Securing the MQTT Publish-Subscribe Protocol

Publish/Subscribe is a messaging paradigm that supports dynamic many-to-many communication in a loosely coupled distributed environment. MQTT is a topic-based publish/subscribe protocol. Information producers publish topic related events to a message broker, and information consumers subscribe to some of these topics. The message broker is responsable to store the events and forward them to the information consumers. IBM implemented a publish/subscribe infrastructure consisting of a small footprint message broker and messaging clients, using the MQTT protocol. The flexible design of this implementation allows to dynamically configure protocol stacks consisting of modules that offer different services, such as reliability or segmentation and reassembly. The MQTT protocol has been designed without security in mind, but the need of a secured communication between the messaging clients and the message broker evolved. In this thesis, the design and prototypical implementation of encryption and access control modules is introduced, which are pluggable into the protocol stacks.