Abstract
Internet of Things (IoT) is the interconnection of devices with the internet to deliver its tasks. Nowadays, security is the main concern relating to these devices. Low in power storage, low in processing capabilities and low in data storage make it hard to provide a strong set of security protocols to protect the vulnerable devices “things”. Having internet as its backbone, allows the devices to communicate seamlessly. However, without any form of protection, it would open the door for hackers or middleman to hijack the connection, steal data and sabotage the information. In this paper, Secure Socket Layer and Transport Layer Security (SSL/TLS) protocol is implemented on top of Message Queuing Telemetry Transport (MQTT) IoT application protocol and the performance of the network is evaluated and analyzed in a typical IoT testbed comprising Raspberry Pi4 and ESP32 nodes. This work focuses on energy consumption, generated overhead, system complexity and required data storage resources. Experimental results of stress testing the system indicates that SSL/TLS encryption, operating with MQTT Quality of Service (QoS) level 2, while increasing the traffic rate 3.5 orders of magnitude yields more than two thousand times the amount of overhead generated and results in 73.25 J of consumed energy. Whereas operating without the SSL/TLS encryption under the same stress testing conditions yields only 140 times the amount of overhead generated and results in a mere 18.76 J of consumed energy. This difference of 4 folds on consumed energy indicates that the SSL/TLS -enabled node battery can only last a quarter of the lifespan of the TLS-free node and concluding the SSL/TLS encryption is not a viable solution for battery-operated IoT nodes.
Similar content being viewed by others
Data Availability
This research has no associated data to it that is relevant to the content of this article.
References
Canedo, J., & Skjellum, A. (2016). Using machine learning to secure IoT systems. In 2016 14th annual conference on privacy, security and trust (PST), IEEE. pp. 219–222. https://doi.org/10.1109/PST.2016.7906930.
Statista. Number of IoT connected devices worldwide 2019–2021, with forecasts to 2030, 22 November, 2022. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/.
Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6LoWPAN based internet of things. In 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob), IEEE. pp. 600–607. https://doi.org/10.1109/WiMOB.2013.6673419.
Ali, I., Sabir, S., & Ullah, Z. (2016). Internet of things security, device authentication and access control: a review. International Journal of Computer Science and Information Security IJCSIS, 14(8), 456–466.
Dineva, K. & Atanasova, T. (2019). Security in iot systems. In 19th international multidisciplinary scientific geoconference SGEM 2019, pp. 569–578, no 2.1. https://doi.org/10.5593/sgem2019/2.1/S07.075.
Tandale, U., Momin, B. & Seetharam, D. P. (2017). An empirical study of application layer protocols for IoT. In 2017 International conference on energy, communication, data analytics and soft computing, pp. 2447–2451. https://doi.org/10.1109/ICECDS.2017.8389890.
Sethi, P., & Sarangi, S. R. (2017). Internet of things: architectures, protocols, and applications. Journal of Electrical and Computer Engineering.
Tiburski, R. T., Amaral, L. A., De Matos, E., De Azevedo, D. F., & Hessel, F. (2016). The role of lightweight approaches towards the standardization of a security architecture for IoT middleware systems. IEEE Communications Magazine, 54(12), 56–62. https://doi.org/10.1109/MCOM.2016.1600462CM
Jokela, P., Moskowitz, R., & Nikander, P. (2008). Using the encapsulating security payload (ESP) transport format with the host identity protocol (HIP). RFC5202l.
Bensalah, F., El Kamoun, N., & Bahnasse, A. (2017). Evaluation of tunnel layer impact on VOIP performances (IP-MPLS-MPLS VPN-MPLS VPN IPsec). International Journal of Computer Science and Network Security (IJCSNS), 17(3), 87.
Thomas, S. (2000). SSL and TLS essentials, securing the web (p. 3). John Wiley and Sons.
Chen, X. (2014). Constrained application protocol for internet of things. URL: http://www.cse.wustl.edu/~jain/cse574-14/ftp/coap
Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., & Krupitzer, C. (2021). Performance impact analysis of securing mqtt using tls. In Proceedings of the ACM/SPEC international conference on performance engineering, pp. 241–248.
Baranauskas, E., Toldinas, J., & Lozinskis, B. (2019). Evaluation of the impact on energy consumption of MQTT protocol over TLS. In CEUR workshop proceedings: IVUS 2019 international conference on information technologies: Proceedings of the international conference on information technologies, Kaunas, Lithuania, April 25, 2019, Vol. 2470, pp. 56–60. CEUR-WS.
