malaysia

    Iqbal Luqman Bin Mohd Paris & Mohamed Hadi Habaebi

  2. Department of Electrical and Computer Engineering, Birzeit University, Birzeit, Ramallah, Palestine

    Alhareth Mohammed Zyoud

Authors
  1. Iqbal Luqman Bin Mohd Paris
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohamed Hadi Habaebi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alhareth Mohammed Zyoud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Hadi Habaebi.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Paris, I.L.B.M., Habaebi, M.H. & Zyoud, A.M. Implementation of SSL/TLS Security with MQTT Protocol in IoT Environment. Wireless Pers Commun 132, 163–182 (2023). https://doi.org/10.1007/s11277-023-10605-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10605-y

Keywords

Search

Navigation