摘要
通过研究针对消息队列遥测传输(Message Queuing Telemetry Transport,MQTT)协议的安全加固方法,给出了一个MQTT协议的安全加固框架。首先,对MQTT协议面临的风险进行了分析,提炼了认证、鉴权、数据传输保护和代理的可信性这4个安全需求点;其次,描述了安全传输层(Transport Layer Security,TLS)协议、增强的口令认证密钥交换协议、主题加密、属性加密和代理重加密这5种方案的原理与应用;最后,给出了上述方案的直观实现代价和优缺点对比,并基于此给出了一个MQTT协议的安全加固框架。该研究除可应用于MQTT协议以及其他物联网协议的安全加固,对于云环境和区块链场景下的数据共享等,也具有一定的启发意义。
By studying security reinforcement methods for the MQTT(Message Queuing Telemetry Transport)protocol, a security reinforcement framework for it is given. First, the risks faced by the MQTT protocol are analyzed, and four security requirements, namely authentication, authorization, data transmission protection and proxy trustworthiness are extracted. Then, the principles and applications of five schemes are described,including TLS(Transport Layer Security) protocol, enhanced password authentication key exchange protocol,encryption based on topic, attribute-based encryption and proxy re-encryption. Finally, an intuitive implementation cost and comparison of the advantages and disadvantages of the above schemes are given,and based on this, a security reinforcement framework for the MQTT protocol is given. In addition to being applicable to the security reinforcement of the MQTT protocol and other IoT protocols, this research also has certain enlightening significance for data sharing in cloud environments and blockchain scenarios, etc.
作者
张诗怡
朱豪杰
黄明浩
慕瑞华
ZHANG Shiyi;ZHU Haojie;HUANG Minghao;MU Ruihua(Westone Information Industry Inc.,Chengdu Sichuan 610041,China)
出处
《通信技术》
2022年第12期1626-1635,共10页
Communications Technology
关键词
MQTT
认证密钥交换协议
属性加密
代理重加密
安全加固
MQTT
authenticated key exchange protocol
attribute-based encryption
proxy re-encryption
security reinforcement
