Search Results (69)

MQTT is a publisher–broker–subscriber architecture in which a broker forwards the messages to interested subscribers, which facilitates the broker’s capacity to peek at the message contents; therefore, both academia and industry design and develop end-to-end (E2E) channels to protect the privacy against a curious broker which honestly follows the protocols but would peek at the contents for its benefits. However, we notice that the double-encryption issue of the conventional MQTT broker-based E2E models and the heavy broker-decrypt-re-encrypt overhead undermine MQTT efficiency strengths. In this study, we highlight the weaknesses, propose several solutions, implement the schemes, and experiment with them in the simulated scenarios. Security analysis and formal security proofs are verified to ensure the security goals. The analysis and the evaluations on the implementations confirm both the group key-based approach and the client–broker-channel, integrity-only approach could improve the efficiency performance while preserving security strengths. Full article

To support NASA’s mission to use nuclear thermal rockets for future Mars missions, an instrumentation and control test bed has been built at Oak Ridge National Laboratory. The system is designed as a hardware-in-the-loop test bed for testing control elements and autonomous control algorithms for nuclear thermal propulsion rockets. The mock reactor system consists of a modular and scalable framework, using inexpensive components and open-source software. The hardware system consists of a two-phase flow loop and a mock reactor with six control drums. A single-board computer (NVIDIA Jetson) handles reactor core emulation and hosts a message queuing telemetry transport broker that allows user-deployed control algorithms to interact with the system hardware. The reactor emulator receives sensor data from the hardware and provides the simulated performance of the reactor under steady-state, transient, and fault conditions. The emulator uses a reactivity lookup table and the point kinetics equations to solve for the reactor dynamics in real time. Emulated reactor dynamics and sensor input inform the autonomous control algorithm’s decision-making in a closed-loop manner. The current system is capable of operating at 10 Hz, but faster cycle rates are an area of ongoing research. This test bed will enable NASA and other space vendors to rigorously test their autonomous control systems for NTP rockets under transient (reactor startup and shutdown), steady-state, and fault conditions to reduce development time and risk for autonomous control systems in future missions. Full article

The rapid growth of Internet of Things (IoT) deployment has led to an unprecedented volume of interconnected, resource-constrained devices. Securing their communication is essential, especially in vehicular environments, where sensitive data exchange requires robust authentication, integrity, and confidentiality guarantees. In this paper, we present an empirical evaluation of TLS (Transport Layer Security)-enhanced MQTT (Message Queuing Telemetry Transport) on low-cost, quad-core Cortex-A72 ARMv8 boards, specifically the Raspberry Pi 4B, commonly used as prototyping platforms for On-Board Units (OBUs) and Road-Side Units (RSUs). Three MQTT entities, namely, the broker, the publisher, and the subscriber, are deployed, utilizing Elliptic Curve Cryptography (ECC) for key exchange and authentication and employing the AES_256_GCM and ChaCha20_Poly1305 ciphers for confidentiality via appropriately selected libraries. We quantify resource consumption in terms of CPU utilization, execution time, energy usage, memory footprint, and goodput across TLS phases, cipher suites, message packaging strategies, and both Ethernet and WiFi interfaces. Our results show that (i) TLS 1.3-enhanced MQTT is feasible on Raspberry Pi 4B devices, though it introduces non-negligible resource overheads; (ii) batching messages into fewer, larger packets reduces transmission cost and latency; and (iii) ChaCha20_Poly1305 outperforms AES_256_GCM, particularly in wireless scenarios, making it the preferred choice for resource- and latency-sensitive V2X applications. These findings provide actionable recommendations for deploying secure MQTT communication on an IoT platform. Full article

