CN117692446A

CN117692446A - Lightweight MQTT encryption communication method and system

Info

Publication number: CN117692446A
Application number: CN202311493048.6A
Authority: CN
Inventors: 赵泽钧; 袁苇; 张宏辉
Original assignee: Fujian Newland Communication Science Technologies Co ltd
Current assignee: Fujian Newland Communication Science Technologies Co ltd
Priority date: 2023-11-10
Filing date: 2023-11-10
Publication date: 2024-03-12

Abstract

The invention provides a lightweight MQTT encryption communication method and a system in the technical field of the Internet of things, wherein the method comprises the following steps: step S10, after the Internet of things devices are started, registering to an MQTT server, registering to the MQTT server by a Web server, and connecting to the Web server by a Web client; s20, each piece of Internet of things equipment encrypts the state data into a message through an ECC algorithm, and the message is issued to an MQTT server; step S30, the Web server sends a message subscription request or an action command request sent by the Web client to the MQTT server; step S40, when the MQTT server receives a message subscription request, the corresponding message is sent to the Web server; when the MQTT server receives the action command request, controlling the Internet of things equipment to execute the action corresponding to the action command request, and sending the message generated by execution to the Web server; and step S50, the Web server sends the message to the Web client. The invention has the advantages that: on the premise of guaranteeing communication safety, communication overhead is greatly reduced.

Description

Lightweight MQTT encryption communication method and system

Technical Field

The invention relates to the technical field of the Internet of things, in particular to a lightweight MQTT encryption communication method and system.

Background

The internet of things is changing the automation and communication modes at a remarkable speed, and the systems in which the internet of things devices operate need to be as lightweight as possible in order to ensure optimization in terms of energy, performance and quality. While lightweight systems have advantages in terms of power consumption and computing resource performance, there are also different levels of security issues, and therefore encryption of communication data is required.

The MQTT protocol is a subscription/publication mode communication protocol because of its lightweight nature that is widely used in embedded devices. Common MQTT protocol encryption communication relies on the RSA algorithm, but the RSA algorithm requires a certain key length and higher computing performance, and for resource-constrained internet of things devices, it is involved in long-time operation and consumes possibly limited electric energy and computing resources.

Therefore, how to provide a lightweight MQTT encryption communication method and system, so as to reduce communication overhead on the premise of ensuring communication safety, is a technical problem to be solved urgently.

Disclosure of Invention

The invention aims to solve the technical problem of providing a lightweight MQTT encryption communication method and a system, which can reduce communication overhead on the premise of ensuring communication safety.

In a first aspect, the present invention provides a lightweight MQTT encryption communication method, including the steps of:

step S10, after the Internet of things devices are started, registering to an MQTT server, registering the Web server to the MQTT server, and connecting the Web client to the Web server after authentication;

step S20, each piece of internet of things equipment encrypts state data in the running process into a message through an ECC algorithm, and the message is issued to an MQTT server;

step S30, the Web server sends a message subscription request or an action command request sent by the Web client to the MQTT server;

step S40, when the MQTT server receives the message subscription request, the corresponding message is sent to the Web server; when the MQTT server receives the action command request, controlling the Internet of things equipment to execute the action corresponding to the action command request, and sending the message generated by execution to a Web server;

and step S50, the Web server receives and stores the message sent by the MQTT server and sends the message to the Web client.

Further, the step S20 specifically includes:

each internet of things device periodically encrypts state data in the running process into a message through an ECC algorithm, and after setting the theme of the message, the message is issued to an MQTT server.

Further, the step S30 specifically includes:

when receiving a message subscription request encrypted by an ECC algorithm sent by a Web client, a Web server sends the message subscription request to an MQTT server in real time;

when a Web server receives an action command request encrypted by an ECC algorithm and sent by a Web client, the action command request is stored in a database, an action mark of the action command request is set to be 1, and the action command request is sent to an MQTT server.

