WolfSSL recently released the wolfMQTT client library, a security add-on that provides SSL/TLS encryption for the Message Queuing Telemetry Transport (MQTT) protocol.

MQTT is a publisher/subscriber based architecture, in which systems communicate among each other by publishing messages and subscribing to topics through TCP/IP network protocols. MQTT is designed specifically to be lightweight and used in machine-to-machine and Internet of Things applications, which generally rely on real-time information exchange, and are constrained by memory and energy resources.

Example of a Pub/Sub architecture. Image courtesy of HiveMQ.

Up until recently, MQTT did not have any inherent security built-in, although “secure-mqtt” could be used, in which the TLS transport option is selected through port 8883. WolfMQTT expands MQTT using wolfSSL to add support for SSL/TSL end-to-end encryption.

The WolfMQTT library is written in C (C89) in less than 1,200 lines of code and 3.6kB to ensure it remains lightweight and portable for use in embedded systems. It’s also based on the MQTT v3.1.1 specification.

MQTT Highlights:

  • Lightweight and portable for M2M and IoT applications with small overhead
  • Three message delivery quality of service modes available including “at most once”, “at least once”, and “exactly once”
  • Small overhead to minimize network traffic
  • Capable of notifying relevant parties when a disconnection occurs under abnormal circumstances
  • MQTT v3.1.1 was released in 2014

wolfMQTT Highlights:

  • Supports the newest SSL and TLS standards
  • 20 times smaller than OpenSSL
  • Easy to port from OpenSSL to to wolfSSL
  • Quality of Service Support for Levels 0 to 2
  • Can be used with Linux, Mac OS X, Windows 32/64, FreeRTOS, ChibiOS environments
  • Compatible with ARM, Intel, Atmel (PIC32), STMicro (STM32F2/F4), Texas Instruments, and Motorola chipsets, to name a few
  • Open Source license (GPLv2)
  • Users ChaCH20, Curve25519, Blake2b, and NTRU ciphers

WolfSSL offers a training course which covers how SSL/TLS works, familiarization with the wolfSSL library, how to customize and use wolfSSL, and best practices for wolfSSL. Additionally, examples are provided for use with the Arduino IDE and IBM Watson IoT when downloaded.

Security in connected embedded systems is an important concern, especially with the often noted increase in IoT devices collecting increasingly sensitive information. End-to-end encryption of device communication can prevent sensitive or private information from being leaked, avoid man-in-the-middle or side-channel attacks, as well as provide a higher sense of security and reliability in IoT applications.

WolfSSL was founded in 2004 to specifically develop security solutions for embedded systems. Founders Larry Stefonic and Todd Ouska wanted to provide open source alternatives to OpenSSL that had a clear licensing scheme, provided portability and speed required for embedded systems, and featured a modern and intuitive API. One of WolfSSL’s first major users would be MySQL, which holds the title of being the most popular open source database in the world. Since then, WolfSSL has been bundled with Ubuntu, Mongoose, cURL, and OpenWRT and can boast that it is responsible for securing over 2 billion connections.