Cargando…

MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices

Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we pr...

Descripción completa

Detalles Bibliográficos
Autores principales: Sahlmann, Kristina, Clemens, Vera, Nowak, Michael, Schnor, Bettina
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7792629/
https://www.ncbi.nlm.nih.gov/pubmed/33374965
http://dx.doi.org/10.3390/s21010010
_version_ 1783633845754527744
author Sahlmann, Kristina
Clemens, Vera
Nowak, Michael
Schnor, Bettina
author_facet Sahlmann, Kristina
Clemens, Vera
Nowak, Michael
Schnor, Bettina
author_sort Sahlmann, Kristina
collection PubMed
description Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.
format Online
Article
Text
id pubmed-7792629
institution National Center for Biotechnology Information
language English
publishDate 2020
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-77926292021-01-09 MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices Sahlmann, Kristina Clemens, Vera Nowak, Michael Schnor, Bettina Sensors (Basel) Article Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices. MDPI 2020-12-22 /pmc/articles/PMC7792629/ /pubmed/33374965 http://dx.doi.org/10.3390/s21010010 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Sahlmann, Kristina
Clemens, Vera
Nowak, Michael
Schnor, Bettina
MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title_full MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title_fullStr MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title_full_unstemmed MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title_short MUP: Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
title_sort mup: simplifying secure over-the-air update with mqtt for constrained iot devices
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7792629/
https://www.ncbi.nlm.nih.gov/pubmed/33374965
http://dx.doi.org/10.3390/s21010010
work_keys_str_mv AT sahlmannkristina mupsimplifyingsecureovertheairupdatewithmqttforconstrainediotdevices
AT clemensvera mupsimplifyingsecureovertheairupdatewithmqttforconstrainediotdevices
AT nowakmichael mupsimplifyingsecureovertheairupdatewithmqttforconstrainediotdevices
AT schnorbettina mupsimplifyingsecureovertheairupdatewithmqttforconstrainediotdevices