Vol 11, Issue 4 ,April/ 2020

ISSN NO: 0377-9254

SECURE IOT DEVICES USING AES ENCRYPTION

K. Siva Kumar Swamy1,G.Sony2, Ch.Jagadeesh Ram3,B.Navven4,J.Harshitha5
1
Professor, Department of ECE, Bapatla Engineering College,[email protected]
2
Scholar, Department of ECE, Bapatla Engineering College,[email protected]
3
Scholar, Department of ECE, Bapatla Engineering College,[email protected]
4
Scholar, Department of ECE, Bapatla Engineering College,[email protected]
5
Scholar, Department of ECE, Bapatla Engineering College, harshithavardhan0001 @gmail.com

Abstract— The IOT is a system of connecting the protocols is MQTT (Message queue telemetry
devices to the internet .It interacts with the real transport protocol). This protocol is created by IBM
world with wide range of applications. But, IOT which uses publish and subscribe pattern. This
has a disadvantage that is it has no security .To protocol requires a very small bandwidth.
provide security for protecting information to
This work proposes a new approach for
be delivered and communication through the
secure communication which is based on MQTT
use of codes we use cryptography. In
protocol. By using standard techniques of
cryptography we are using AES algorithm, in
cryptography such as digital signature & payload
this message will be passed in turns of block
encryption to secure communications, in an IoT
ciphers. To connect IOT and cryptography we
network.
require MQTT (message queuing telemetry
transport) broker to publish and subscribe The properties for which the network will
system takes place, in which we can publish and be secured are confidentiality, integrity, and
receive message as a client. These encrypted authenticity. Confidentiality is the ability to restrict
message cannot be decoded until it has the attackers from identifying the initial plain text
decryption key, so the device can secure from message that has been transmitted by the sender.
attacks. Integrity is the ability to restrict an active attacker
from changing the message without the notice of
Keywords— IoT, MQTT Broker, AES the legitimate user. Authenticity is the assurance
Encryption and Decryption that a message, communication of the information
via source, it entitles from authenticity which
1. INTRODUCTION encompasses evidence of uniqueness.

The Internet of things (IoT) is the system MQTT[4] is used in IoT as a client-server
of interconnection of processing objects with the publish/subscribe messaging transport protocol
Internet network using existing technologies and MQTT is lightweight, simple, free and can be
communication protocols without requiring human implemented easily. MQTT is a binary protocol.
to human or human to computer interaction. The MQTT has a minimal packet overhead. One more
use of IoT is growing rapidly which raises many important thing is MQTT can be easily
new serious issues related to security. Many recent implemented on the client-side. This most useful
reports on cyber security have highlighted IoT suits for constrained devices like IoT which are
vulnerability and the risk with the deployment of having bounded resources.
intelligent networks. The objects connected to the
Cryptography is an important feature of
network can create a lot of attacks and thus can
computer security. It is dependent on the privacy of
present a danger for the integrity of data. To avoid
the secret or private key. The user accepts an easily
these possible attacks, security approaches must
remembered passcode that is used to encrypt the
take place to ensure a set of criteria, like resistance
cryptographic key and this key is then stored in a
to attack, data authenticity, user privacy, and access
database. The security of the cryptographic key is
control.
weak due to the practical problems of memorizing
As IoT is having a very limited capacity of pass codes. Since the pass code is not directly
memory, bandwidth, and energy a new type of matched to a user the system is unable to
protocols and ideas are developed to improve the differentiate between the legitimate user and the
quality of service for this type of network. One of attacker.

