The publish and subscribe messaging model has proven itself as a dominant messaging paradigm for IoT systems. An example of such is the commonly used Message Queuing Telemetry Transport (MQTT) protocol. However, the security concerns with this protocol have presented vital security challenges in most IoT applications. For example, the MQTT protocol does not have secure authentication mechanisms implemented and leaves that task to the developer as all the included native security services are fragile. This paper will present a well-thought approach involving a lightweight authentication and authorization scheme together with a decentralized identity system to manage the users' identities. This mechanism helps in facilitating the authentication for both subscribers and publishers by utilizing a smart contract in Ethereum blockchain to guarantee trust, accountability and preserve user privacy. We provided a proof-of-concept implementation to prove our work, which involves a decentralized MQTT platform and dashboard using our approach. The usability of this approach was further analyzed, particularly concerning CPU and memory utilization. Our analysis proved that our approach satisfies IoT applications' requirements since it reduces the consumption of resources and that smart contracts help in the automation of data management processes.
Abdelrazig Abubakar, M., Jaroucheh, Z., Al-Dubai, A., & Liu, X. (2021). Blockchain-based identity and authentication scheme for MQTT protocol. In ICBCT '21: 2021 The 3rd International Conference on Blockchain Technology (73-81). https://doi.org/10.1145/3460537.3460549