Shapsough, S., Aloul, F., & Zualkernan, I. A. (2018). Securing low-resource edge devices for IoT systems. In 2018 International symposium in sensing and instrumentation in IoT Era (ISSI), IEEE. pp. 1–4.
Laaroussi, Z., & Novo, O. (2021). A performance analysis of the security communication in CoAP and MQTT. In 2021 IEEE 18th Annual consumer communications & networking conference (CCNC), IEEE. pp. 1–6.
Silva, C., Toasa, R., Martinez, H. D., Veloz, J., & Gallardo, C. (2017). Secure push notification service based on MQTT protocol for mobile platforms. In XII Jornadas Iberoamericanas de Ingeniería de Software e Ingeniería del Conocimiento y Congreso Ecuatoriano en Ingeniería de Software, pp. 69–84.
Alghamdi, K., Alqazzaz, A., Liu, A., & Ming, H. (2018). Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications. In Proceedings of the eighth ACM conference on data and application security and privacy, pp. 95–102.
Saverimoutou, A., Mathieu, B., & Vaton, S. (2017). Which secure transport protocol for a reliable HTTP/2-based web service: TLS or QUIC?. In 2017 IEEE symposium on computers and communications (ISCC), IEEE. pp. 879–884. https://doi.org/10.1109/ISCC.2017.8024637.
Seufert, M., Schatz, R., Wehner, N., Gardlo, B., & Casas, P. (2019). Is QUIC becoming the new TCP? On the potential impact of a new protocol on networked multimedia QoE. In 2019 Eleventh international conference on quality of multimedia experience (QoMEX), IEEE. pp. 1–6. https://doi.org/10.1109/QoMEX.2019.8743223.
Lampkin, V., Leong, W. T., Olivera, L., Rawat, S., Subrahmanyam, N., Xiang, R., & Locke, D. (2012). Building smarter planet solutions with mqtt and ibm websphere mq telemetry. IBM Redbooks.
Wukkadada, B., Wankhede, K., Nambiar, R., & Nair, A. (2018). Comparison with HTTP and MQTT in internet of things (IoT). In 2018 International conference on inventive research in computing applications (ICIRCA), IEEE. pp. 249–253. https://doi.org/10.1109/ICIRCA.2018.8597401.
Habaebi, M. H., Al-Haddad, A., Zyoud, A., & Hijazi, G. (2018). Micro search engine for IoT: An IoT search engine prototype for private networks. Recent Advances in Electrical and Electronic Engineering, 11(2), 123–131. https://doi.org/10.2174/2352096511666180117144450
Hijazi, G., Hadi Habaebi, M., Al-Haddad, A., & Zyoud, A. M. (2021). Stress testing MQTT server for private IOT networks. International Journal of Electronics and Telecommunications, 67(2), 229–234.
Carlsson, F., & Eriksson, K.-G. (2018). Comparison of security level and current consumption of security implementations for MQTT (Master Dissertation). Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-40760.
Yassein, M. B., Shatnawi, M. Q., Aljwarneh, S., & Al-Hatmi, R. (2017). Internet of things: Survey and open issues of MQTT protocol. In 2017 International conference on engineering & MIS (ICEMIS), IEEE. pp. 1–6. https://doi.org/10.1109/ICEMIS.2017.8273112.
Rodríguez, C., Baez, M., Daniel, F., Casati, F., Trabucco, J. C., Canali, L., & Percannella, G. (2016). REST APIs: A large-scale analysis of compliance with principles and best practices. In International conference on web engineering, Springer, Cham. pp. 21–39. https://doi.org/10.1007/978-3-319-38791-8_2.
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., & Berners-Lee, T. (1999). Hypertext transfer protocol–HTTP/1.1.
ESP 32 Series Datasheet (2018). https://www.espressif.com/sites/default/files/documentation/esp32_datasheet_en.pdf
Funding
This work was conducted in IoT and Wireless Communication Protocols Lab, ECE Department, International Islamic University Malaysia (IIUM).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Paris, I.L.B.M., Habaebi, M.H. & Zyoud, A.M. Implementation of SSL/TLS Security with MQTT Protocol in IoT Environment. Wireless Pers Commun 132, 163–182 (2023). https://doi.org/10.1007/s11277-023-10605-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10605-y