Main Article Content


The rapid development of the IoT (Internet of Things) demands speed and security of communication between connected entities via the Internet. A suitable communication protocol for this communication in terms of speed optimization is MQTT (Message Queuing Telemetry Transport). However, it has security limitations that make it vulnerable to third-party attacks. This research proposes an IoT communication system and server using the MQTT protocol and Elliptic Curve Cryptography (ECC) algorithms to secure communications. ECC efficiently uses computing resources and has a short key size compared to Rivest Shamir Adleman (RSA), so it is suitable for mutual authentication. In addition, data encryption uses the 128-bit Advanced Encryption Standard (AES), which has good security and computing efficiency. The study included testing the mutual authentication speed of ECC and RSA across different key sizes, demonstrating that ECC consistently outperformed RSA in execution time. This study also compared the speed of mutual authentication between ECC and RSA with key sizes of 256 and 3072 bits, respectively; ECC achieved an average speed of 117.33 ms, whereas RSA took 241.92 ms. Furthermore, this study was also tested for the level of security using ECC as a cryptographic algorithm. The system is tested for security by performing sniffing attacks, brute force attacks, replay attacks, and fingerprint matching accuracy by measuring the False Rejection Rate (FRR) and False Acceptance Rate (FAR). The most suitable threshold value is between 30 and 40 within an Equal Error Rate (ERR) between 20% and 30%. The overall testing results show that the system is time-efficient and resilient to attacks.


IoT MQTT ECC Mutual Authentication Security

Article Details

How to Cite
Ruswiansari, M., Kusumah, F., Wasista, S., & Ridwan, M. (2024). Secure Communication ECC-Based between IoT Device and Server. INVOTEK: Jurnal Inovasi Vokasional Dan Teknologi, 24(1), 9-18.


  1. W. Yang, S. Wang, N. M. Sahri, N. M. Karie, M. Ahmed, and C. Valli, “Biometrics for internet‐of‐things security: A review,” Sensors, vol. 21, no. 18. MDPI, Sep. 01, 2021. doi: 10.3390/s21186163.
  2. K. L. Lueth, “State of the IoT 2020: 12 Billion IoT Connections Surpassing Non-IoT for the First Time,” IoT Analytics. [Online]. Available:
  3. A. Shamsoshoara, A. Korenda, F. Afghah, and S. Zeadally, “A survey on physical unclonable function (PUF)-based security solutions for Internet of Things,” Comput. Networks, vol. 183, p. 107593, 2020, doi:
  4. Z. Hussain, A. Akhunzada, J. Iqbal, I. Bibi, and A. Gani, “Secure IIoT-enabled industry 4.0,” Sustainability (Switzerland), vol. 13, no. 22, Nov. 2021, doi: 10.3390/su132212384.
  5. Q. A. Al-Haija and S. Zein-Sabatto, “An efficient deep-learning-based detection and classification system for cyber-attacks in iot communication networks,” Electronics (Switzerland), vol. 9, no. 12, pp. 1–26, Dec. 2020, doi: 10.3390/electronics9122152.
  6. K. E. Balto, M. M. Yamin, A. Shalaginov, and B. Katt, “Hybrid IoT Cyber Range,” Sensors, vol. 23, no. 6, Mar. 2023, doi: 10.3390/s23063071.
  7. J. C. Yang, H. Pang, and X. Zhang, “Enhanced mutual authentication model of IoT,” Journal of China Universities of Posts and Telecommunications, vol. 20, no. SUPPL-2, pp. 69–74, Dec. 2013, doi: 10.1016/S1005-8885(13)60218-6.
  8. S. D. Mohammed, A. M. S. Rahma, and T. M. Hasan, “Maintaining the integrity of encrypted data by using the improving hash function based on GF (28),” TEM Journal, vol. 9, no. 3, pp. 1277–1284, Aug. 2020, doi: 10.18421/TEM93-57.
  9. R. R. Pahlevi, V. Suryani, H. H. Nuha, and R. Yasirandi, “Secure Two-Factor Authentication for IoT Device,” in 2022 10th International Conference on Information and Communication Technology, ICoICT 2022, Institute of Electrical and Electronics Engineers Inc., 2022, pp. 407–412. doi: 10.1109/ICoICT55009.2022.9914866.
  10. D. Mahto and D. Kumar Yadav, “RSA and ECC: A Comparative Analysis,” 2017. [Online]. Available:
  11. M. Al Saadi, “A Review on Elliptic Curve Cryptography,” International Journal of Future Generation Communication and Networking, vol. 13, no. 3, pp. 1597–1601, 2020, [Online]. Available:
  12. X. Wang and M. El-Said, “DomainPKI: Domain Aware Certificate Management,” in SIGITE 2020 - Proceedings of the 21st Annual Conference on Information Technology Education, Association for Computing Machinery, Inc, Oct. 2020, pp. 419–425. doi: 10.1145/3368308.3415401.
  13. H. N. Almajed and A. S. Almogren, “SE-Enc: A Secure and Efficient Encoding Scheme Using Elliptic Curve Cryptography,” IEEE Access, vol. 7, pp. 175865–175878, 2019, doi: 10.1109/ACCESS.2019.2957943.
  14. E. Taiwo Oladipupo and O. Christiana Abikoye, “Improved authenticated elliptic curve cryptography scheme for resource starve applications,” Computer Science and Information Technologies, vol. 3, no. 3, pp. 169–185, 2022, doi: 10.11591/csit.v3i3.pp169-185.
  15. A. Saepulrohman, A. Denih, Sukono, and A. T. Bon, “Elliptic Curve Diffie-Hellman Cryptosystem for Public Exchange Process,” in 5th North American International Conference on Industrial Engineering and Operations Management, IEOM Society International, 2020.
  16. S. Heron, “Advanced Encryption Standard (AES),” Network Security, vol. 2009, no. 12, pp. 8–12, Dec. 2009, doi: 10.1016/S1353-4858(10)70006-4.
  17. H. K. S. Premadasa and R. G. N. Meegama, “Extensive compression of text messages in interactive mobile communication,” in 2013 International Conference on Advances in ICT for Emerging Regions (ICTer), IEEE, Dec. 2013, pp. 80–83. doi: 10.1109/ICTer.2013.6761159.
  18. Y. Im and M. Lim, “E-MQTT: End-to-End Synchronous and Asynchronous Communication Mechanisms in MQTT Protocol,” Applied Sciences, vol. 13, no. 22, p. 12419, Nov. 2023, doi: 10.3390/app132212419.
  19. O. Gaikwad, P. SP, M. Kantimahanti, M. Kamthe, and L. Kumar, “RFID Attendence using RC522,” Int J Res Appl Sci Eng Technol, vol. 8, no. 5, pp. 2386–2392, May 2020, doi: 10.22214/ijraset.2020.5392.
  20. J. Linggarjati, “Raspberry Pi Zero Door Locking System with Face Recognition using CNN (Convolutional Neural Network) and Fingerprint Sensor,” in Proceedings of the International Conference on Industrial Engineering and Operations Management, Michigan, USA: IEOM Society International, 2022, pp. 1147–1152. doi: 10.46254/SA03.20220247.
  21. E. Barker, “Recommendation for key management: Part 1 - General,” Gaithersburg, MD, May 2020. doi: 10.6028/NIST.SP.800-57pt1r5.