Internet of Things (IoT) technology in healthcare has enabled innovative services that enhance patient monitoring, diagnostics and medical data management. However, securing sensitive health data while maintaining system efficiency of resource-constrained IoT devices remains a critical challenge. This work presents a comprehensive end-to-end IoT security framework for healthcare environments, addressing encryption at two key levels: lightweight encryption at the edge for resource-constrained devices and robust end-to-end encryption when transmitting data to the cloud via MQTT cloud brokers. The proposed system leverages multi-broker MQTT architecture to optimize resource utilization and enhance message reliability. At the edge, lightweight cryptographic techniques ensure low-latency encryption before transmitting data via a secure MQTT broker hosted within the hospital infrastructure. To safeguard data as it moves beyond the hospital to the cloud, stronger end-to-end encryption are applied to ensure end-to-end security, such as AES-256 and TLS 1.3, to ensure confidentiality and resilience over untrusted networks. A proof-of-concept Python 3.10 -based MQTT implementation is developed using open-source technologies. Security and performance evaluations demonstrate the feasibility of the multi-layer encryption approach, effectively balancing computational overhead with data protection. Security and performance evaluations demonstrate that our novel HECS4MQTT (Health Edge Cloud Security for MQTT) framework achieves a unique balance between efficiency and security. Unlike existing solutions that either impose high computational overhead at the edge or rely solely on transport-layer protection, HECS4MQTT introduces a layered encryption strategy that decouples edge and cloud security requirements. This design minimizes processing delays on constrained devices while maintaining strong cryptographic protection when data crosses trust boundaries. The framework also introduces a lightweight bridge component for re-encryption and integrity enforcement, thereby reducing broker compromise risk and supporting compliance with healthcare security regulations. Our HECS4MQTT framework offers a scalable, adaptable, and trust-separated security model, ensuring enhanced confidentiality, integrity, and availability of healthcare data while remaining suitable for deployment in real-world, latency-sensitive, and resource-limited medical environments. Full article

The Message Queuing Telemetry Transport (MQTT) protocol remains a key enabler for lightweight and low-latency messaging in Internet of Things (IoT) applications. However, traditional broker implementations often struggle with the demands of large-scale point-to-point (P2P) communication. This paper presents a performance and architectural evaluation of TBMQ, an open source MQTT broker designed to support reliable P2P messaging at scale. The broker employs Redis Cluster for session persistence and Apache Kafka for message routing. Additional optimizations include asynchronous Redis access via Lettuce and Lua-based atomic operations. Stepwise load testing was performed using Kubernetes-based deployments on Amazon EKS, progressively increasing message rates to 1 million messages per second (msg/s). The results demonstrate that TBMQ achieves linear scalability and stable latency as the load increases. It reaches an average throughput of 8900 msg/s per CPU core, while maintaining end-to-end delivery latency within two-digit millisecond bounds. These findings confirm that TBMQ’s architecture provides an effective foundation for reliable, high-throughput messaging in distributed IoT systems. Full article

This paper addresses the challenges of multicasting in Mobile Ad Hoc Networks (MANETs), where communication relies exclusively on direct interactions between mobile nodes without the support of fixed infrastructure. In such networks, efficient information dissemination is critical, particularly in scenarios where an event detected by one node must be reliably communicated to a designated subset of nodes. The highly dynamic nature of MANET, characterized by frequent topology changes and unpredictable connectivity, poses significant challenges to stable and efficient multicasting. To address these issues, we adopt a Publish/Subscribe (Pub/Sub) model that utilizes brokers as intermediaries for information dissemination. However, ensuring the robustness of broker-based multicasting in a highly mobile environment requires novel strategies to mitigate the effects of frequent disconnections and mobility-induced disruptions. To this end, we propose a framework based on three key principles: (1) leveraging the Disruption-Tolerant Networking Implementations of the Bundle Protocol 7 (DTN7) at the network layer to sustain message delivery even in the presence of intermittent connectivity and high node mobility; (2) dynamically generating broker replicas to ensure that broker functionality persists despite sudden node failures or disconnections; and (3) enabling brokers and their replicas to periodically broadcast advertisement packets to maintain communication paths and facilitate efficient data forwarding, drawing inspiration from Named Data Networking (NDN) techniques. To evaluate the effectiveness of our approach, we conduct extensive simulations using ns-3, examining its impact on message delivery reliability, latency, and overall network throughput. The results demonstrate that our method significantly reduces message delivery delays while improving delivery rates, particularly in high-mobility scenarios. Additionally, the integration of DTN7 at the bundle layer proves effective in mitigating performance degradation in environments where nodes frequently change their positions. Our findings highlight the potential of our approach in enhancing the resilience and efficiency of broker-assisted multicasting in MANET, making it a promising solution for real-world applications such as disaster response, military operations, and decentralized IoT networks. Full article

