Recent advances in hardware and software technologies have led to the design of many pervasively distributed IoT devices that can generate/consume data and manage multiple sensors and actuators, paving the way for new applications and services. However, these new features, at the same time, can easily become an enticing “grab point” for attackers, unlocking a newer and larger attack space and exposing things to greater vulnerability. In this perspective, the objective of this document is the improvement of the IoT publish/subscribe architecture and the MQTT protocol with more scalable and dynamic additional security mechanisms, which can provide end-to-end security while reducing overhead and traffic load on the broker. Building upon our prior published research, the proposal further extends and advances the concept of “security layers” between which devices with priority-aware topics can easily switch to reduce protocol overhead and increase flexibility. Each topic has associated security characteristics that clients negotiate with each other, thus saving the broker from managing any security primitives. The proposed security mechanism called Dynamic and Lightweight Security over Topics MQTT (DLST-MQTT), is compared with the standard MQTT and TLS-MQTT in terms of bandwidth consumed, CPU, and RAM usage. Additionally, security levels with relevant scores are defined, and two security update procedures taking advantage of topic priorities are designed and evaluated.

中文翻译：

---

DLST-MQTT：基于 MQTT 主题的动态和轻量级安全性


硬件和软件技术的最新进展导致了许多普遍分布式 IoT 设备的设计，这些设备可以生成/使用数据并管理多个传感器和执行器，为新的应用程序和服务铺平了道路。然而，与此同时，这些新功能很容易成为攻击者诱人的“抓取点”，解锁更新、更大的攻击空间，并使事物面临更大的漏洞。从这个角度来看，本文档的目标是改进 IoT 发布/订阅架构和 MQTT 协议，具有更具可扩展性和动态性的附加安全机制，可以提供端到端的安全性，同时减少代理的开销和流量负载。在我们之前发表的研究的基础上，该提案进一步扩展和推进了“安全层”的概念，具有优先级感知主题的设备可以在安全层之间轻松切换，以减少协议开销并提高灵活性。每个主题都有客户端相互协商的关联安全特征，从而使代理无需管理任何安全原语。将拟议的安全机制称为主题 MQTT 上的动态和轻量级安全 （DLST-MQTT），在带宽消耗、CPU 和 RAM 使用情况方面与标准 MQTT 和 TLS-MQTT 进行了比较。此外，还定义了具有相关分数的安全级别，并设计和评估了两个利用主题优先级的安全更新过程。