Security Analysis for MQTT in Internet of Things
Total Page:16
File Type:pdf, Size:1020Kb
DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2018 Security analysis for MQTT in Internet of Things DIEGO SALAS UGALDE KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Security analysis for MQTT in Internet of Things DIEGO SALAS UGALDE Master in Network Services and Systems Date: November 22, 2018 Supervisor: Johan Gustafsson (Zyax AB) Examiner: Panos Papadimitratos (KTH) Swedish title: Säkerhet analys för MQTT i IoT School of Electrical Engineering and Computer Science iii Abstract Internet of Things, i.e. IoT, has become a very trending topic in re- search and has been investigated in recent years. There can be several different scenarios and implementations where IoT is involved. Each of them has its requirements. In these type IoT networks new com- munication protocols which are meant to be lightweight are included such as MQTT. In this thesis there are two key aspects which are under study: secu- rity and achieving a lightweight communication. We want to propose a secure and lightweight solution in an IoT scenario using MQTT as the communication protocol. We perform different experiments with different implementations over MQTT which we evaluate, compare and analyze. The results obtained help to answer our research questions and show that the proposed solution fulfills the goals we proposed in the beginning of this work. iv Sammanfattning "Internet of Things", dvs IoT, har blivit ett mycket trenderande ämne inom forskning och har undersökts de senaste åren. Det kan finnas flera olika scenarier och implementeringar där IoT är involverad. Var och en av dem har sina krav. I dessa typer av IoT-nätverk ingår nya kommunikationsprotokoll som är lightweight, såsom MQTT. I detta arbete finns två viktiga aspekter som studeras: säkerhet och uppnå en lightweight kommunikation. Vi vill föreslå en säker och light weight lösning i ett IoT-scenario med MQTT som kommunikations- protokoll. Vi utför olika experiment med olika implementeringar över MQTT som vi utvärderar, jämför och analyserar. De erhållna resultaten bidrar till att svara på våra forskningsfrågor och visar att den föreslagna lösningen uppfyller de mål vi föreslog i början av detta arbete. Contents 1 Introduction 1 1.1 Context and motivation . .1 1.2 Problem Statement and Research Question . .2 1.3 Approach . .3 1.4 Main contributions . .4 1.5 Structure . .4 2 Background 6 2.1 MQTT . .6 2.1.1 The protocol . .6 2.1.2 MQTT broker . .8 2.1.3 Topics . .8 2.1.4 Quality of Service . .9 2.1.5 Session and Messages . 12 2.2 Security in MQTT . 14 2.2.1 Security breaches and attacks against MQTT . 14 2.2.2 Security possibilities in MQTT . 15 2.3 Cryptography . 17 2.3.1 Asymmetric key . 17 2.3.2 Symmetric key . 18 2.3.3 AES encryption modes . 19 2.3.4 TLS/SSL . 24 2.4 Related work . 25 2.5 Aim of the thesis . 28 3 Methodology 29 3.1 Research . 29 3.2 Action Research . 29 3.3 Data collection . 30 v vi CONTENTS 3.4 Data analysis . 30 4 Implementation 31 4.1 Hardware . 31 4.2 Software . 31 5 Solution Architecture 33 5.1 Design Overview . 33 6 Results 38 6.1 Bandwidth Overhead . 38 7 Evaluation 45 7.1 Research questions . 45 7.2 Limitations . 47 8 Conclusion and Future Work 48 8.1 Conclusion . 48 8.2 Future Work . 50 Bibliography 51 List of Figures 2.1 MQTT in the TCP/IP stack. Based on [5]. .7 2.2 Basic architecture of MQTT. Based on [5]. .7 2.3 Basic architecture of MQTT. Based on [7]. .8 2.4 QoS 0 of MQTT. Based on [8] . 10 2.5 QoS 1 of MQTT. Based on [8] . 11 2.6 QoS 2 of MQTT. Based on [8] . 11 2.7 MQTT packet format. Based on [9]. 12 2.8 MQTT connect message. Based on [9]. 13 2.9 MQTT Publish message. Based on [9]. 13 2.10 Comparison between ECC and RSA key sizes. Based on [12]. 18 2.11 AES-GCM encryption mode. Based on the one present in the work [16] . 22 2.12 Previous research work in MQTT and security . 27 5.1 Built Scenario . 34 6.1 Size in bytes of the MQTT connect packet . 39 6.2 Size of the packets experiments 2 and 3 . 40 6.3 MQTT publish packet in experiments 1 and 4 . 41 6.4 Bytes in the communication link for all the options studied 41 6.5 Bandwidth overhead with the different security alterna- tives . 42 6.6 MQTT overhead over the rest of the data in the MQTT publish . 43 6.7 MQTT protocol overhead MQTT publish . 44 6.8 MQTT protocol overhead MQTT publish . 