























, Society for Electronic Transactions and Security (SETS)(Under O/o PSA to GOI) Chennai
Shashi Kant Pandey, Society for Electronic Transactions and Security (SETS)(Under O/o PSA to GOI) Chennai
The Message Queuing Telemetry Transport (MQTT) protocol is highly preferable for Internet of Things (IoT) environments due to its lightweight architecture, but routing sensitive medical data through a central broker introduces severe privacy risks if the broker is untrusted or compromised. To address this, we propose secure MQTT, a high performance end to end encrypted (E2EE) protocol tailored for constrained devices that renders the broker completely blind to message payloads and incapable of man in the middle (MitM) attacks. Our design utilizes a nested AES-GCM encryption architecture that strictly separates link-level routing metadata from application layer confidentiality. To establish these secure channels efficiently, MQTT integrates MQTT v5.0 enhanced authentication key exchange mechanism via a challenge response embedding one time Broker Nonce into the Schnorr digital signatures version of HMQV key exchange protocol. This provide authenticated end to end session key derivation, that requires only a negligible computational increase over basic ECDH. The security of this proposed model has been rigorously proven using the ProVerif cryptographic verifier under the Dolev-Yao threat model, offering a highly secure, low overhead solution for modern IoT networks.
BibTeX
@misc{cryptoeprint:2026/1020,
author = {Varsha Jarali and Shashi Kant Pandey},
title = {On the Formal Verification of Authenticated Encryption of the {MQTT} Protocol},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/1020},
year = {2026},
url = {https://eprint.iacr.org/2026/1020}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。