Secure Communication ECC-Based between IoT Device and Server

The rapid development of the IoT (Internet of Things) demands speed and security of communication between connected entities via the Internet. A suitable communication protocol for this communication in terms of speed optimization is MQTT (Message Queuing Telemetry Transport). However, it has security limitations that make it vulnerable to third-party attacks. This research proposes an IoT communication system and server using the MQTT protocol and Elliptic Curve Cryptography (ECC) algorithms to secure communications. ECC efficiently uses computing resources and has a short key size compared to Rivest Shamir Adleman (RSA), so it is suitable for mutual authentication. In addition, data encryption uses the 128-bit Advanced Encryption Standard (AES), which has good security and computing efficiency. The study included testing the mutual authentication speed of ECC and RSA across different key sizes, demonstrating that ECC consistently outperformed RSA in execution time. This study also compared the speed of mutual authentication between ECC and RSA with key sizes of 256 and 3072 bits, respectively; ECC achieved an average speed of 117.33 ms, whereas RSA took 241.92 ms. Furthermore, this study was also tested for the level of security using ECC as a cryptographic algorithm. The system is tested for security by performing sniffing attacks, brute force attacks, replay attacks, and fingerprint matching accuracy by measuring the False Rejection Rate (FRR) and False Acceptance Rate (FAR). The most suitable threshold value is between 30 and 40 within an Equal Error Rate (ERR) between 20% and 30%. The overall testing results show that the system is time-efficient and resilient to attacks.