Dynamic encryption method for MQTT communication

Internet of vehicles (IoV) system is mixed-criticality, and different functions have different requirements for information security and real-time performance. Thesis aims to design a comprehensive dynamic encryption algorithm to ensure the function of the IoV system while taking into account the security level required by different critical functions. The algorithm can flexibly coordinate the security requirements between different functions, improve the efficiency and reliability of the system to the greatest extent, and ensure information security. In order to verify the performance of the algorithm, thesis uses Pycharm platform to carry out simulation experiments through python programming and verifies the feasibility of the algorithm.


Introduction
The Internet of vehicles system is a mixed-criticality system.Different functions have different requirements for information security and real-time performance, so different encryption algorithms need to be used for different functions.However, due to the limited resources and space of IoV devices, using AES encryption algorithm to encrypt all functions will increase the burden of the system.In addition, some functions also require high real-timeperformance, which increases the computational pressure when implementing the encryption algorithm.
In order to solve these problems, many researchers have carried out research.Singh M R, M. P, Praneet S, et al presented a trust-driven privacy method using encryption and steganography for IoV [1].Mahlake N, Mathonsi E T, Plessis D D, et al proposed Lightweight Security Algorithm (LSA) is a hybrid algorithm created by combining the Security Protocol for Sensor Networks (SPINS) with the Secure IoT (SIT) encryption technique [2] .Pratik K, Pooja V, Kanchan D, et al used Fog Computing (FC) to reduce cloud load and avoid wasting network bandwidth [3] .
In thesis, the main vehicle networking protocol MQTT is taken as the research object, aiming to design a comprehensive encryption algorithm to ensure the functions of the vehicle networking system while taking into account the security levels required by different critical functions.The algorithm can flexibly coordinate the requirements between different functions, maximize the efficiency and reliability of the system, and ensure information security.

Mixed-criticality of IoV systems
At present, more and more distributed electronic functions are used in automotive systems, which makes the data processed in IoV systems become large and complex.To cope with this challenge, IoV systems are gradually transforming into hybrid critical systems, where multiple original electronic control unit (ECU) functions are integrated into a more powerful ECU.However, such system design needs to consider the different requirements between different functions, and solve the performance pressure and real-time requirements of the encryption algorithm, so as to improve the efficiency, reliability and information security of the whole system.J3061 "Cybersecurity Guidelines for Cyber-Physical Systems" is a standard document designed to guide automotive information security.This guide especially emphasizes the classification method of automotive information security risk [4] .Table 1 shows this grading method, which evolved from ASIL and aims to link device functional safety and vehicle information safety to form corresponding corresponsions.By tightly integrating device functional safety and vehicle information security, the J3061 guideline provides a comprehensive framework for information security in IoV systems.It not only requires the assessment and grading of functional safety, but also requires that the network information security requirements of the system be taken into account when designing and implementing the vehicle information system.This comprehensive approach helps to ensure the overall safety of the IoV system and provides guidelines to prevent potential information security threats.In the traditional IoV communication mode, all functional units are assigned the same criticality level, all tasks comply with the same security standards [5] , and the integrated control elements of IoV devices adopt a unified encryption algorithm.However, the comprehensive use of high-intensity encryption algorithms may lead to a waste of system resources for low-criticality functions.Conversely, purely relying on low-strength encryption algorithms may not adequately protect the security of high-criticality functions.Therefore, IoV systems need to consider the use of different encryption algorithms to meet the function-critical requirements.

