This paper proposes an authentication mechanism on the MQ Telemetry Transport (MQTT) protocol. The exchange of data in the IoT system became an important activity. The MQTT protocol is a fast and lightweight communication protocol for IoT. One of the problems with the MQTT protocol is that there is no security mechanism in the initial setup. One security attack may occur during the client registration phase. The client registration phase has a vulnerability to accept false clients due to the absence of an authentication mechanism. An authentication mechanism has been previously made using Transport Layer Security (TLS). However, the TLS mechanism consumes more than 100 KB of data memory and is not suitable for devices that have limitations. Therefore, a suitable authentication mechanism for constraint devices is required. This paper proposes a protocol for authentication mechanisms using dynamic and event-based authentication for the MQTT protocol. The eventbased is used to reduce the computing burden of constraint devices. Dynamic usage is intended to provide different authentication properties for each session so that it can improve authentication security. As results, the applied of the event-based dynamic authentication protocol was successful in the constraint devices of  microcontrollers and broker. The microcontroller, as a client, is able to process the proposed protocol. The client uses 52% of the memory for the proposed protocol and only consumes 2% higher than the protocol without security. The broker can find authentic clients and constraint devices capable of computing to carry out mutual authentication processes to clients. The broker uses a maximum of 4.3 MB of real memory and a maximum CPU usage of 3.7%.

Statista, “Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions),” https://www.statista.com/statistics/471264/iot-number-of-connecteddevices-worldwide/, 2016, accessed : 2019-06-30

M. Hung, “Leading the iot : Gartner insights on how to lead in a connected world,” GARTNER, pp. 1–29, 2017.

D. Evans, “The internet of things: How the next evolution of the internet is changing everything,” CISCO white paper, vol. 1, pp. 1– 11, 2011

A. F. A. Rahman, M. Daud, and M. Z. Mohamad, “Securing sensor to cloud ecosystem using internet of things (iot) security framework,” in Proceedings of the International Conference on Internet of Things and Cloud Computing, ser. ICC ’16. New York, NY, USA: ACM, 2016, pp. 79:1–79:5.

F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, “Internet of things security: A survey,” Journal of Network and Computer Applications, vol. 88, pp. 10 – 28, 2017

S. Li and L. D. Xu, Securing the Internet of Things, 1st ed. Massachusetts, USA: Syngress Publishing, 2017.

C. Bormann, M. Ersue, and A. Keränen, “Terminology for Constrained-Node Networks,” FC 7228, Tech. Rep. 7228, May 2014. [Online]. Available: https://rfc-editor.org/rfc/rfc7228.txt

S. Andy, B. Rahardjo, and B. Hanindhito, “Attack scenarios and security analysis of mqtt communication protocol in iot system,” in Electrical Engineering, Computer Science and Informatics (EECSI), 2017 4th International Conference on. IEEE, 2017, pp. 1–6.

S. N. Firdous, Z. Baig, C. Valli, and A. Ibrahim, “Modelling and evaluation of malicious attacks against the iot mqtt protocol,” in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), June 2017, pp. 748–755.

P. Waher, Learning Internet of Things, ser. Community experience distilled. Birmingham B3 2PB, UK: Packt Publishing Ltd., 2015.

S. Nolan, Authenticated Payload Encryption Scheme for Internet of Things Systems over the MQTT Protocol. Dublin, Ireland: Trinity Collage Dublin, The University of Dublin, 2018.

G. Reiter. (2015) Securing all devices in the internet of things. https://www.ecnmag.com/article/2015/06/securing-all-devicesinternet-things. Accessed :2019-06-30.

P. Miranda, M. Siekkinen, and H. Waris, “Tls and energy consumption on a mobile device: A measurement study,” in 2011 IEEE Symposium on Computers and Communications (ISCC), June 2011, pp. 983–989.

J. H. C. , Tae Ho Cho, “Adaptive energy-efficient ssl/tls method using fuzzy logic for the mqtt-based internet of things,” International Journal of Engineering and Computer Science, vol. 5, no. 12, Nov. 2016. [Online]. Available: http://www.ijecs.in/index.php/ijecs/article/view/3229

D. Ding, Z. Wang, G. Wei, and F. E. Alsaadi, “Event-based security control for discrete-time stochastic systems,” IET Control Theory Applications, vol. 10, no. 15, pp. 1808–1815, 2016.

A. Banks and R. Gupta, MQTT Version 3.1.1, OASIS Standard, 2014.

B. Russell and D. Van Duren, Practical Internet of Things Security. Livery place 35, Birmingham b3 2pb, UK: Packt Publishing, 2016.

F. Y. Sir Ronald A. Fisher, Statistical tables for biological, agricultural and medical research, edited by R.A. Fisher and F. Yates. 6th ed. Edinburgh, Scotland: Oliver and Boyd, 1963, no. Ed. 6.

T. K. Hazra, R. Ghosh, S. Kumar, S. Dutta, and A. K. Chakraborty, “File encryption using fisher-yates shuffle,” in 2015 International Conference and Workshop on Computing and Communication (IEMCON), Oct 2015, pp. 1–7.

W. Stallings, Cryptography and Network Security: Principles and Practice, 6th ed. Upper Saddle River, NJ, USA: Prentice Hall Press, 2014.