TY - GEN
T1 - A Novel MQTT-ZT Secure Broker
T2 - 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025
AU - James, Meha
AU - Newe, Thomas
AU - O'Shea, Donna
AU - O'Mahony, George D.
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The rapid growth of the Internet of Things (IoT) introduces significant security risks, including unauthorized access, data breaches, and supply chain attacks. Traditional models like Role-Based Access Control (RBAC) lack scalability and realtime enforcement for dynamic IoT environments. This paper presents the MQTT-ZT Secure Broker - an MQTT-based IoT communication framework built on Zero Trust Architecture (ZTA). It integrates Attribute-Based Access Control (ABAC) directly into the broker using a built-in Policy Enforcement Point (PEP) and Axiomatics' ALFA policy engine for efficient, low-latency authorization. Experiments conducted in a cyber range show the broker maintains low processing times - 20-79 ms for publishers and 24-63 ms for subscribers - even at 200 clients, outperforming traditional methods that often exceed 100 ms. These results highlight the architecture's ability to scale while ensuring continuous verification and minimal latency. The MQTT-ZT Secure Broker offers a robust and scalable Zero Trust solution for securing IoT environments.
AB - The rapid growth of the Internet of Things (IoT) introduces significant security risks, including unauthorized access, data breaches, and supply chain attacks. Traditional models like Role-Based Access Control (RBAC) lack scalability and realtime enforcement for dynamic IoT environments. This paper presents the MQTT-ZT Secure Broker - an MQTT-based IoT communication framework built on Zero Trust Architecture (ZTA). It integrates Attribute-Based Access Control (ABAC) directly into the broker using a built-in Policy Enforcement Point (PEP) and Axiomatics' ALFA policy engine for efficient, low-latency authorization. Experiments conducted in a cyber range show the broker maintains low processing times - 20-79 ms for publishers and 24-63 ms for subscribers - even at 200 clients, outperforming traditional methods that often exceed 100 ms. These results highlight the architecture's ability to scale while ensuring continuous verification and minimal latency. The MQTT-ZT Secure Broker offers a robust and scalable Zero Trust solution for securing IoT environments.
KW - Access Control
KW - Attribute-Based Access Control (ABAC)
KW - Cybersecurity
KW - Internet of Things (IoT)
KW - Message Queuing Telemetry Transport (MQTT)
KW - Policy Decision Point (PDP)
KW - Policy Enforcement Point (PEP)
KW - Zero Trust (ZT)
KW - Zero Trust Architecture (ZTA)
UR - https://www.scopus.com/pages/publications/105016161335
U2 - 10.1109/CSR64739.2025.11130016
DO - 10.1109/CSR64739.2025.11130016
M3 - Conference contribution
AN - SCOPUS:105016161335
T3 - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
SP - 433
EP - 439
BT - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 August 2025 through 6 August 2025
ER -