Message queuing brokers are a fundamental building block of the Internet of
Things, commonly used to store and forward messages from publishing clients to
subscribing clients. Often a single trusted broker offers secured (e.g. TLS)
and unsecured connections but relays messages regardless of their inbound and
outbound protection. Such mixed mode is facilitated for the sake of efficiency
since TLS is quite a burden for MQTT implementations on class-0 IoT devices.
Such a broker thus transparently interconnects securely and insecurely
connected devices; we argue that such mixed mode operation can actually be a
significant security problem: Clients can only control the security level of
their own connection to the broker, but they cannot enforce any protection
towards other clients. We describe an enhancement of such a publish/subscribe
mechanism to allow for enforcing specified security levels of publishers or
subscribers by only forwarding messages via connections which satisfy the
desired security levels. For example, a client publishing a message over a
secured channel can instruct the broker to forward the message exclusively to
subscribers that are securely connected. We prototypically implemented our
solution for the MQTT protocol and provide detailed overhead measurements.

By admin