Secure Communication Implementation for MQTT Protocol in Water Resources Sensing Devices
摘要
With the deepening advancement of water conservancy informatization, the MQTT protocol has been widely adopted for real-time data transmission in hydrological sensing devices due to its lightweight nature and low latency. However, its inherent security deficiencies have become increasingly prominent. This paper addresses the security risks faced by the MQTT protocol in hydrological scenarios, including weak authentication, data leakage, tampering, and replay attacks. We propose a hybrid encryption-based security reinforcement method utilizing commercial cryptographic algorithms (SM2/SM4). This method leverages the key agreement capability of the asymmetric SM2 encryption and the efficiency of the symmetric SM4 encryption. By dynamically generating session keys, incorporating timestamp mechanisms to prevent replay attacks, and employing SM3-HMAC for integrity verification, it achieves multiple security objectives: data confidentiality, data integrity, identity authentication, and resistance to replay attacks. Experimental testing demonstrates that the proposed method introduces acceptable latency, meeting real-time requirements in typical hydrological sensing data scenarios, thereby providing an effective solution for secure communication in hydrological sensing devices.