AUPS: An Open Source AUthenticated Publish/Subscribe system for the Internet of Things

•A new secure MQTT mechanism named AUPS(AUthenticated Publish&Subscribe) is defined.•AUPS is integrated in a flexible and cross-domain IoT architecture.•AUPS is further integrated with a policy enforcement mechanism.•AUPS is openly released under Apachev.2 license.•A key management system is defined in order to guarantee a good level of security.

The arising of the Internet of Things (IoT) is enabling new service provisioning paradigms, able to leverage heterogeneous devices and communication technologies. Efficient and secure communication mechanisms represent a key enabler for the wider adoption and diffusion of IoT systems. One of the most widely employed protocols in IoT and machine-to-machine communications is the Message Queue Telemetry Transport (MQTT), a lightweight publish/subscribe messaging protocol designed for working with constrained devices. In MQTT messages are assigned to a specific topic to which users can subscribe. MQTT presents limited security support. In this paper we present a secure publish/subscribe system extending MQTT by means of a key management framework and a policy enforcement one. In this way the flow of information in MQTT-powered IoT systems can be flexibly controlled by means of flexible policies. The solution presented is released as open source under Apache v.2 license.