The rapid proliferation of Internet of Things (IoT) devices across industries has created a need for robust, scalable, and real-time data processing architectures capable of supporting intelligent analytics and predictive maintenance. This paper presents a novel comprehensive architecture that enables end-to-end processing of IoT data streams, from acquisition to actionable insights. The system integrates Kafka-based message brokering for the high-throughput ingestion of real-time sensor data, with Apache Spark facilitating batch and stream extraction, transformation, and loading (ETL) processes. A modular machine-learning pipeline handles automated data preprocessing, training, and evaluation across various models. The architecture incorporates continuous monitoring and optimization components to track system performance and model accuracy, feeding insights to users via a dedicated Application Programming Interface (API). The design ensures scalability, flexibility, and real-time responsiveness, making it well suited for industrial IoT applications requiring continuous monitoring and intelligent decision-making. Full article

Global Navigation Satellite Systems (GNSSs) are the primary source of information for Positioning, Navigation, and Timing (PNT) in the maritime sector; however, they are vulnerable to unintentional or deliberate interference, such as jamming, spoofing, or meaconing. The continuous monitoring of GNSS signals is crucial for vessels and mobile maritime platforms to ensure the integrity, availability, and accuracy of positioning and navigation services. This monitoring is essential for guaranteeing the safety and security of navigation and contributes to the accurate positioning of vessels and platforms involved in hydrographic and oceanographic research. This paper presents the implementation of a complex system for monitoring the quality of signals within the GNSS spectrum at the Maritime Hydrographic Directorate (MHD). The system provides real-time analysis of signal parameters from various GNSSs, enabling alerts in critical situations and generating statistics and reports. It comprises four permanent stations equipped with state-of-the-art GNSS receivers, which integrate a spectrum analyzer and store raw data for post-processing. The system also includes software for monitoring the GNSS spectrum, detecting interference events, and visualizing signal quality data. Implemented using a Docker-based platform to enable efficient management and distribution, the software architecture consists of a reverse proxy, message broker, front-end, authorization service, GNSS orchestrator, and GNSS monitoring module. This system enhances the quality of command, control, communications, and intelligence decisions for planning and execution. It has demonstrated a high success rate in detecting and localizing jamming and spoofing events, thereby improving maritime situational awareness and navigational safety. Future development could involve installing dedicated stations to locate interference sources. Full article

This paper explores the application of the ESP32 microcontroller in edge computing, focusing on the design and implementation of an edge server system to evaluate performance improvements achieved by integrating edge and cloud computing. Responding to the growing need to reduce cloud burdens and latency, this research develops an edge server, detailing the ESP32 hardware architecture, software environment, communication protocols, and server framework. A complementary cloud server software framework is also designed to support edge processing. A deep learning model for object recognition is selected, trained, and deployed on the edge server. Performance evaluation metrics, classification time, MQTT (Message Queuing Telemetry Transport) transmission time, and data from various MQTT brokers are used to assess system performance, with particular attention to the impact of image size adjustments. Experimental results demonstrate that the edge server significantly reduces bandwidth usage and latency, effectively alleviating the load on the cloud server. This study discusses the system’s strengths and limitations, interprets experimental findings, and suggests potential improvements and future applications. By integrating AI and IoT, the edge server design and object recognition system demonstrates the benefits of localized edge processing in enhancing efficiency and reducing cloud dependency. Full article

