Towards improving the Privacy in the MQTT Protocol
(From the article abstract)
The Internet of Things (IoT) is growing rapidly as more and more household appliances, sensors and actuators are connected to the internet and communicate with each other. Because these IoT devices usually have only limited processing and communication capabilities, an efﬁcient communication protocol is required to reduce the protocol overhead. The Message Queue Telemetry Transport (MQTT) protocol provides such properties. MQTT is a publish/subscribe protocol, where each client can subscribe to a message topic in order to receive all messages published under that topic. The payload of a message (i.e., the content) can be encrypted to hide private information. However, to forward messages, the topic of a message needs to be read by the broker and thus cannot be encrypted and might reveal private information. This paper presents methods to avoid this problem. It features and evaluates a one-time password approach to provide a fully obfuscated communication method for MQTT topics. Thereby, the user tracking and the generation of proﬁles is prevented.
This article is a contribution for the 2019 Global IoT Summit (GIoTS)