The division of packet data priority
Even for highly critical functions, there are important and unimportant distinctions for each message transmission.For example, the reporting function of vehicle driving history data becomes an important "black box" when safety problems arise.For important data such as abnormal alarm data, more secure encryption algorithms, such as AES, should be used during transmission to achieve absolute security and reliability.However, for data frequently sent, such as weather, location, the importance is relatively low, and, if occasionally lost or underreported, it does not seriously affect the function.Therefore, simpler encryption algorithms can be used during transmission to reduce resource consumption and channel usage.Therefore, the priority division of the dynamic encryption algorithm should go deep into each message, and assign the corresponding levels of the encryption algorithm to the messages with different priorities As the first choice of the data communication protocol in the Internet of Vehicles industry today, the MQTT protocol stipulates the QoS (Quality of Service) [6] .QoS ensures the reliability of message transmission in different network environments, which can be used as the primary implementation technology to ensure message reliability transmission in Internet of Vehicles scenarios.
QoS 0, This level message is delivered at most once, and the sender is not responsible for confirming the receipt of the messages and does not take any remedial action to ensure reliable delivery.QoS 1, The message was passed at least once.This level uses a reissuing mechanism, in which the sender waits for the recipient to send a response (ACK) after sending the message, otherwise, it will resend.With this mode, ensure that the message is passed at least once but may be repeated.QoS 2, The message is passed only once.This level introduces replay and duplicate message detection mechanisms, ensuring that the message arrives at the recipient and limits only once.
To be clear, the higher the QoS level, the more complex the message interaction, and the greater the system resource consumption.Therefore, it is not that the higher the QoS level is set, the better the [7] .When selecting the appropriate QoS level, the application can make decisions based on its own network scenarios and business requirements.Thesis will link vehicle functional safety and QoS levels based on the previously mentioned vehicle information safety risk classification scale and performance requirements, as shown in Table 2.The information whose functional security requirements are much higher than the performance requirements, neither want to lose and leak messages, nor want to receive messages repeatedly, you can choose QoS 2 level.The QoS 2 level is not commonly used in Internet of Vehicles scenarios, and although it is more reliable, it also significantly increases resource consumption and message latency, and is generally used on extremely critical data.
In the Internet of Vehicles, the QoS 1 level is ideal for information that requires both functional safety and performance.It can balance the system resource performance, and ensure the real-time performance and reliability of the message transmission.Therefore, QoS 1 has been widely used, including car control messages, driving report data (including new energy national standards and enterprise standards), traffic safety control data, and traffic safety and road safety related to the early warning and other scenarios.
QoS 0 level can be used for functional information with performance requirements much higher than security.They value the quality of service, frequently, and have little security needs, and can tolerate data loss or leakage.The Internet of Vehicles provides multimedia services involving entertainment, such as weather forecast data, and some data related to vehicle services.

Design of dynamic encryption algorithm
In order to protect the communication data of different QoS levels, thesis uses three different intensity symmetric encryption algorithms (AES, Present, and TEA) to build a dynamic encryption algorithm library.The three algorithms are evaluated and compared from the encryption and decryption time and security.

Comparison of operational efficiency
In the Internet of Vehicles system with limited computing power, the operation efficiency of the algorithm is particularly important for realizing the efficient encryption and decryption operation.In order to objectively compare the running efficiency of the three algorithms, the same variables with 1000 different sets were selected for testing, and the average time of each algorithm was recorded.
In order to show the results more intuitively, Figure 1 below presents the comparison of the time required by the three algorithms to complete 1000 decryption in the form of a bar chart.

Figure 1. Algorithm efficiency comparison.
The performance difference between the various algorithms can be clearly seen by comparing with the above figure.According to the data in the figure above, we can evaluate the operating efficiency of the three algorithms in the Internet of Vehicles system, and choose the most suitable algorithm for a specific application scenario accordingly.This will help to ensure the rapid encryption and decryption of oV communication data, and improve the real-time and response performance of the system.

