Department of Information Engineering, Infrastructure and Sustainable Energy (DIIES), Mediterranean University of Reggio Calabria, 89124 Reggio Calabria, Italy.
Sensors (Basel). 2020 Apr 3;20(7):2002. doi: 10.3390/s20072002.
The Internet of Things is constantly capturing interest from modern applications, changing our everyday life and empowering industrial applications. Interaction and the collaboration among smart devices offer new challenges to security since they conflict with economic and energy consumption requirement constraints. On the other hand, the lack of security measures could negatively impact the concrete adoption of this paradigm. This paper focuses on the Message Queuing Telemetry Transport (MQTT) protocol, widely adopted in the Internet of Things. This protocol does not implement natively secure authentication mechanisms, which are demanded to developers. Hence, this paper proposes a novel OTP (one-time password)-authentication schema for MQTT, which uses the Ethereum blockchain to implement a second-factor out-of-band channel. The proposal enables the authentication of both local and remote devices preserving user privacy and guaranteeing trust and accountability via Ethereum smart contracts.
物联网不断引起现代应用的兴趣,改变我们的日常生活并为工业应用提供支持。智能设备之间的交互和协作带来了新的安全挑战,因为它们与经济和能源消耗要求的限制相冲突。另一方面,缺乏安全措施可能会对这种范式的具体采用产生负面影响。本文侧重于消息队列遥测传输 (MQTT) 协议,该协议广泛应用于物联网。该协议本身不实现安全认证机制,这是开发人员所需要的。因此,本文提出了一种新的 MQTT 一次性密码 (OTP) 认证方案,该方案使用以太坊区块链实现带外的第二因素信道。该方案通过以太坊智能合约实现了本地和远程设备的认证,同时保护用户隐私,并保证信任和问责制。
