• Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.

Export metadata

Additional Services

Share in Twitter Search Google Scholar Statistics
Author details:Kristina Sahlmann, Vera Clemens, Michael Nowak, Bettina SchnorGND
Parent title (German):Sensors
Subtitle (English):Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
Place of publication:Basel
Document type:Article
Date of first publication:2020/11/17
Year of completion:2020
Release date:2021/01/13
Tag:Internet of Things; MQTT; edge computing; firmware update; security
Page number:21
Funder:Universität Potsdam
Funding number:PA 2020_131
Organizational units:Mathematisch-Naturwissenschaftliche Fakultät / Institut für Informatik und Computational Science
DDC classification:6 Technik, Medizin, angewandte Wissenschaften / 62 Ingenieurwissenschaften / 620 Ingenieurwissenschaften und zugeordnete Tätigkeiten
Peer review:Referiert
Grantor:Publikationsfonds der Universität Potsdam
Publishing method:Open Access / Gold Open-Access
License (German):License LogoCreative Commons - Namensnennung, 4.0 International
External remark:Zweitveröffentlichung in der Schriftenreihe Postprints der Universität Potsdam : Mathematisch-Naturwissenschaftliche Reihe ; 1094