This repository is a fork of the Eclipse Paho MQTT-SN C/C++ client that integrates post-quantum cryptography capabilities through wolfSSL integration. This work is part of our research on securing IoT protocols against quantum threats.
We have integrated PQC capabilities in both the Gateway and the GatewayTester clients. This Gateway can be also tested along our wolfMQTT clients.
This implementation with some preliminary benchmarks is described in the following conference paper:
Blanco-Romero, J., Lorenzo, V., Almenares, F., Díaz-Sánchez, D., Campo, C., & García-Rubio, C. (2024). "Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols." In 2024 IEEE Symposium on Computers and Communications (ISCC), pp. 1-6.
You can build the Gateway with wolfSSL DTLS support with the following command:
git clone https://github.com/qursa-uc3m/paho.mqtt-sn.embedded-c.wolfssl-pq
cd ./paho.mqtt-sn.embedded-c/MQTTSNGateway/
./build.sh dtls -DDEBUG -DDEBUG_NW wolfsslAnalogously, you can build the GatewayTester with:
./build.sh dtls wolfssl -DDEBUG_TESTERThen modify the MQTTSNGateway/gateway.conf file to add the certificate and key files. For example:
DtlsCertsKey=../../certs/dtls.crt
DtlsPrivKey=../../certs/dtls.keyRun the gateway (from the MQTTSNGateway folder):
./bin/MQTT-SNGateway Then go to the MQTTSNGateway/GatewayTester folder and run, for example, the subscriber:
./Build/MQTT-SNSubOr the publisher:
./Build/MQTT-SNPubYou can also test the gateway with the wolfMQTT clients. See the instructions there.
Sometimes stopping the gateway with Ctrl+C doesn't stop the process. You can check if there are hanging processes in the relevant ports with:
sudo lsof -i :1883 -i :8883 -i :10000If any, you can kill them by the name with:
sudo pgrep -f 'MQTT-SNGa' | while read pid; do sudo kill -9 $pid; doneFor DTLS, you should capture the traffic in ports: udp.port == 1883 || udp.port == 8883 || udp.port == 10000. It is recommended to use Wireshark with the OQS-wireshark due to the post-quantum cryptography support.