BT

Paho, Mosquitto and Security of MQTT

| by Alex Blewitt Follow 4 Followers on Mar 12, 2015. Estimated reading time: 3 minutes |

Ian Craggs, leader of the Eclipse Paho project, talked about Eclipse Paho, Eclipse Mosquitto and MQTT-SN at EclipseCon this week. With last week's release of both Eclipse Paho and Eclipse Mosquitto, and this week's dedicated Internet of Things day at EclipseCon, InfoQ caught up with him to ask him about the projects and what they provide.

InfoQ: Can you summarise what the Paho and Mosquitto projects are at Eclipse?

Craggs: The Paho and Mosquitto projects both deal with a messaging protocol called MQTT, which has been around since about 1998 when it was first published by IBM and Arcom Control Systems. It was created to solve the problem of monitoring and control of remote infrastructure, in the first case an oil pipeline. MQTT is a client server protocol, with Paho and Mosquitto providing open source implementations of MQTT client libraries and an MQTT server respectively. These open source implementations, along with MQTT's standardization, have helped the interest in MQTT to increase almost exponentially over the last two years, especially as it is one of the protocols that is ideally suited to the Internet of Things

InfoQ: What languages does Paho provide clients for? 

Craggs: Paho provides MQTT client libraries in C, C++, Java and Android, Python, C# (any .Net language and WinRT), JavaScript and Go.  Paho also includes some GUI utilities for experimenting with and monitoring MQTT servers. There are also some MQTT "conformance" tests, which I hope will eventually become the basis of an official compliance test suite for implementations of the MQTT 3.1.1 standard. 

InfoQ: What kind of applications use Paho or MQTT for their messaging, and why? 

Craggs: Facebook used MQTT to implement their Messenger app, because MQTT is efficient and event driven, they "were able to often achieve phone-to-phone delivery in the hundreds of milliseconds, rather than multiple seconds." IBM uses MQTT in our IoT Foundation Bluemix (cloud) service which allows data from large numbers of devices to be analyzed and processed by any of the other Bluemix services including NodeRed and Watson.  The recent Eclipse press release has statements from four companies which are using Paho and Mosquitto in their solutions.

InfoQ: What kind of security does Mosquitto support? 

Craggs: Security in MQTT has two levels. Firstly MQTT itself allows a userid and password to be transmitted at connect time, and Mosquitto allows authorization to be based on those. Secondly, there is the ability to secure the underlying TCP/IP connection – all versions of TLS up to and including 1.2 are supported. This means that MQTT connections can be encrypted, and the identity of connecting applications can be verified in a more secure way than userid and password. 

InfoQ: How does Mosquitto interoperate with other message queues or protocols?

Craggs: As I mentioned previously, MQTT needs an underlying TCP/IP connection. WebSockets is a technology that allows a TCP like connection between a web browser and a server, making interactive communications feasible without polling. Mosquitto 1.4 adds support for MQTT over WebSockets, so that libraries like the Paho JavaScript client can be used in a web application to easily send to and receive messages from an MQTT server in an efficient, timely, event-driven manner. 

InfoQ: How do you see Mosquitto and Paho evolving over the next year?

Craggs: One of the areas of greatest interest to me is the application of MQTT to underlying network technologies other than TCP/IP.  MQTT was designed to take advantage of TCP/IP's reliability and transmission of large packets with fragmentation. A closely related protocol, MQTT-SN, allows MQTT style messaging to be extended to networking transports such as UDP, ZigBee and 6LoWPAN.  Paho already contains some client libraries and tools for MQTT-SN. Over the next year, we intend to expand on these capabilities, so that Paho and Mosquitto can achieve for MQTT-SN what they already do for MQTT: making it very easy to build a messaging, IoT solution with off the shelf, open source building blocks.

Both Mosquitto and Paho are available for download at the Eclipse website, and through the dedicated iot.eclipse.org project.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss
BT