Abstract

Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is the MQTT protocol (ISO /IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, the IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation.