èŠ‚ç‚¹æ–‡çŒ®

ä¸€ç§æ¶ˆæ¯å˜å‚¨å¤„ç†å’Œå®‰å…¨è®¤è¯åˆ†ç¦»å¼MQTTåè®®æ”¹è¿›æ–¹æ¡ˆç ”ç©¶

Research on An Improved MQTT Protocol with Separate Message Storage Processing and Security Authentication

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ å¼ æ’ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŽå—ç†å·¥å¤§å¦ ï¼Œ è®¡ç®—æœºç§‘å¦ä¸ŽæŠ€æœ¯ï¼Œ 2020ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ MQTTé€šä¿¡åè®®å¹¿æ³›åº”ç”¨äºŽç‰©è”ç½‘ä¸,ä½†æ˜¯è¯¥åè®®å¹¶æœªé‡‡å–ä»»ä½•æŽªæ–½æ¥ä¿è¯æ•°æ®åœ¨ä¼ è¾“åŠå˜å‚¨å¤„ç†ä¸¤æ–¹é¢çš„å®‰å…¨æ€§,å˜åœ¨ç€å·¨å¤§çš„æ•°æ®å®‰å…¨é£Žé™©ã€‚è€Œéšç€ç”¨æˆ·é‡çš„ä¸æ–å¢žå¤§,è¿™ä¸ªå®‰å…¨é—®é¢˜äºŸå¾…è§£å†³ã€‚è¿‘å¹´æ¥å…³äºŽMQTTåè®®å®‰å…¨æ€§çš„ç ”ç©¶ä¸»è¦é’ˆå¯¹æ•°æ®ä¼ è¾“,ä½†æ•°æ®åœ¨ä»£ç†ç«¯çš„å˜å‚¨å¤„ç†ä¹ŸåŒæ ·å˜åœ¨æ•°æ®å®‰å…¨é—®é¢˜ã€‚ä¸ºäº†æ”¹è¿›è¿™ä¸¤ä¸ªæ–¹é¢ç‰¹åˆ«æ˜¯æ•°æ®åœ¨ä»£ç†ç«¯å˜å‚¨å¤„ç†æ—¶çš„å®‰å…¨é—®é¢˜,æœ¬æ–‡æå‡ºäº†ä¸€ç§æ¶ˆæ¯å˜å‚¨å¤„ç†å’Œå®‰å…¨è®¤è¯åˆ†ç¦»å¼æ”¹è¿›æ–¹æ¡ˆã€‚åœ¨æœ¬æ–¹æ¡ˆä¸æå‡ºäº†è¿‡ç¨‹å¯†é’¥å’Œç‹¬å å…¬ç§é’¥çš„æ¦‚å¿µ:é€šè¿‡è¿‡ç¨‹å¯†é’¥å¯ä»¥è§£å†³æ¶ˆæ¯åœ¨ä»£ç†ç«¯ä»¥æ˜Žæ–‡å½¢å¼è¿›è¡Œå˜å‚¨å¤„ç†æ—¶å˜åœ¨çš„å®‰å…¨é—®é¢˜åŠæ¶ˆæ¯æœ€ç»ˆçš„å¯è§£å¯†æ€§é—®é¢˜;é€šè¿‡ç‹¬å å…¬ç§é’¥å¯ä»¥è§£å†³å˜åœ¨å¤§é‡å®¢æˆ·ç«¯æ—¶çš„å¯†é’¥ç®¡æŽ§é—®é¢˜åŠå¯†é’¥çš„å®‰å…¨é—®é¢˜ã€‚åŸºäºŽè¿‡ç¨‹å¯†é’¥å’Œç‹¬å å…¬ç§é’¥,æœ¬æ–‡è®¾è®¡å®žçŽ°äº†ç›¸å…³çš„ç®—æ³•,ä¸»è¦åŒ…æ‹¬:1)ä¸€ç§åŸºäºŽæ··æ²Œç†è®ºçš„å¸Œå°”åŠ å¯†ç®—æ³•,è¯¥ç®—æ³•æ”¹è¿›äº†åŽŸå§‹å¸Œå°”åŠ å¯†å®¹æ˜“è¢«å·²çŸ¥æ˜Žæ–‡æ”»å‡»çš„é—®é¢˜,æé«˜äº†åŠ å¯†å¯†é’¥çŸ©é˜µçš„éšæœºæ€§,ä»Žè€Œä¿è¯äº†æ•°æ®åœ¨ä¼ è¾“æ–¹é¢çš„å®‰å…¨æ€§;2)ä¸€ç§åŸºäºŽå¸Œå°”åŠ å¯†çš„è¿‡ç¨‹å¯†é’¥ç”Ÿæˆç®—æ³•,è¯¥ç®—æ³•ç¡®ä¿äº†æ•°æ®ä»…åœ¨è®¢é˜…è€…å¤„æ‰å…·å¤‡å¯è§£å¯†æ€§,åœ¨ä»£ç†ç«¯ä¸å…·å¤‡å¯è§£å¯†æ€§,ä»Žè€Œä¿è¯äº†æ•°æ®åœ¨å˜å‚¨å¤„ç†æ–¹é¢çš„å®‰å…¨æ€§;3)ä¸€ç§åŸºäºŽæ¤åœ†æ›²çº¿åŠ å¯†çš„ç‹¬å å…¬ç§é’¥å¯¹ç”Ÿæˆç®—æ³•,è¯¥ç®—æ³•ä½¿å¾—å®¢æˆ·ç«¯å’Œè®¤è¯ä¸å¿ƒä¹‹é—´ç”Ÿæˆäº’ä¸ºå…¬ç§é’¥çš„å¯†é’¥å¯¹,è§£å†³äº†æ¶ˆæ¯å¯†é’¥çš„ç®¡æŽ§åŠå®‰å…¨é—®é¢˜ã€‚æœ€åŽ,æœ¬æ–‡åŸºäºŽæ‰€æå‡ºçš„æ”¹è¿›æ–¹æ¡ˆå®žçŽ°äº†ä¸€ä¸ªæ¶ˆæ¯å˜å‚¨å¤„ç†å’Œå®‰å…¨è®¤è¯åˆ†ç¦»å¼ç³»ç»Ÿ,å¹¶å¯¹è¯¥ç³»ç»Ÿè¿›è¡Œäº†åŠŸèƒ½å’Œæ€§èƒ½ä¸¤æ–¹é¢çš„æµ‹è¯•ã€‚åŠŸèƒ½æµ‹è¯•éƒ¨åˆ†éªŒè¯äº†è¯¥æ”¹è¿›æ–¹æ¡ˆèƒ½å¤Ÿä¿è¯æ•°æ®åœ¨ä¼ è¾“å’Œå˜å‚¨å¤„ç†ä¸¤æ–¹é¢çš„å®‰å…¨æ€§ã€‚æ€§èƒ½æµ‹è¯•ä¸»è¦å¯¹CPUåˆ©ç”¨çŽ‡ã€å†…å˜å ç”¨ã€è€—æ—¶è¿›è¡Œæ¯”è¾ƒã€‚ç»“æžœè¡¨æ˜Ž,åŸºäºŽè¯¥æ”¹è¿›æ–¹æ¡ˆçš„MQTTåè®®åœ¨æ•´ä½“æ€§èƒ½ä¸Šè¦ä¼˜äºŽé‡‡ç”¨SSL/TLSçš„æ–¹æ¡ˆçš„MQTTåè®®,è€Œç›¸å¯¹äºŽåŽŸå§‹çš„MQTTåè®®è€Œè¨€,åŸºäºŽè¯¥æ”¹è¿›æ–¹æ¡ˆçš„MQTTåè®®åœ¨æ€§èƒ½æŒ‡æ ‡ä¸Žæ•°æ®å®‰å…¨æ€§ä¸¤è€…é—´å–å¾—äº†è¾ƒå¥½çš„æŠ˜ä¸æ•ˆæžœã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ The MQTT communication protocol is widely used in the Internet of Things(IoT),but the protocol does not take any measures to ensure the security of data both in transmission and processing,and there are significant data security risks.As the number of users continues to grow,this security issue needs to be addressed.Recent research on the security of the MQTT protocol mainly focuses on the security of data transmission,but there are also data security