Let’s delve into MQTT, how to ensure its security, and examples of the protocol to see how it has rapidly gained popularity in the field of the Internet of Things.
In today’s world, there are billions of smart devices. Imagine if these devices were all interconnected and could communicate with each other just like their users, forming a global network. This is what is commonly referred to as the Internet of Things, or IoT. The IoT has fundamentally changed the IT world and how we innovate. When exploring the IoT, one must consider its performance and security issues.
The Message Queue Telemetry Transport Protocol (MQTT)
MQTT is a lightweight messaging protocol for machine-to-machine (M2M) communication based on a publish/subscribe model over the TCP/IP protocol. This protocol provides telemetry technology, and MQTT developers are working hard to connect the ever-growing world of the Internet, which is expected to produce a more diverse range of smart devices. The first version of the MQTT protocol was written by IBM’s Stanford-Clark and Arlen Nipper.
Why MQTT?
MQTT has been used in Facebook’s messaging application, allowing it to maintain a long connection with the server without consuming too much power; it only requires very low network bandwidth, and the code footprint is also very small; it transmits data over widely distributed and intermittently connected networks. These characteristics give MQTT a significant advantage in remote devices with small memory and weak processing capabilities.
Additionally, MQTT has several very notable features:
-
Open-source, free, and easy to use
-
Follows a one-to-many, publish/subscribe model
-
Streamlined message headers
-
Provides multiple different quality of service levels
-
Simple message commands
-
Does not impose strict requirements on the type and format of data transmitted, maintaining flexibility
-
Messages can be retained
-
Clean sessions and persistent connections
-
Last Will and Testament flag
Comparison of MQTT and HTTP:
|
MQTT |
HTTP |
|
|
Design |
Data-centric |
File-centric |
|
Model |
Publish/Subscribe |
Request/Response |
|
Complexity |
Simple commands |
Complex |
|
Message Size |
Small, compressed binary size of 2 bytes |
Larger, as headers are in text format |
|
Service Level |
3 QoS levels |
Same service level for all messages |
|
Distribution |
One-to-many |
One-to-one |
An example of MQTT topology:
Quality of Service Levels
The QoS value determines how each message will be delivered, and each sent message requires a mandatory QoS value setting.
Level 0 (At most once delivery)
When the QoS value of a message is set to 0, no acknowledgment is required, and no retransmission mechanism is defined. The message either successfully reaches the broker (MQTT broker) once or does not reach at all. If the client disconnects or the server fails, QoS 0 messages will be lost, and the MQTT layer will not attempt to retransmit the message. From a performance perspective, this is the fastest way to send messages using MQTT. Only the MQTT command PUBLISH is used in level 0; other commands are not used.
QoS 1 (At least once delivery)
The MQTT client or server will attempt to deliver the message at least once, but duplicates may occur. When the broker receives the message, it sends an acknowledgment command PUBACK. If the PUBACK is not received, the sender will resend the message using DUP (duplicate). Upon receiving a message with the DUP bit set, the broker will republish the message to all subscribers and send the PUBACK acknowledgment back to the sender again. The communication mechanism for level 1 is implemented through MQTT message persistence. When PUBLISH occurs, the message will be stored in the persistence layer (such as disk) and deleted upon receiving PUBACK. QoS 1 messages have a message ID in the message header.
QoS 2 (Exactly once delivery)
On the basis of QoS 1, an additional control flow ensures that messages are delivered exactly once without duplication. Messages are sent in the PUBLISH stream and stored by the client in the persistence layer. A PUBREC message is sent in response to PUBLISH. Meanwhile, the message is locked on the server. Upon receiving PUBREC, PUBREL is sent to the server. When PUBREL is received, the broker sends the message, returns PUBCOMP, and discards the stored state. QoS 2 messages have a message ID in the message header.
The purpose of MQTT is to provide lightweight communication for the IoT, but security comes at the cost of increased processor usage and communication overhead. This is why there are only a few security mechanisms in the protocol. However, many implementations of MQTT use security standards such as SSL/TLS.
Security in MQTT is divided into multiple layers:
Network Layer: Uses physical security networks or VPNs to provide secure connections for communication.
Transport Layer: Uses TLS/SSL for transport encryption, ensuring communication encryption and authentication.
Application Layer: The protocol has a client ID and username/password credentials for device authentication. Another way is to perform payload encryption without extensive transport encryption.
MQTT in Practice – Home Monitoring
A home monitoring system is a typical example of an application based on MQTT. For instance, the current temperature of an indoor heater can be sent to the device on request.
Like any other application, when it comes to communication between two applications or devices, there is a possibility of communication failure, making it very important to monitor applications to ensure effective operation and a good user experience.
Catchpoint can currently use the MQTT protocol to monitor the performance and availability of IoT devices. MQTT testing can be done by publishing and subscribing to messages on specified topics using the MQTT publish/subscribe model, and it can measure communication times.
In today’s world, there are billions of smart devices. Imagine if these devices were all interconnected and could communicate with each other just like their users, forming a global network.
Long press the QR code ▲
Subscribe to the ‘Architect’s Secret Circle’ public account
If inspired, please give me a thumbs up, thank you ↓