Secure MQTT Authentication with Dynamic Salt and TOTP for IoT Environments

With the rapid growth of internet of Things (IoT), ensuring the security of communication protocols has become increasingly critical. Message Queuing Telemetry Transport (MQTT), a lightweight messaging protocol, is widely adopted in IoT systems due to its low overhead and efficiency. However, its simplicity comes at the cost of security vulnerabilities, particularly in authentication mechanisms. This paper investigates the integration of Time-Based One-Time Password (TOTP) authentication into MQTT to address these challenges. In place of the regular username and password authentication, we used the hash of the salted TOTP as password along with the username for authentication, which increases the security. By leveraging TOTP in the MQTT protocol, we aim to enhance security while maintaining its lightweight characteristics, ensuring that it remains suitable for resource-constrained IoT environments. This provides a scalable and secure solution for IoT environments, offering enhanced protection for sensitive data transmission without significantly compromising performance. This approach is particularly valuable for IoT applications in critical sectors such as healthcare, smart cities, and industrial automation, where security and reliability are paramount.