The Internet of Things is constantly capturing interest from modern applications, changing our everyday life and empowering industrial applications. Interaction and the collaboration among smart devices offer new challenges to security since they conflict with economic and energy consumption requirement constraints. On the other hand, the lack of security measures could negatively impact the concrete adoption of this paradigm. This paper focuses on the Message Queuing Telemetry Transport (MQTT) protocol, widely adopted in the Internet of Things. This protocol does not implement natively secure authentication mechanisms, which are demanded to developers. Hence, this paper proposes a novel OTP (one-time password)-authentication schema for MQTT, which uses the Ethereum blockchain to implement a second-factor out-of-band channel. The proposal enables the authentication of both local and remote devices preserving user privacy and guaranteeing trust and accountability via Ethereum smart contracts.

中文翻译：

---

通过基于区块链的OTP身份验证保护MQTT。

物联网不断吸引着现代应用程序的兴趣，改变了我们的日常生活并增强了工业应用程序的功能。智能设备之间的交互和协作对安全性提出了新的挑战，因为它们与经济和能源消耗的要求约束相冲突。另一方面，缺乏安全措施可能会对这种模式的具体采用产生负面影响。本文着重讨论在物联网中广泛采用的消息队列遥测传输（MQTT）协议。该协议未实现开发人员要求的本机安全身份验证机制。因此，本文为MQTT提出了一种新颖的OTP（一次性密码）身份验证方案，该方案使用以太坊区块链来实现第二因素带外通道。