Further, the step S40 specifically includes:

when the MQTT server receives the message subscription request, decrypting the message subscription request through an ECC algorithm, and transmitting a message corresponding to topic matching carried by the message subscription request to a Web server;

when the MQTT server receives the action command request, forwarding the action command request to the Internet of things equipment; the internet of things equipment decrypts the action command request through an ECC algorithm, executes actions carried by the action command request, encrypts state data in the action process into a message, and issues the message to an MQTT server after setting the subject of the message; and the MQTT server sends the message generated by execution to the Web server.

Further, the step S50 specifically includes:

the Web server receives the message sent by the MQTT server and stores the message into a database; when receiving the message corresponding to the action command request, updating the action mark of the database to 0;

and sending the message to a Web client, and decrypting and displaying the received message by the Web client through an ECC algorithm.

In a second aspect, the present invention provides a lightweight MQTT encryption communication system, comprising:

the server registration connection module is used for registering the MQTT server after the Internet of things equipment is started, the Web server is registered to the MQTT server, and the Web client is connected to the Web server after identity verification;

the information release module is used for encrypting the state data in the running process into information through an ECC algorithm by each Internet of things device and releasing the information to the MQTT server;

the request sending module is used for sending a message subscription request or an action command request sent by the Web client to the MQTT server by the Web server;

the message sending module is used for sending the corresponding message to the Web server when the MQTT server receives the message subscription request; when the MQTT server receives the action command request, controlling the Internet of things equipment to execute the action corresponding to the action command request, and sending the message generated by execution to a Web server;

and the message storage and forwarding module is used for receiving and storing the message sent by the MQTT server by the Web server and sending the message to the Web client.

Further, the message publishing module is specifically configured to:

Further, the request sending module is specifically configured to:

Further, the message sending module is specifically configured to:

Further, the message store-and-forward module is specifically configured to:

The invention has the advantages that:

the method comprises the steps that after being started, all the Internet of things devices are registered to an MQTT server, a Web server is registered to the MQTT server, and a Web client is connected to the Web server after identity verification; encrypting the state data in the running process into a message by each piece of internet of things equipment through an ECC algorithm and issuing the message to an MQTT server; the Web server sends a message subscription request or an action command request sent by the Web client to the MQTT server; when the MQTT server receives the message subscription request, the message corresponding to the theme is sent to the Web server; when the MQTT server receives the action command request, controlling the Internet of things equipment to execute corresponding actions, and sending the information generated by execution to the Web server; finally, the Web server receives and stores the message sent by the MQTT server, sends the message to the Web client, and the Web client decrypts the received message through an ECC algorithm and displays the message; the method is characterized in that the information or the request transmitted among the Internet of things equipment, the MQTT server, the Web server and the Web client are encrypted and decrypted through an ECC algorithm, and because the ECC algorithm is based on elliptic curve mathematical calculation and utilizes coordinates of points on an elliptic curve for encryption and decryption, compared with an RSA algorithm, the method has shorter key length, but has equivalent security level, and simultaneously has faster running speed and smaller bandwidth, so that the method is suitable for the Internet of things equipment with limited resources such as computing capacity, memory, electric quantity and the like, and communication expenditure is greatly reduced on the premise of guaranteeing communication security.

Drawings

The invention will be further described with reference to examples of embodiments with reference to the accompanying drawings.

FIG. 1 is a flow chart of a lightweight MQTT encryption communication method of the present invention.

Fig. 2 is a schematic diagram of the structure of a lightweight MQTT encryption communication system of the present invention.

Fig. 3 is a hardware architecture diagram of the present invention.

Detailed Description

According to the technical scheme in the embodiment of the application, the overall thought is as follows: the information or the request transmitted among the Internet of things equipment, the MQTT server, the Web server and the Web client are encrypted and decrypted through an ECC algorithm, and the ECC algorithm has a shorter key length but an equivalent security level, and simultaneously has a faster running speed and a smaller bandwidth, so that the communication expense is reduced on the premise of guaranteeing the communication safety.