www.jespublication.com Page No:115

 Vol 11, Issue 4 ,April/ 2020
ISSN NO: 0377-9254

Advanced Encryption Standard a) IoT Devices

(AES)[1],[2] is the most famous and secure
We used ESP32 board [3] for this
symmetric system which is meant to replace DES
for commercial applications and it is a term for the implementation through the Arduino Idle, and also
generated using Python(3.7) Idle by adding some
encryption of data.
cryptographic libraries. This device sends the
AES is the first publicly available and information to MQTT broker through Wi-Fi which
open cipher established by the National Security was in build on chip.
Agency (NSA) for the top security information. In
Comparison to AES, DES is insecure due to the
small key. Sometimes the algorithm is called
Rijndael, which is combined by the names of the
two Belgian cryptographers, Joan Daemen and
Vincent Rijmen. The basic structure of AES is a
substitution-permutation network, which can work
fast on both software and hardware. The cipher
takes the plaintext block size of 128 bits. The key
sizes can be 128, 192 or256 bits. AES operates on a
4x4 square matrix of bytes. This block named into
the State array and the AES cipher consists of
several repetitions of transformation rounds, where
the number of rounds depends on the key length. Fig 1.Deployment Architecture
Using these algorithm we generate a b) MQTT Broker
encoded message while sending a message/data to
the receiver IoT device and decrypted the message Mosquitto is a lightweight, open-source usage of an
present in the receiver device and check with the MQTT broker[5] that is appropriate for use on a
device, if the message is received is correct then the wide range of devices. It requires almost no
message/data get executed in the device. By this arrangement, simply tuning in on port 1883 for any
method we can secure the IoT devices from MQTT parcels to be dealt with in like manner.
attacks[7]. Subjects don't have to be recently designed on the
broker to be distributed or bought in to. Or maybe,
2. Implemenatation: if the broker encounters a request for a formerly
In this work we taken ESP-32 board as unencountered theme, it will arrangement resources
IoT device and AES alogrtihm for encryption. for it and course any consequent messages for them
suitably.
2.1 Deployment Architecture:
The scheme outlined has been deployed as C) MQTT Bridge
a start to finish IoT bundle, encompassing every
The broker deployment, as seen in Fig.1,
single important segment to be effortlessly is implemented using a border router in the IoT
coordinated into an IoT-over-MQTT application device environment, forwarding MQTT packets to
.This scheme has been disconnected to library
Local Server(We can use the any cloud platform).
structure, to give secure transmission
An MQTT bridge is configured between the two
functionalities to the different application
brokers. This essentially allows one of the brokers
components. The vital MQTT setup has been
to act as a client to the other, publishing and
outlined and recognized, utilizing Eclipse
subscribing to all relevant topics. Some simple
Mosquitto as a message broker. The Key
configuration is done on one of the brokers’
Management Service (KMS) is deployed as a self-
mosquitto. conf files, identifying the address and
governing utility offering types of assistance to the
port of the remote broker, along with any topic
system components. A C library has been created specifications or remapping necessary. This
to give the capacities required for the asset essentially implements MQTT packet forwarding.
compelled IoT gadgets. At last, utilities have been
given, as Ardunio module, for asset unconstrained
components taking an interest in the IoT system.

www.jespublication.com Page No:116

 Vol 11, Issue 4 ,April/ 2020
ISSN NO: 0377-9254

2.2 Encryption and Decryption process request is sent to the encryption key request topic,
The sender message get encrypted using and the client waits for a response from the KMS.
AES algorithm (ESP32) .It was send through
MQTT broker and MQTT bridge to Receiver. The Response Received: The client should always
receiver has decrypted key, hence from the receive a response from the KMS, whether the
decryption code the message get decrypted. request is authorized or not. If no response is
received after a certain amount of time (network
The figure 2 depicts the steps undertaken dependent), the request times out and the client
when an application requires a new message to be sends another request. If the request has not been
published. Functionality is provided for the device approved, a response is received with an error code
to be both a publisher and subscriber to topics. For corresponding to the reason for denial.
the purpose of description, the encryption and
publishing process will be outlined for the IoT
device, and message receipt from subscription and
decryption process will be outlined for the
resource-unconstrained service. This is based
on the conventional perspective of IoT devices
such as sensors publishing information about their
environment which is then utilized by services to
make sense of the data provided. It is also noted
that systems operate bi-directionally, and services
can publish messages in order to actuate some
function on the IoT device.

