Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Article Title: Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension
All Authors: Qi Bing, Qin Yu, Li Minhong, Xie Hong, Shang Ketong, Feng Wei, Li Wei
First Affiliation: University of Chinese Academy of Sciences
Publication Date: 2022, 31(11): 68–78
Abstract
Summary

With the rapid development of the Internet of Things (IoT), the number of devices has increased exponentially, leading to growing concerns about IoT security. Typically, integrity certification of IoT devices is achieved through software proof methods to timely detect system integrity tampering caused by malicious software execution within devices. However, existing IoT software proof methods face challenges such as low performance in synchronizing proofs for massive devices and difficulties in extending general IoT communication protocols. To address these issues, a lightweight asynchronous integrity monitoring solution is proposed, which extends software proof security certification messages over the general MQTT protocol, asynchronously pushing device integrity information, ensuring high security of the IoT system while improving the efficiency of device integrity proof verification. The proposed solution implements three main security functionalities: achieving device integrity measurement through a kernel module, lightweight authentication extension for device identity and integrity based on MQTT, and asynchronous integrity monitoring based on the MQTT extended protocol. The proposed solution can resist common software proof and MQTT protocol attacks, featuring lightweight asynchronous software proof and general MQTT security extensions. Finally, experimental results based on the MQTT IoT authentication prototype system show that the integrity measurement of IoT nodes, MQTT protocol connection authentication, and PUBLISH message authentication perform well, meeting the application needs for monitoring the integrity of massive IoT devices.

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Scan the QR code to read the full article

Selected Illustrations
(1) Design of MQTT Integrity Monitoring Scheme
This scheme aims to monitor the integrity of IoT devices, where the device measurement results are forwarded to all verifiers subscribed to the topic by the MQTT broker. Therefore, the main attacks come from the device system itself and network communication. The attack points faced by the system mainly include the IoT device nodes themselves, the process of establishing connections with the MQTT broker, and the process of pushing data to the MQTT broker. In large-scale IoT applications, verification nodes need to handle a massive number of concurrent verifications and integrity checks. Using conventional challenge-response verification methods for a large number of IoT devices would incur significant synchronization overhead, making it difficult for the functions to execute normally. This scheme extends the existing MQTT protocol with software proof security, adds lightweight identity authentication features, and allows device nodes to periodically measure the integrity status of device processes, sending them to the verifier for validation, ultimately achieving asynchronous transmission and monitoring of IoT node integrity based on the MQTT protocol. The process is divided into five main parts: initialization configuration phase, device measurement phase, CONNECT phase, push phase, and subscription verification phase. The device measurement process, identity authentication process, and verification node validation process are shown in Figures 1 to 3.

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Figure 1 Device Measurement Process

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Figure 2 Identity Authentication Process

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Figure 3 Verification Node Validation Process

(2) Experimental Results and Analysis

Performance tests were conducted on the three modules involved in the scheme, including the identity authentication process in the CONNECT phase, the kernel module integrity measurement process, and the verification process for generating and validating integrity monitoring headers. In our scheme, the CONNECT phase includes three main parts: the device node generates the verification header, the MQTT broker checks and constructs the verification content of the CONNACK message, and the device node parses the security information. After these three steps, the device node successfully authenticates with the MQTT broker and negotiates a session key for communication. The overhead data is shown in Figure 4(a).

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

Figure 4 Performance Overhead

For the integrity measurement of processes within the system, the results are shown in Table 1. Tests were conducted 1,000 times on programs of different sizes, taking four examples: sudo with a size of 149,128 bytes, bash with 964,220 bytes, and Xorg with an average measurement overhead of 2,271,600 bytes, as shown in Figure 4(b).

Table 1 Integrity Measurement Results

Integrity Monitoring of IoT Devices Based on MQTT Protocol Extension

After establishing a connection with the MQTT broker, the device node pushes the PUBLISH message to the broker. The PUBLISH message includes a verification header based on the measured content and uses the session key agreed upon in the CONNECT phase for MAC verification. The device node performs an SM4 hash calculation on the measurement content and uses the session key to generate the MAC authentication code. The broker receives the PUBLISH message, performs the same MAC authentication code calculation on the measurement content, and compares it with the verification header content in the message to confirm that the measurement content comes from a legitimate node. The measurement results are shown in Figure 4(c).

(3) Conclusion

This scheme extends the identity and integrity proof of IoT devices based on the general MQTT protocol, achieving lightweight IoT device software proof functionality. The system-level integrity measurement is provided through a kernel module measurement method in the device node system, and a lightweight integrity monitoring protocol is designed and implemented relying on the security extension of the MQTT protocol. This scheme features lightweight asynchronous software proof and general MQTT security extensions. It can effectively respond to the remote proof application needs of massive IoT devices, reducing synchronization proof overhead and verification node computational overhead, avoiding the impact of concurrent proof requests from multiple verification nodes on device availability, and facilitating dynamic adjustments and upgrades of IoT networks.

Related posts

  1. Comparison of MQTT and Modbus Protocols
  2. Practical File Reading in Rust
  3. Five Evolution Directions of Sensor Technology by 2030
  4. Happy New Year: DIY Spring Festival Themed Flip Animation Display
  5. Enhancing Fluorescence Efficiency and Reactive Oxygen Species Generation through Anion-π+ Interaction and Crowded Conformation
  6. Understanding the Working Principle of MQTT Protocol
  7. Trends in MQTT Technology Protocol Development
  8. What Is the Use of MQTT?
  9. MQTT vs CoAP: A Comparison of IoT Protocols
  10. MQTT Over QUIC: The Next-Gen IoT Messaging Protocol
  11. Understanding MQTT: A Solution for Machine Communication
  12. Edge Node Data Synchronization Solution: IoT Data Collection and Processing with MQTT
  13. Understanding IoT and MQTT Protocol
  14. Beginner Friendly | Quick Steps to Achieve MQTT Communication with Cloud Platform
  15. Comparison of MQTT and SOM/IP Communication Protocols
  16. Using MQTT for Inter-Process Communication
  17. Detect Objects and Transmit Images Using MQTT
  18. Learning MQTT Protocol: 006 – Subscribe Topic and Corresponding Messages (SUBSCRIBE, SUBACK, UNSUBSCRIBE, UNSUBACK)
  19. Analysis of Risks in MQTT Protocol Interfaces

Leave a Comment