Enhancing MQTT-SN Security with a Lightweight PUF-Based Authentication and Encrypted Channel Establishment Scheme

• Published in: Symmetry (Basel) Vol. 16; no. 10; p. 1282
• Main Authors: Gong, Xiang, Kou, Ting, Li, Yan
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.10.2024
• Subjects: Algorithms; Authentication; Authentication protocols; Automation; Brokers; Cloning; Communication; Cybersecurity; Data encryption; Data integrity; Design; Encryption; Error correction & detection; Exchange schemes; IIoT; Industrial applications; Internet of Things; Interoperability; Investment analysis; Lightweight; lightweight safety; MQTT-SN protocol; Network security; Privacy; Protocol; PUF; Random numbers; Safety and security measures; Semiconductors; Software; Weight reduction
• ISSN: 2073-8994; 2073-8994
• DOI: 10.3390/sym16101282

The communication of Industrial Internet of Things (IIoT) devices faces important security and privacy challenges. With the rapid increase in the number of devices, it is difficult for traditional security mechanisms to balance performance and security. Although schemes based on encryption and authentication exist, there are still difficulties in achieving lightweight security. In this paper, an authentication and key exchange scheme combining hardware security features and modern encryption technology is proposed for the MQTT-SN protocol, which is not considered security. The scheme uses Physical Unclonable Functions (PUFs) to generate unpredictable responses, and combines random numbers, time stamps, and shared keys to achieve two-way authentication and secure communication between devices and broker, effectively preventing network threats such as replay and man-in-the-middle attacks. Through verification, the proposed scheme has proved effective in terms of security and robustness, has computational and communication cost advantages compared with recent schemes, and provides higher availability.