Message to Send: The aim of most IoT systems is

for the application to lie in idle state until some
event (a timer, change in environment, received
message etc) triggers a response. The response
usually requires some form of communication.
When this arises, the application will call a
function from the library to send the message.

Check Key: The first step in the process is to

Fig.2: Encryption and decryption Process
verify whether the encryption key currently in use
for the topic is valid. The first check is on whether Decrypt AES-CCM: Upon receipt of the response
the key exists. When a device starts initially or for an approved request, the message must be
restarts, it will not have any keys stored in the key decrypted using the private key. This is achieved,
cache. If one does exist, the expiration time is as with all communications within the system, with
checked to make sure it has not expired yet. AES-CCM encryption. This process should reveal
Finally, it is checked to make sure the key itself is the response, containing the key itself, its ID and
valid, in that it is the correct length and format for time (milliseconds) until expiry.
the encryption algorithm.
Integrity Check: The first eight bytes of the
Request Encryption Key: In the case where one of decrypted message contains the MAC, which is
the key checks fails, a new encryption key must be used to make sure that the message is authentic and
requested from the KMS. The request is composed has not been tampered with in transmission. The
of the client's credentials, the topic, and the QoS plaintext message MAC is calculated and compared
level [8]. The same security header format is used, with the MAC received, and if they are equal then
except request that the key ID field is replaced by the message is accepted. If this check reveals that
the client ID. The other fields are encrypted with the message has been tampered with, a new key is
the private key and stored in the payload. This requested and the receiver (original) message is
destroyed.

www.jespublication.com Page No:117

 Vol 11, Issue 4 ,April/ 2020
ISSN NO: 0377-9254

3. RESULTS AND DISCUSSION right balance between the lightweight aspect and
the security aspect in which this solution
In this work, we have generated a chipper
guarantees data authenticity and confidentiality.
text by AES encryption using Ardunio[6] module
using ESP-32 Board and also decrypted by using 5. REFERENCES
AES algorithm.
[1] William Stallings “Cryptography and Network
This can be secure our data while there Security” Principles and Practice Seventh Edition
was cyber attacks. The output was shown in serial [2] “Advanced Encryption Standard”
monitor of ardunio module in fig.3 <:https://en.wikipedia.org/wiki/ Advanced
_Encryption_ Standard >
4. CONCLUSION [3] “Data sheet of ESP32”
In this work we generated encrypted <URL:https://www.espressif.com/sites/default/files
messages using cryptographic algorithms (AES, /documentation/esp32_ datasheet_en.pdf>
SHA-1) for different types of boards (ESP32, [4] “MQTT Protocol Tutorial: Technical
ESP8266, Raspberry pi). These codes can be linked description, MQTT security and
to the normal IoT device codes which provide a Mosquitto”<URL:https://www.survivingwithandroi
secure connection for both publisher and d.com/mqtt-protocol-tutorial/>
subscriber. [5]“Welcome to the home of
MQTT.fx”<URL:https://mqttfx.jensd.de/>
After having done work, we concluded [6] “Arduino IDE” URL:https:// en. wikipedia
that MQTT was the best option to have as the IoT .org/wiki/Arduino_ IDE/>
protocol. The other goal to keep the
[7] “5 Common Cyber Attacks in the IoT - Threat
Alert on a Grand Scale”
<URL:https://www.globalsign.com/en/blog/five-
common-cyber-attacks-in-the -iot>
[8] “MQTT Quality of Service”.
<URL:https://www.hivemq.com/blog/mqtt-
essentials-part-6-mqtt-qualityof-service-levels>

Fig.3 Output in Ardunio Module

Light weight communication which is achieved

with the MQTT protocol itself. The results show
that TLS although being a good security option
implies the exchange of much more bytes that in
the case when payload encryption is used.

In this work, AES encryption are proposed

to be a good solution. This is the case where the
number of bytes exchanged in the communication
link is more similar to the case where standard
MQTT, i.e. MQTT over TCP, is used.

We consider thus that the case where AES

is used as MQTT payload encryption find’s the

www.jespublication.com Page No:118