The Military Internet of Things (MIoT) has emerged as a new research area in military intelligence. The MIoT frequently has to constitute a federation-capable IoT environment when the military needs to interact with other institutions and organizations or carry out joint missions as part of a coalition such as in NATO. One of the main challenges of deploying the MIoT in such an environment is to acquire, analyze, and merge vast amounts of data from many different IoT devices and disseminate them in a secure, reliable, and context-dependent manner. This challenge is one of the main challenges in a federated environment and forms the basis for establishing trusting relationships and secure communication between IoT devices belonging to different partners. In this work, we focus on the problem of fulfillment of the data-centric security paradigm, i.e., ensuring the secure management of data along the path from its origin to the recipients and implementing fine-grained access control mechanisms. This problem can be solved using innovative solutions such as applying attribute-based encryption (ABE). In this work, we present a comprehensive solution for secure data dissemination in a federated MIoT environment, enabling the use of distributed registry technology (Hyperledger Fabric), a message broker (Apache Kafka), and data processing microservices implemented using the Kafka Streams API library. We designed and implemented ABE cryptography data access control methods using a combination of pairings-based elliptic curve cryptography and lightweight cryptography and confirmed their suitability for the federations of military networks. Experimental studies indicate that the proposed cryptographic scheme is viable for the number of attributes typically assumed to be used in battlefield networks, offering a good trade-off between security and performance for modern cryptographic applications. Full article

Messaging protocols for the Internet of Things (IoT) play a crucial role in facilitating efficient product creation and waste reduction, and in enhancing agricultural process efficiency within the realm of smart greenhouses. Publish–subscribe (pub-sub) systems improve communication between IoT devices and cloud platforms. Nevertheless, IoT technology is required to effectively handle a considerable volume of subscriptions or topic adjustments from several clients concurrently. In addition, subscription throughput is an essential factor of the pub-sub mechanism, as it directly influences the speed at which messages may be sent to subscribers. The primary focus of this paper pertains to a performance assessment of the proposed message categorization architecture for the Message Queue Telemetry Transport (MQTT) broker. This architecture aims to establish a standardized approach to pub-sub topics and generate new topics with various performance characteristics. We also standardize the form of MQTT protocol broker topic categorization and payload based on greenhouse specifications. The establishment of topic classification enhances the operational effectiveness of the broker, reduces data volume, and concurrently augments the number of messages and events transmitted from the greenhouse environment to the central server on a per-second basis. Our proposed architecture is validated across multiple MQTT brokers, including Mosquitto, ActiveMQ, Bevywise, and EMQ X, showing enhanced flexibility, extensibility, and simplicity while maintaining full compatibility with greenhouse environments. Key findings demonstrate significant improvements in performance metrics. The message processing time for the proposed Active MQ broker was increased approximately five-fold across all QoS levels compared to the original. Subscription throughput for the Bevywise MQTT Route 2.0 broker at QoS0 reached 1453.053, compared to 290.610 for the original broker. The number of messages in the Active MQ broker at QoS0 surged from 394.79 to 1973.95. These improvements demonstrate the architecture’s potential for broader IoT applications in pub-sub systems. Full article

Ensuring accountability and integrity in MQTT communications is important for enabling several IoT applications. This paper presents a novel approach that combines blockchain technology and the interplanetary file system (IPFS) to achieve non-repudiation and data integrity in the MQTT protocol. Our solution operates in discrete temporal rounds, during which the broker constructs a Merkle hash tree (MHT) from the messages received. Then the broker publishes the root on the blockchain and the MHT itself on IPFS. This mechanism guarantees that both publishers and subscribers can verify the integrity of the message exchanged. Furthermore, the interactions with the blockchain made by the publishers and the broker ensure they cannot deny having sent the exchanged messages. We provide a detailed security analysis, showing that under standard assumptions, the proposed solution achieves both data integrity and accountability. Additionally, we provided an experimental campaign to study the scalability and the throughput of the system. Our results show that our solution scales well with the number of clients. Furthermore, from our results, it emerges that the throughput reduction depends on the integrity check operations. However, since the frequency of these checks can be freely chosen, we can set it so that the throughput reduction is negligible. Finally, we provided a detailed analysis of the costs of our solution showing that, overall, the execution costs are relatively low, especially given the critical security and accountability benefits it guarantees. Furthermore, our analysis shows that the higher the number of subscribers in the system, the lower the costs per client in our solution. Again, this confirms that our solution does not present any scalability issues. Full article

