DLKS-MQTT: A Lightweight Key Sharing Protocol for Secure IoT Communications
Received: 12 January 2025 | Revised: 29 January 2025 and 9 February 2025 | Accepted: 10 February 2025 | Online: 3 April 2025
Corresponding author: Sharadadevi Kaganurmath
Abstract
The increasing reliance on Message Queuing Telemetry Transport (MQTT) as a lightweight messaging protocol for Internet of Things (IoT) applications requires robust security mechanisms that address resource constraints while ensuring data integrity, confidentiality, and authenticity. This paper proposes the Dynamic Lightweight Key Sharing for MQTT (DLKS-MQTT) mechanism, a novel approach that integrates ephemeral key generation, streamlined authentication, and lightweight cryptographic operations to enhance the security of MQTT-based IoT communications. The mechanism employs a 128-bit key generated using a Linear Congruential Generator (LCG), providing robust resistance to brute-force and cryptanalytic attacks while maintaining computational and energy efficiency. Through extensive performance evaluations, DLKS-MQTT demonstrates significant improvements: reducing CPU energy consumption to 0.000002 mJ, achieving an execution time of 0.40 s, and minimizing communication overhead to 60 bytes, outperforming existing methods such as Dynamic Lightweight Authentication for MQTT (DLA-MQTT), Improved Ciphertext Policy-Attribute-Based Encryption (ICP-ABE), and Secure MQTT (SMQTT). The use of ephemeral session keys and nonces ensures protection against replay and Man-in-the-Middle (MitM) attacks, whereas lightweight hashing guarantees message integrity without burdening resource-constrained devices. This work establishes DLKS-MQTT as a practical, scalable, and secure solution for modern IoT networks, offering a balance between performance and security.
Keywords:
Internet of Things (IoT), Message Queuing Telemetry Transport (MQTT), lightweight cryptography, resource-constrained devices, security, pseudo-random number generator, ephemeral key generationDownloads
References
M. Attaran, "The impact of 5G on the evolution of intelligent automation and industry digitization," Journal of Ambient Intelligence and Humanized Computing, vol. 14, no. 5, pp. 5977–5993, May 2023.
C. Patel and N. Doshi, "A Novel MQTT Security framework In Generic IoT Model," Procedia Computer Science, vol. 171, pp. 1399–1408, Jun. 2020.
W. Robert et al., "A Comprehensive Review on Cryptographic Techniques for Securing Internet of Medical Things: A State-of-the-Art, Applications, Security Attacks, Mitigation Measures, and Future Research Direction," Mesopotamian Journal of Artificial Intelligence in Healthcare, vol. 2024, pp. 135–169, Nov. 2024.
A. Banks and G. Rahul, "MQTT Version 3.1.1, " OASIS Standard. https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html.
P. P. Ray, "A survey on Internet of Things architectures," Journal of King Saud University - Computer and Information Sciences, vol. 30, no. 3, pp. 291–319, Jul. 2018.
T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann, and L. Uhsadel, "A Survey of Lightweight-Cryptography Implementations," IEEE Design & Test of Computers, vol. 24, no. 6, pp. 522–533, Nov. 2007.
J.-Y. Lee, W.-C. Lin, and Y.-H. Huang, "A lightweight authentication protocol for Internet of Things," in 2014 International Symposium on Next-Generation Electronics, Kwei-Shan, Tao-Yuan, Taiwan, 2014, pp. 1–2.
F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, "Internet of Things security: A survey," Journal of Network and Computer Applications, vol. 88, pp. 10–28, Jun. 2017.
S. Al Salami, J. Baek, K. Salah, and E. Damiani, "Lightweight Encryption for Smart Home," in 2016 11th International Conference on Availability, Reliability and Security, Salzburg, Austria, 2016, pp. 382–388.
B. B. Ehui, Y. Han, H. Guo, and J. Liu, "A Lightweight Mutual Authentication Protocol for IoT," Journal of Communications and Information Networks, vol. 7, no. 2, pp. 181–191, Jun. 2022.
P. Singh, B. Acharya, and R. K. Chaurasiya, "Lightweight cryptographic algorithms for resource-constrained IoT devices and sensor networks," in Security and Privacy Issues in IoT Devices and Sensor Networks, S. K. Sharma, B. Bhushan, and N. C. Debnath, Eds. Cambridge, MA, USA: Academic Press, 2021, ch. 8, pp. 153–185.
R. Pothumarti, K. Jain, and P. Krishnan, "A lightweight authentication scheme for 5G mobile communications: a dynamic key approach," Journal of Ambient Intelligence and Humanized Computing, Jan. 2021.
M. Abdelrazig Abubakar, Z. Jaroucheh, A. Al-Dubai, and X. Liu, "Blockchain-based identity and authentication scheme for MQTT protocol," in Proceedings of the 2021 3rd International Conference on Blockchain Technology, Shanghai, China, 2021, pp. 73–81.
M. A. Khan and K. Salah, "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395–411, May 2018.
S. Balbal and S. Bouamama, "Minimizing IoT Security Deployment Costs using the Dominating Set Approach," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 18324–18329, Dec. 2024.
B. Mopuru and Y. Pachipala, "Advancing IoT Security: Integrative Machine Learning Models for Enhanced Intrusion Detection in Wireless Sensor Networks," Engineering, Technology & Applied Science Research, vol. 14, no. 4, pp. 14840–14847, Aug. 2024.
M.-L. Messai, "AdaPtive and rObust Key pre-distribution for multi-phase IoT networks," International Journal of Communication Systems, vol. 37, no. 13, Sep. 2024, Art. no. e5824.
T. Noguchi, M. Nakagawa, M. Yoshida, and A. G. Ramonet, "A Secure Secret Key-Sharing System for Resource-Constrained IoT Devices using MQTT," in 2022 24th International Conference on Advanced Communication Technology, PyeongChang, Kwangwoon Do, Republic of Korea, 2022, pp. 147–153.
J. Furtak, "The Cryptographic Key Distribution System for IoT Systems in the MQTT Environment," Sensors, vol. 23, no. 11, Jun. 2023, Art. no. 5102.
M. Iqbal, A. M. Ari Laksmono, A. T. Prihatno, D. Pratama, B. Jeong, and H. Kim, "Enhancing IoT Security: Integrating MQTT with ARIA Cipher 256 Algorithm Cryptography and mbedTLS," in 2023 International Conference on Platform Technology and Service, Busan, Republic of Korea, 2023, pp. 91–96.
I. R. Alzahrani, "Semantic IoT Transformation: Elevating Wireless Networking Performance through Innovative Communication Paradigms," Engineering, Technology & Applied Science Research, vol. 14, no. 4, pp. 15717–15723, Aug. 2024.
A. H. A. Saq, A. Zainal, B. A. S. Al-Rimy, A. Alyami, and H. A. Abosaq, "Intrusion Detection in IoT using Gaussian Fuzzy Mutual Information-based Feature Selection," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 17564–17571, Dec. 2024.
Downloads
How to Cite
License
Copyright (c) 2025 Sharadadevi Kaganurmath, Nagaraj G. Cholli, M. R. Anala
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
