A Secure Secret Key-Sharing System for Resource-Constrained IoT Devices using MQTT

The MQTT (Message Queue Telemetry Transport) protocol has garnered significant attention as a communication protocol for a variety of IoT applications. Although it is a lightweight and energy-efficient communication protocol, it is not equipped with sufficient security mechanisms by default. Usually, secure socket layer/transport layer security (SSL/TLS) is used as a security mechanism in the MQTT protocol. However, it is not suitable for resource-constrained IoT devices because of the huge computational load involved in public key cryptography. In this paper, we propose a lightweight secure secret key-sharing system based on a secret-sharing scheme for resource-constrained IoT devices. The proposed system uses a (k, n)-threshold secret-sharing scheme to securely share a secret key for data encryption between the publisher and its subscriber hosts without compromising the lightweight nature of the MQTT protocol. A prototype of the proposed system is implemented using real IoT devices and its effectiveness and performance are evaluated. The experimental results demonstrate that the proposed system outperforms existing public key-based systems in terms of key-sharing delay.