• Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.

Download full text files

  • pmnr1094.pdfeng


Export metadata

Additional Services

Share in Twitter Search Google Scholar Statistics
Author details:Kristina Sahlmann, Vera Clemens, Michael Nowak, Bettina SchnorGND
Parent title (German):Postprints der Universität Potsdam : Mathematisch-Naturwissenschaftliche Reihe
Subtitle (English):Simplifying Secure Over-The-Air Update with MQTT for Constrained IoT Devices
Publication series (Volume number):Postprints der Universität Potsdam : Mathematisch-Naturwissenschaftliche Reihe (1094)
Document type:Article
Date of first publication:2021/01/13
Year of completion:2020
Publishing institution:Universität Potsdam
Release date:2021/01/13
Tag:Internet of Things; MQTT; edge computing; firmware update; security
Page number:23
Source:Sensors 21 (2021) 1, 10 DOI: 10.3390/s21010010
Organizational units:Mathematisch-Naturwissenschaftliche Fakultät / Institut für Informatik und Computational Science
DDC classification:6 Technik, Medizin, angewandte Wissenschaften / 62 Ingenieurwissenschaften / 620 Ingenieurwissenschaften und zugeordnete Tätigkeiten
Peer review:Referiert
Publishing method:Open Access / Green Open-Access
License (German):License LogoCreative Commons - Namensnennung, 4.0 International
External remark:Bibliographieeintrag der Originalveröffentlichung/Quelle