| Abstract [eng] |
Internet of Things systems are composed of a wide range of devices, many of which operate with extremely limited computing resources. Due to these constraints, such devices often avoid using standard security protocols like TLS, as they are too resource intensive. This lack of security makes IoT environments attractive targets for malicious actors, increasing risks such as data leakage and unauthorized access to devices.The goal of this work is to improve the security of the MQTT protocol while considering the limitations of resource-constrained devices. The paper begins with an overview of commonly used communication protocols in IoT environments, examining their security features and identifying typical vulnerabilities. Various security mechanisms are compared, including experimental solutions proposed in recent academic research. A more in-depth analysis is conducted on the MQTT protocol – one of the most widely used in IoT and its latest version, MQTT 5.0, is chosen due to its support for AUTH control packets. The proposed solution introduces a multi-step authentication mechanism using one-time passwords generated with physical unclonable functions, which enhance secure information storage without the need for permanent secret storage on the device. Additionally, a lightweight AES-CBC encryption algorithm is integrated to ensure data confidentiality without overloading system resources. To evaluate the proposed solution, a prototype was developed using three virtual machines, each simulating a component of the system. The evaluation includes analysis of latency performance, memory usage, and network traffic consumption. The impact of parameters such as encryption algorithm and message size is assessed. Finally, the results are compared against a standard MQTT client, both with and without TLS, to evaluate how effectively the prototype meets the needs of low-resource IoT environments. |