44 vii Chapter 1 Introduction 1.1 Context and motivation The rapid research advancement in the field of networking has brought a new type of networks, the so-called Internet of Things namely IoT. This is a topic which is undoubtedly very trending in networking nowa- days and lots of research has been done [1]. IoT which is also called inter-machine communication over the internet or machine to machine communication , i.e. M2M, is a concept that implies the ability of phys- ical devices measuring and sensing data from the real world for then sending that data over the Internet. A couple of years ago, a new concept emerged taking two different networking technologies, namely, Cloud computing and Internet of Things. This is what we know as CloudIoT these days. Cloud comput- ing means that the group of networked elements providing services can be thought to be in a cloud and not in the end-users [2]. IoT typically involves the use of constrained devices which have not the same resources as the equipment in traditional networks. A huge variety of protocols have been implemented and are already standardized in the Internet of Things. Two examples of them are MQTT, i.e. Message Queuing Telemetry Transport and CoAP i.e. Con- 1 2 CHAPTER 1. INTRODUCTION strained Application Protocol. As it has been previously studied these IoT protocols are suitable depending the context and the specific re- quirements needed being each of them the best option depending on the scenario wanted [3]. These IoT protocols are meant to be lightweight since devices such as a watch or a sensor measuring temperature would not be able to handle heavy communications. In this thesis, we have chosen to use MQTT as the IoT communication protocol because of four main reasons: • It was designed specifically for constrained devices such as sen- sors • Its publish/subscribe pattern • It has extremely small overhead for message transmission • It provides Quality of Service, i.e. QoS MQTT operates on top of TCP and was not designed with security in mind but wanting to achieve a very simple and light protocol to mini- mize bandwidth and energy usage. Thus, security in MQTT is a major problem in terms of authentication, authorization, confidentiality and integrity. Regarding the lack of confidentiality present in MQTT we can say that packets in MQTT can be spied by an attacker because no encryption is applied. Thus a secure mechanism is needed over the transport protocol,such as TLS [4]. Some works have been done in this area and more research is ongoing to achieve a secure communication using TLS/SSL on top of MQTT or adding extra layers of security. 1.2 Problem Statement and Research Ques- tion This dissertation was carried out at Zyax AB, a startup company, in Stockholm. They expressed the need of a solution to provide a secure communication between a blasting sensor and the cloud. The research questions in this work are the following: CHAPTER 1. INTRODUCTION 3 • Are traditional security protocols a good alternative to use over the MQTT protocol to provide a secure communication between a sensor and the cloud? Why or why not? • Is payload encryption in MQTT enough to provide a secure com- munication between a blasting sensor and the cloud? 1.3 Approach Motivated by the above, the aim of this work is to provide a secure IoT system in which a constrained device sends data to a cloud using MQTT as the IoT protocol for communication. The main problem is that this has to be achieved in the most lightweight manner, i.e. a relatively small overhead. Thus, how the establishment of a secure IoT system between an IoT device and the cloud using MQTT as the IoT protocol is the main purpose of this work. Different alternatives in MQTT are evaluated to provide such a system. Thus a security framework for MQTT in IoT is explained in detailed in the following chapters. When we mention secure system we are referring to avoid different types of attacks to the MQTT broker as it is described in Chapter 2. The main goals of the thesis are detailed here: • Provide a secure system between the blasting sensor and the cloud using MQTT as the IoT protocol. • Low overhead in the communication, i.e. lightweight communi- cation, between the IoT device and the cloud. 4 CHAPTER 1. INTRODUCTION 1.4 Main contributions As mentioned above, in this work we propose a solution to provide a secure communication using MQTT protocol between a sensor and the cloud. In this work a secure architecture using MQTT as the IoT protocol with AES-GCM payload encryption has been provided. This solution has been compared along with other implementations over MQTT which will be further explained in chapter 4. With these different implemen- tations and experiments we have done a bandwidth overhead compar- ison and MQTT protocol overhead comparison.