Referring to fig. 1 to 3, a preferred embodiment of a lightweight MQTT encryption communication method of the present invention includes the steps of:

because of loopholes and security problems in the environment of the Internet of things, an encrypted security layer is added between the Internet of things equipment and the MQTT server during implementation:

a) Device/gateway layer: since hackers often impersonate authenticated users and use malicious instructions to make control attempts, the device/gateway layer mainly protects sensitive data communicated between the system and the internet of things device, such as sensitive data of mutual authentication, distribution and verification of certificates, message encryption, device firmware upgrade, and the like.

b) Network/transport layer: the method is used for protecting the privacy and the integrity of the data of the Internet of things equipment, and the considered safety problems relate to the authentication and the authorization of the Internet of things equipment and the safety problems related to the safety of a program interface API and the information transmission.

c) Application layer: for ensuring theft protection of data, preventing misuse or falsification of data stored in the application layer; the security problems considered relate to application program security, secure API calls, message encryption and decryption, message load verification, and the like; the application layer is generally more vulnerable to attacks than the other layers, requiring further attention and protection of local and cloud-based applications, mobile applications, and other applications based on analysis AP I.

Step S20, each piece of internet of things equipment encrypts state data in the running process into a message through an ECC algorithm (elliptic curve encryption algorithm), and the message is issued to an MQTT server;

The step S20 specifically includes:

each internet of things device periodically encrypts state data in the running process into a message through an ECC algorithm, and after setting the theme of the message, the message is issued to an MQTT server. The status data may be power status, light status, etc.

The step S30 specifically includes:

when a Web server receives an action command request encrypted by an ECC algorithm and sent by a Web client, the action command request is stored in a database, an action mark of the action command request is set to be 1, and the action command request is sent to an MQTT server. In the implementation, the Web server continuously sends the action command request to the MQTT server until the MQTT server returns the required message.

The step S40 specifically includes:

The step S50 specifically includes:

the Web server receives the message sent by the MQTT server, and stores the message into a database, namely, the latest equipment state of the Internet of things equipment is stored; when receiving the message corresponding to the action command request, updating the action mark of the database to 0;

The invention relates to a preferred embodiment of a lightweight MQTT encryption communication system, which comprises the following modules:

The information release module is used for encrypting the state data in the running process into information through an ECC algorithm (elliptic curve encryption algorithm) by each Internet of things device and releasing the information to the MQTT server;

The message publishing module is specifically configured to:

The request sending module is specifically configured to:

The message sending module is specifically configured to:

The message store-and-forward module is specifically configured to:

In summary, the invention has the advantages that:

While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that the specific embodiments described are illustrative only and not intended to limit the scope of the invention, and that equivalent modifications and variations of the invention in light of the spirit of the invention will be covered by the claims of the present invention.

Claims

1. A lightweight MQTT encryption communication method is characterized in that: the method comprises the following steps:

2. A lightweight MQTT encryption communication method as set forth in claim 1, wherein: the step S20 specifically includes:

3. A lightweight MQTT encryption communication method as set forth in claim 1, wherein: the step S30 specifically includes:

4. A lightweight MQTT encryption communication method as set forth in claim 1, wherein: the step S40 specifically includes:

5. A lightweight MQTT encryption communication method as set forth in claim 1, wherein: the step S50 specifically includes:

6. A lightweight MQTT encrypted communication system, characterized by: the device comprises the following modules:

7. A lightweight MQTT encryption communication system as recited in claim 6, wherein: the message publishing module is specifically configured to:

8. A lightweight MQTT encryption communication system as recited in claim 6, wherein: the request sending module is specifically configured to:

9. A lightweight MQTT encryption communication system as recited in claim 6, wherein: the message sending module is specifically configured to:

10. A lightweight MQTT encryption communication system as recited in claim 6, wherein: the message store-and-forward module is specifically configured to: