Full Program
Summary:
The rapid expansion of the Internet of Things (IoT) has introduced security challenges, including unauthorized access, data breaches, lateral movement attacks and supply chains attacks. Traditional access control mechanisms, such as Role-Based Access Control (RBAC), struggle with scalability and real-time enforcement in dynamic IoT environments. This paper proposes the MQTT-ZT Secure Broker, a Zero Trust Architecture (ZTA) for secure MQTT-based IoT communication, integrating Attribute-Based Access Control (ABAC) directly into the MQTT broker. The architecture embeds a Policy Enforcement Point (PEP) within the broker and leverages Axiomatics' ALFA policy engine for low-latency authorization. Experimental evaluations in a cyber range demonstrate that the proposed solution maintains real-time security enforcement with processing times between 20-45 ms, significantly outperforming traditional approaches, which typically exceed 100 ms. The results confirm that in-broker access control enhances scalability, minimizes latency, and ensures continuous verification, making it a robust Zero Trust (ZT) IoT security solution.Author(s):
Meha James
Munster Technological University
Ireland
Thomas Newe
University of Limerick
Ireland
Donna O'Shea
Munster Technological University
Ireland
George D. O'Mahony
Munster Technological University
Ireland