Nabeel Alassaf
Universiti Sains Malaysia (USM)

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

Ultra-lightweight hybrid authentication for MQTT/MQTT-SN internet of thing security Nabeel Alassaf; Selvakumar Manickam; Ammar Odeh; Mohammed Anbar
Bulletin of Electrical Engineering and Informatics Vol 15, No 3: June 2026
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/eei.v15i3.11907

Abstract

The rapid growth of internet of thing (IoT) has increased the need for secure communication among resource-constrained devices using lightweight protocols such as message queuing telemetry transport (MQTT) and message queuing telemetry transport for sensor network (MQTT-SN). Traditional certificate-based solutions introduce significant computational and memory overhead for low-power devices. This paper proposes the hybrid lightweight protocol (HLP), a certificate-free approach combining elliptic-curve key exchange, hash-based message authentication code (HMAC)-based authentication, and ChaCha20-Poly1305 encryption. HLP uses pre-shared keys to reduce handshake complexity while maintaining confidentiality, integrity, and mutual authentication across MQTT and MQTT-SN environments. A Python-based implementation using paho-mqtt was evaluated in a constrained-device testbed. Experimental results show that HLP achieves lower handshake latency (-20–24 ms) and reduced bandwidth overhead (-130 bytes) compared with elliptic curve Diffie-Hellman ephemeral-pre-shared key (ECDHE-PSK) and elliptic curve Diffie-Hellman ephemeral-elliptic curve digital signature algorithm (ECDHE-ECDSA), while still supporting forward secrecy. These findings demonstrate that HLP is an efficient and practical solution for securing IoT communications on constrained devices.