Omparison of algorithm safety intensity
First, AES (Advanced Encryption Standard) is one of the most widely used symmetric encryption algorithms [8] .AES uses different key lengths (128,192, and 256 bits), and have high cryptographic strength after multiple rounds of displacement and substitution operations.After extensive research and analysis, no effective attack method for AES has been found yet.Therefore, AES is considered to have a high safety profile and is widely used in various fields.
Second, Present is a lightweight symmetric encryption algorithm, suitable for resource-constrained environments, such as IoT devices.Present Using a block size of 64 bits and a key length of 80 or 128 bits to encrypt data through iterative displacement and substitution operations.Although Present's key length is short, it is still considered as one of the more secure encryption algorithms due to its design characteristics and analytical confidentiality.
Finally, TEA (Tiny Encryption Algorithm) is a simple and compact symmetric encryption algorithm [9] , with low computational complexity and storage requirements.TEA uses a block size of 64 bit and a key length of 128 bit to provide security by iterating the encryption rounds.However, due to the relatively simple design and key iteration method, it may have weaknesses in some specific attack situations.
In conclusion, AES has the highest security and is widely recognized as an encryption algorithm with high security intensity.Present As a lightweight algorithm, it provides better security in a resource-constrained environment.Although TEA is a simple and compact algorithm, it may have security challenges in some attack situations.Therefore, when selecting the encryption algorithm, the characteristics of each algorithm should be considered comprehensively according to the specific requirements and security requirements.
Based on the comparison results of the three algorithms in the dynamic encryption algorithm library, thesis builds the dynamic encryption algorithm scheduling table according to the above QoS   3.
From top to bottom, the encryption algorithm, algorithm identification and ID in the message are corresponding according to the service quality level.In the MQTT protocol, frame ID is used to identify the QoS level of the message message, the smaller the ID value, the smaller the QoS level, and the less importance.In thesis, an algorithm library composed of multiple encryption algorithms is designed according to Table 3, and a unique feature identification is assigned to each encryption algorithm.In this way, the system can easily call and select the encryption algorithm, so as to meet the different requirements of information security levels of different functional modules of the system.

Message design of dynamic encryption algorithmte
In the field of Internet of Vehicles, the MQTT communication protocol has been widely adopted as a lightweight messaging protocol.However, simple cryptographic algorithms alone cannot fully ensure the security of MQTT communication.Therefore, thesis proposes a dynamic encryption algorithm as a supplementary security scheme for the MQTT protocol.The algorithm includes encryption algorithm scheduling and replay attack defense functions, and carries synchronous timing identification and algorithm identification during the process when the message is transmitted from the publisher to the subscriber, to ensure that the dynamic encryption algorithm runs normally.This also means that the structure of the MQTT messages needs to be redesigned to carry additional information to assist the implementation of the dynamic encryption algorithm.
As shown in Figure 2 below, the MQTT fixed message header occupies at least two bytes, with the first byte containing flag bits such as message type and QoS level.The remaining length field is used to represent the total length of the subsequent variable message headers and message load.According to the MQTT protocol, the remaining length field is 0x7F, or 127 bytes.Therefore, the maximum message length of the MQTT communication is set 256MB, using zero to four bytes to represent the remaining length information.Thesis studies a single byte as a standard.

Figure 2. MQTT message format design.
Based on the redefined MQTT message format (shown in Figure 2), thesis saves the timestamp, counter values, and algorithm identification values by reset the load content fields.In order to avoid the waste of data resources, the two bytes of the lowest effective bit of the load content field are used as identification fields and divided into three parts: timestamp, counter value and algorithm flag.In this way, the load content can still retain 0 to 125 bytes of valid data, even when additional information is added.

System simulation
The MQTT protocol is a machine-to-machine (M2M) communication protocol built on the SSL protocol.Three classes of members exist, including Publisher, Broker, and Subscriber.In MQTT, the client can act as both the publisher and the subscriber, and the agent is usually the server side, and allows the client to subscribe on its own published messages.In this way, the MQTT protocol provides the capability of real-time data transmission and instant messaging.MQTT will build the underlying network transport like a TCP/IP link: it will establish a connection from the client to the server, providing an in-order, lossless, bi-directional byte-based transfer [10] .
According to this feature, thesis selects the Socket socket programming framework in Python language as the main framework, and takes C / S mode as the template to build the communication network simulation model of publishing / subscription mode.The dynamic encryption algorithm module and the replay attack defense module written by Python are integrated into the communication simulation to enhance the security and real-time performance of MQTT communication.Designed and implemented the MQTT secure communication simulation experiment based on the dynamic encryption mechanism, and analyzed the experimental results.It can be a publisher that publishes a message to a specified topic, or a subscriber that subscribes to messages posted by other clients.Client can unsubscribe or delete a subscription [11] for a subject and can disconnect from the server.In addition, the client may perform a specific function or command represented by the message.• The MQTT server side: The message agent in the MQTT protocol (server-side) the is a key middleman responsible for managing the communication [12] between publisher and subscriber.It accepts connection requests from the client and handles the subscription and unsubscribe operations.The Message Agent is also responsible for receiving and storing application messages published by the client and forwarding these messages to the corresponding subscribers by topic.In addition, the server side can also act as a key management center (KDC) to store the public key and conduct key management and verification to enhance the security of communication.

