Evaluating AES Payload Encryption for Securing MQTT-based Smart Home Networks with Machine Learning-based Intrusion Detection
DOI:
https://doi.org/10.26636/jtit.2026.2.2545Keywords:
AES, encryption, feature selection, machine learning, MQTTAbstract
The message queuing telemetry transport (MQTT) protocol is widely adopted in smart home IoT ecosystems despite its default configuration failing to offer adequate protection against eavesdropping or payload manipulation. This study addresses an important research gap and attempts to determine whether AES-128 payload encryption is capable of securing MQTT transmissions without degrading the effectiveness of machine learning-based intrusion detection systems (IDS). Three security configurations, namely TLS, payload encryption, and token-based authentication, deployed on the ESP32 microcontroller family, are compared and their impact on message latency is measured. Experimental results show that the AES-128 encryption overhead remains at below 25% of the message publication time on ESP32-S3. To evaluate the robustness of IDS under encryption, we apply a reproducible modification to the MQTTset benchmark dataset that replaces variable-length plaintext payloads with fixed-length ciphertext representations while simultaneously preserving feature semantics and labeling consistency. 5 out of 6 evaluated classifiers maintained their accuracy level at above 99% on the modified dataset, with tree-based and neural models showing no meaningful degradation. Only Naive Bayes proved unsuitable, with its accuracy dropping from 98.79% to 62.15% due to its independence assumptions being violated by cryptographic uniformity. These results confirm that AES-based MQTT payload encryption is a practical and efficient security measure for resource-constrained IoT environments, provided that appropriate classifiers are employed.
Downloads
References
[1] EMQX Team, "MQTT with TLS: Fortifying MQTT Communication Security", 2023 (https://www.emqx.com/en/blog/fortifying-mqtt-communication-security-with-ssl-tls).
View in Google Scholar
[2] N.T. Dhokane et al., "S-MQTT: A Secure MQTT Protocol with Merkle Tree Authentication and AES Encryption for IoT Communication Systems", Ingénierie des Systèmes d’Information, vol. 30, pp. 1963-1973, 2025.
View in Google Scholar
[3] I. Vaccari et al., "MQTTset, a New Dataset for Machine Learning Techniques on MQTT", Sensors, vol. 20, art. no. 6578, 2020.
View in Google Scholar
[4] L. Ayavaca-Vallejo and D. Avila-Pesantez, "Smart Home IoT Cybersecurity Survey: A Systematic Mapping", 2023 Conference on Information Communications Technology and Society (ICTAS), Durban, South Africa, 2023.
View in Google Scholar
[5] S. Lakshminarayana, A. Praseed, and P.S. Thilagam, "Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects", IEEE Communications Surveys and Tutorials, vol. 26, pp. 2510-2546, 2024.
View in Google Scholar
[6] R.A. Mahajan et al., "Enhancing MQTT Security in the Internet of Things with an Enhanced Symmetric Algorithm", Journal of Electrical Systems, vol. 20, pp. 126-137, 2024.
View in Google Scholar
[7] A. Al-Ani et al., "Evaluating Security of MQTT Protocol in Internet of Things", 2023 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), Regina, Canada, 2023.
View in Google Scholar
[8] H.Y. Chien, A.T. Shih, and Y.M. Huang, "Exploring MQTT Broker-based, End-to-end Models for Security and Efficiency", Sensors, vol. 25, art. no. 5308, 2025.
View in Google Scholar
[9] I. Sahmi, A. Abdellaoui, T. Mazri, and N. Hmina, "MQTT-PRESENT: Approach to Secure Internet of Things Applications Using MQTT Protocol", International Journal of Electrical and Computer Engineering, vol. 11, pp. 4577-4586, 2021.
View in Google Scholar
[10] M. Michaelides, C. Sengul, and P. Patras, "An Experimental Evaluation of MQTT Authentication and Authorization in IoT", Proc. of the 15th ACM Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH ’21), pp. 69-76, 2021.
View in Google Scholar
[11] C. Sengul and A. Kirby, "RFC 9431. Message Queuing Telemetry Transport (MQTT). and Transport Layer Security (TLS). Profile of Authentication and Authorization for Constrained Environments (ACE) Framework", 2023.
View in Google Scholar
[12] J. Asharf et al., "A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things Challenges, Solutions and Future Directions", Electronics, vol. 9, art. no. 1177, 2020.
View in Google Scholar
[13] A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, „Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges", Cybersecurity, vol. 2, art. no. 20, 2019.
View in Google Scholar
[14] E. Jove et al., „Intelligent One-class Classifiers for the Development of an Intrusion Detection System: The MQTT Case Study", Electronics, vol. 11, art. no. 422, 2022.
View in Google Scholar
[15] M.A. Khan et al., "A Deep Learning-based Intrusion Detection System for MQTT Enabled IoT", Sensors, vol. 21, art. no. 7016, 2021.
View in Google Scholar
[16] A. Aqachtoul et al., "MQTTEEB-D: A Real-world IoT Cybersecurity Dataset for AI-powered Threat Detection in MQTT Networks", Data in Brief, vol. 62, art. no. 111897, 2025.
View in Google Scholar
[17] J. Aveleira-Mata et al., "MQTT_UAD: MQTT under Attack Dataset. A Public Dataset for the Detection of Attacks in IoT Networks Using MQTT Protocol", Data in Brief, vol. 63, art. no. 112167, 2025.
View in Google Scholar
[18] E.C.P. Neto et al., "CICIoT2023: A Real-time Dataset and Benchmark for Large-scale Attacks in IoT Environment", Sensors, vol. 23, art. no. 5941, 2023.
View in Google Scholar
[19] M. Sychra, "AESLib - Arduino and ESP AES library", Arduino Docs, 2023 (https://docs.arduino.cc/libraries/aeslib/).
View in Google Scholar
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Mariusz Gajewski, Wojciech Sałabun
This work is licensed under a Creative Commons Attribution 4.0 International License.