This paper works on detecting a person in bed for sleep routine and sleep pattern monitoring based on the Micro-Electro-Mechanical Systems (MEMS) accelerometer and Internet of Things (IoT) embedded system board. This work provides sleep information, patient assessment, and elderly care for patients who live alone via tele-distance to doctors or family members. About 216,000 pieces of acceleration data were collected, including three classes: no person in bed, a static laying position, and a moving state for Artificial Intelligence (AI) application. Six well-known Machine-Learning (ML) algorithms were evaluated with precision, recall, F1-score, and accuracy in the workstation before implementing in the STM32-microcontroller for real-time state classification. The four best algorithms were selected to be programmed into the IoT board and applied for real-time testing. The results demonstrate the high accuracy of the ML performance, more than 99%, and the Classification and Regression Tree algorithm is among the best models with a light code size of 1583 bytes. The smart bed information is sent to the IoT dashboard of Node-RED via a Message Queuing Telemetry broker (MQTT). Full article

To overcome the issues of the existing properties and the non-configurable supervisory control and data acquisition (SCADA) architecture, this paper proposes an IoT-centered open-source SCADA system for monitoring photovoltaic (PV) systems. The system consists of three voltage sensors and three current sensors for data accumulation from the PV panel, the battery, and the load. As a part of the system design, a relay is used that controls the load remotely. An ESP32-E microcontroller transmits the collected data to a Banana Pi M4 Berry (BPI-M4 Berry) through the Message Queuing Telemetry Transport (MQTT) protocol over a privately established communication channel using Wi-Fi. The ESP32-E is configured as the MQTT publisher and the BPI-M4 Berry serves as the MQTT broker. Locally installed on the BPI-M4 Berry, the Node-RED platform creates highly customizable dashboards as human–machine interfaces (HMIs) to achieve real-time monitoring of the PV system. The proposed system was successfully tested to collect the PV system voltage/current/power data and to control the load in a supervisory way under a laboratory setup. The complete SCADA architecture details and test results for the PV system data during the total eclipse on 8 April 2024 and another day are presented in this paper. Full article

The widespread adoption of Internet of Things (IoT) devices in home, industrial, and business environments has made available the deployment of innovative distributed measurement systems (DMS). This paper takes into account constrained hardware and a security-oriented virtual local area network (VLAN) approach that utilizes local message queuing telemetry transport (MQTT) brokers, transport layer security (TLS) tunnels for local sensor data, and secure socket layer (SSL) tunnels to transmit TLS-encrypted data to a cloud-based central broker. On the other hand, the recent literature has shown a correlated exponential increase in cyber attacks, mainly devoted to destroying critical infrastructure and creating hazards or retrieving sensitive data about individuals, industrial or business companies, and many other entities. Much progress has been made to develop security protocols and guarantee quality of service (QoS), but they are prone to reducing the network throughput. From a measurement science perspective, lower throughput can lead to a reduced frequency with which the phenomena can be observed, generating, again, misevaluation. This paper does not give a new approach to protect measurement data but tests the network performance of the typically used ones that can run on constrained hardware. This is a more general scenario typical for IoT-based DMS. The proposal takes into account a security-oriented VLAN approach for hardware-constrained solutions. Since it is a worst-case scenario, this permits the generalization of the achieved results. In particular, in the paper, all OpenSSL cipher suites are considered for compatibility with the Mosquitto server. The most used key metrics are evaluated for each cipher suite and QoS level, such as the total ratio, total runtime, average runtime, message time, average bandwidth, and total bandwidth. Numerical and experimental results confirm the proposal’s effectiveness in foreseeing the minimum network throughput concerning the selected QoS and security. Operating systems yield diverse performance metric values based on various configurations. The primary objective is identifying algorithms to ensure suitable data transmission and encryption ratios. Another aim is to explore algorithms that ensure wider compatibility with existing infrastructures supporting MQTT technology, facilitating secure connections for geographically dispersed DMS IoT networks, particularly in challenging environments like suburban or rural areas. Additionally, leveraging open firmware on constrained devices compatible with various MQTT protocols enables the customization of the software components, a crucial necessity for DMS. Full article