issues associated with the storage and processing of data at the broker side.In order to address the both aspects of security simultaneously,this paper presents a proposal for a message storage processing and security authentication separated improvement scheme.In this scheme,the concepts of process key and exclusive public-private key are proposed: the process key can solve the security problem and the final decryptability of the message when the message is forwarded in explicit form on the broker side;the exclusive public-private key can solve the key control problem and the security problem of the key when there are a large number of clients.Based on the process key and exclusive public-private key,this paper designs and implements related algorithms,which mainly include: 1)a Hill cryptographic algorithm based on chaos theory,which improves the problem that the original Hill cryptography is vulnerable to known explicit attacks and greatly improves the randomness of the cryptographic key matrix,which ensures the security of the data in transmission;2)a process key generation algorithm based on Hill cryptography,which ensures that the data is decryptable only at the subscriber and not at the broker side,thus ensuring the security of the data when storage processing;3)an exclusive public-private key pair generation algorithm based on elliptic curve cryptography,which enables the generation of mutual public-private key pairs between the client and the verification center,solving the key control and security problems.Finally,this paper implements a message storage processing and security authentication split system based on the proposed schemes,and tests the system on both functionality and performance.Functional testing has partially validated this improvement to ensure the security of data during transmission and processing.The performance test mainly compares the three metrics of CPU utilization,memory usage,and time consumption.The results show that the MQTT protocol based on this improved solution has better overall performance than the SSL/TLS-based MQTT protocol,and compared to the original MQTT protocol,it achieves a good compromise between performance and security.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ MQTTï¼› ç‰©è”ç½‘å®‰å…¨ï¼› æ¤åœ†æ›²çº¿åŠ å¯†ï¼› å¸Œå°”åŠ å¯†ï¼› æ··æ²Œç†è®ºï¼›
ã€Key wordsã€‘ MQTTï¼› IoT Securityï¼› Elliptic Curves Cryptographyï¼› Hill Cipherï¼› Chaos Theoryï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŽå—ç†å·¥å¤§å¦

ã€åˆ†ç±»å·ã€‘TN918.91
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘131
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

ä¸€ç§æ¶ˆæ¯å­˜å‚¨å¤„ç†å’Œå®‰å…¨è®¤è¯åˆ†ç¦»å¼MQTTåè®®æ”¹è¿›æ–¹æ¡ˆç ”ç©¶

Research on An Improved MQTT Protocol with Separate Message Storage Processing and Security Authentication

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

ä¸€ç§æ¶ˆæ¯å˜å‚¨å¤„ç†å’Œå®‰å…¨è®¤è¯åˆ†ç¦»å¼MQTTåè®®æ”¹è¿›æ–¹æ¡ˆç ”ç©¶