The encryption and decryption process of the communication
The dynamic encryption algorithm in thesis combines the key negotiation algorithm, so the encryption and decryption process of MQTT communication is actually divided into two parts: key negotiation process and dynamic encryption and decryption process.Figure 4 shows the workflow of communication encryption and decryption.Dynamic encryption process: the publisher selects the appropriate encryption algorithm according to the QoS level of the message, and encrypts the MQTT message using a pre-negotiated session key.By replacing the message load as ciphertext, and storing the timestamp, counter value and algorithm identification at the end of the field, the ciphertext with confidentiality and replay attack resistance is finally formed.The ciphertext will be sent to the server agent and will be transferred to the corresponding subscriber.Dynamic decryption process: Dynamic decryption process: After receiving an encrypted message from the publisher, the message is resolved and verified by the subscriber.By parsing the last two bytes of the packet load field, the time stamp, the counter value, and the algorithm identity are extracted, and the subscriber first verifies whether it is a replay attack.Then, the ciphertext is extracted, and the ciphertext is decrypted by matching the corresponding decryption algorithm and the prenegotiated key to further perform the functional operation.

The analysis of experimental results
simulation experiment simulates MQTT communication messages according to the message structure shown in Figure 2. In order to facilitate the research, the number of messages in each communication transmission experiment is set to 1000, and the performance of the algorithm is evaluated by comparing with the time complexity of the most widely used AES encryption algorithm.The bar chart of Figure 5 and Figure 6 shows the comparison of the traditional single encryption algorithm and the dynamic encryption algorithm.

Figure 3 .
Figure 3. MQTT communication simulation model.• The MQTT client: As shown in Figure 3 above, in MQTT communication, clients have multiple roles and functions.It can be a publisher that publishes a message to a specified topic, or a subscriber that subscribes to messages posted by other clients.Client can unsubscribe or delete a subscription[11] for a subject and can disconnect from the server.In addition, the client may perform a specific function or command represented by the message.• The MQTT server side: The message agent in the MQTT protocol (server-side) the is a key middleman responsible for managing the communication[12] between publisher and subscriber.It accepts connection requests from the client and handles the subscription and unsubscribe operations.The Message Agent is also responsible for receiving and storing application messages published by the client and forwarding these messages to the corresponding subscribers by topic.In addition, the server side can also act as a key management center (KDC) to store the public key and conduct key management and verification to enhance the security of communication.

Figure 5 .
Figure 5. encryption algorithm performance.Figure6.decryption algorithm performance.The lightweight encryption algorithms Present and TEA have the advantages of small energy consumption, high efficiency and small size.It can be seen from the comparison results in Figure5and Figure6that the use of dynamic encryption algorithm to add and decrypt MQTT messages with different QoS levels significantly exceeds the single AES encryption and decryption algorithm in efficiency, and the time consuming of dynamic encryption and decryption is only one sixth of that of AES encryption and decryption.

Figure 6 .
Figure 5. encryption algorithm performance.Figure6.decryption algorithm performance.The lightweight encryption algorithms Present and TEA have the advantages of small energy consumption, high efficiency and small size.It can be seen from the comparison results in Figure5and Figure6that the use of dynamic encryption algorithm to add and decrypt MQTT messages with different QoS levels significantly exceeds the single AES encryption and decryption algorithm in efficiency, and the time consuming of dynamic encryption and decryption is only one sixth of that of AES encryption and decryption.

Table 1 .
Auto safety risk level

Table 3 .
encryption algorithm scheduling table.level table and the security box performance level of the encryption algorithm, as shown in Table