Akademik Veri Yönetim Sistemi
3rd International Conference on Computer Science and Engineering (UBMK), Sarajevo, Bosna-Hersek, 20 - 23 Eylül 2018, ss.145-150
Internet of things (IoT) allows devices especially with low process capability and power consumption, to transmit data to each other using various communication technologies such as wired, wireless network and radio frequency. It also makes easier to access these data from anywhere by storing them in the cloud or database. Nowadays, loT applications in diverse areas including sensitive personal information such as especially health, financial, industry have become widespread. When huge number of devices with limited resources are connected to loT application, provided security gains significant importance to ensure the integrity, confidentiality, accessibility of these data. In addition, the availability of a variety of specialized devices and communication technologies demonstrate the hassle of providing a standard security mechanism. When device features with their low process capability and power consumption are taken into account, message queue telemetry transport (MQTT) is the most appropriate lightweight communication protocol. In this study', the MQTT security is defined, and preliminary work related to MQTT on basic security issues such as privacy, authentication and access control is examined. This study is based on the previous work that is interested in open authorization (OAuth 2.0) protocol, which is recommended to gain authorization. In this study, in addition to the OAuth token, authentication is performed in two steps using a IIMAC-based one-time password (ITOTP) due to its short life span. Since MQTT protocol does not have bidirectional authentication other than using transport layer security (TLS), mutual authentication is provided by using one-time password (OTP) with hash chain. Advanced encryption standard (AES) is used for providing confidentiality to prevent against potential security vulnerabilities. Finally, security analysis has been discussed by giving an alternative solution by using these methods against selected attacks.