<![CDATA[Message Queuing Telemetry Transport (MQTT) is a light-weight Internet-of-Things protocol based of topic-based publish-subscribe mechanism that is suitable for constrained devices. MQTT has a security problem in terms of privacy, to ensure client's identity which access MQTT protocol required an authentication and authorization mechanisms, that can be achieved by applying Access Control List (ACLs) to the broker that will govern the rights of client to access certain topic on system, such as publish/subscribe. This research will be conducted to find out about how to implement authorization mechanisms using ACLs on MQTT-based system that use nodeMCU and how it affects the security and performance. This research will be conducted using mosquito-broker that implements auth-plug plugin as authentication and authorization mechanism, the ACLs will be designed on MySQL database and to be accessed by auth-server. Brokers and auth-server will communicate to check the identity and permissions of client, the client's identity will be encoded using JSON Web Token (JWT), and ACLs will be designed based on roles. From the test results, the ACLs managed to secure MQTT protocol-based systems with nodeMCU devices by performing authentication mechanisms using JWT and authorization mechanisms based on client's roles successfully, also successfully handle message with total of 141 each seconds with average time needed to publish each message in the course of 0,7092 seconds.]]>
Copyrights © 2018
