International Journal of Information Technology and Computer Science (IJITCS)
IJITCS Vol. 18, No. 2, 8 Apr. 2026
Cover page and Table of Contents: PDF (size: 1063KB)
Mobile OTP Authentication Protocol Design and Implementation for Local Federated Clients to Federated Central Server via MQTT
PDF (1063KB), PP.202-221
Views: 0 Downloads: 0
Author(s)
Index Terms
Mobile OTP Authentication, One-Time Password (OTP), Federated Learning, Central Server, MQTT Protocol, Secure Communication
Abstract
Strong and effective authentication methods are more important than ever in the ever-changing field of cybersecurity. In this work, a Mobile One-Time Password (OTP) Authentication Protocol designed for local federated clients utilizing the Message Queuing Telemetry Transport (MQTT) protocol to communicate with a federated central server is designed and implemented. This protocol strengthens the security foundation of federated systems by ensuring the safe and dependable delivery of OTPs while utilizing the lightweight and effective characteristics of MQTT. The suggested protocol tackles the scalability, security, and latency issues that come with federated setups. We show how the protocol can effectively mitigate possible security threats, like replay attacks and illegal access, while maintaining user convenience through a thorough analysis and implementation. Our protocol strikes a balance between security and performance, according to experimental results, which makes it a workable answer for modern federated authentication requirements.
Cite This Paper
Narendra Babu Pamula, Ajoy Kumar Khan, Arnidam Sarkar, "Mobile OTP Authentication Protocol Design and Implementation for Local Federated Clients to Federated Central Server via MQTT", International Journal of Information Technology and Computer Science(IJITCS), Vol.18, No.2, pp.202-221, 2026. DOI:10.5815/ijitcs.2026.02.12
Reference
[1]Rafiq F, Awan MJ, Yasin A, Nobanee H, Zain AM, Bahaj SA. “Privacy prevention of big data applications: A systematic literature review”, Sage Open. Vol. 12, No. 2, 2022. https://doi.org/10.1177/21582440221096445
[2]Kubovy, J., Huber, C., Jäger, M., Küng, J. “A Secure Token-Based Communication for Authentication and Authorization Servers”, Future Data and Security Engineering. FDSE 2016. Lecture Notes in Computer Science (), vol 10018. Springer, Cham. https://doi.org/10.1007/978-3-319-48057-2_17
[3]Hassan Kurdi and Vijey Thayananthan. 2021. “Authentication mechanisms for IoT system based on distributed MQTT brokers: review and challenges”, Procedia Comput. Sci. 194, 132–139. https://doi.org/10.1016/j.procs.2021.10.066
[4]Buccafurri, F., De Angelis, V., & Nardone, R. “Securing MQTT by Blockchain-Based OTP Authentication”, Sensors, 20(7), 2002. https://doi.org/10.3390/s20072002
[5]Motamedi, B., & Villányi, B. “A Reliable Publish–Subscribe Mechanism for Internet of Things-Enabled Smart Greenhouses”, Applied Sciences, 14(15), 6407. https://doi.org/10.3390/app14156407
[6]Zhang, Junpeng, Zhu, Hui, Wang, Fengwei, Zhao, Jiaqi, Xu, Qi, Li, Hui, “Security and Privacy Threats to Federated Learning: Issues, Methods, and Challenges”, Security and Communication Networks, 2022, 2886795, 24 pages, 2022. https://doi.org/10.1155/2022/2886795
[7]Abad, Manzoor, H. U., Shabbir, A., Chen, A., Flynn, D., & Zoha, A. “A Survey of Security Strategies in Federated Learning: Defending Models, Data, and Privacy”, Future Internet, 16(10), 374. https://doi.org/10.3390/fi16100374
[8]Gosselin, R., Vieu, L., Loukil, F., & Benoit, A. “Privacy and Security in Federated Learning: A Survey” Applied Sciences, 12(19), 9901. https://doi.org/10.3390/app12199901
[9]McMahan, McMahan B, Moore E, Ramage D, Hampson S, Aguera y Arcas B. “Communication-efficient learning of deep networks from decentralized data”, In: Proc 20th Int Conf Artif Intell Stat (AISTATS 2017). Proc Mach Learn Res. 2017; 54:1273–1282.https://doi.org/10.48550/arXiv.1602.05629
[10]Martin Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. “Deep Learning with Differential Privacy”, In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). Association for Computing Machinery, New York, NY, USA, 308–318. https://doi.org/10.1145/2976749.2978318
[11]Kandati, D. R., & Anusha, S. “Security and privacy in federated learning: A survey”, Trends in Computer Science and Information Technology, 8(2), 029–037. https://doi.org/10.17352/tcsit.000066
[12]Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, “Security of federated learning with IoT systems: Issues, limitations, challenges, and solutions”, Internet of Things and Cyber-Physical Systems, Volume 3,2023,Pages 155-179,ISSN 2667-3452, https://doi.org/10.1016/j.iotcps.2023.04.001
[13]Michalek, J., Oujezsky, V., Holik, M., & Skorpil, V. “A Proposal for a Federated Learning Protocol for Mobile and Management Systems”, Applied Sciences, 14(1), 101. https://doi.org/10.3390/app14010101
[14]Sirohi, D., Kumar, N., Rana, P.S. et al. “Federated learning for 6G-enabled secure communication systems: a comprehensive survey”, Artif Intell Rev 56, 11297–11389. https://doi.org/10.1007/s10462-023-10417-3
[15]Shi, R.; Wei, L.; Zhang, L. More “Efficient and Verifiable Privacy-Preserving Aggregation Scheme for Internet of Things-Based Federated Learning”. Appl. Sci. 14, 5361. https://doi.org/10.3390/app14135361
[16]K. Kaur, S. Garg, G. Kaddoum, F. Gagnon and S. H. Ahmed, "Blockchain-Based Lightweight Authentication Mechanism for Vehicular Fog Infrastructure", IEEE International Conference on Communications Workshops (ICC Workshops), Shanghai, China, 2019, pp. 1-6, https://ieeexplore.ieee.org/document/8757184
[17]Imteaj, Ahmed & Amini, M. Hadi. “FedPARL: Client Activity and Resource-Oriented Lightweight Federated Learning Model for Resource-Constrained Heterogeneous IoT Environment”, Frontiers in Communications and Networks. 2. 10.3389/frcmn.2021.657653. DOI:10.3389/frcmn.2021.657653
[18]Yazdinejad, A., Parizi, R. M., Dehghantanha, A., & Karimipour, H. (2021). “Federated learning for drone authentication”, Ad Hoc Networks, 120, Article 102574. https://doi.org/10.1016/j.adhoc.2021.102574
[19]Mishra, B., & Kertész, A. “The use of MQTT in M2M and IoT systems: A survey”, IEEE Access, 8, 201071–201086. https://doi.org/10.1109/ACCESS.2020.3035849
[20]Yang, Q., Liu, Y., Chen, T., & Tong, Y. “Advances and open problems in federated learning”, Foundations and Trends® in Machine Learning, 14(1–2), 1–210. https://doi.org/10.1561/2200000083
[21]Bonawitz, K., Eichner, H., Grieskamp, W., Huba, D., Ingerman, A., Ivanov, V., Kiddon, C., Konečný, J., Mazzocchi, S., McMahan, H. B., Van Overveldt, T., Petrou, D., Ramage, D., & Roselander, J. “Towards federated learning at scale: System design”, In Proceedings of the 2nd SysML Conference https://arxiv.org/abs/1902.01046
[22]JunYoung Son, Sangkyun Noh, JongGyun Choi, Hyunsoo Yoon, “A practical challenge-response authentication mechanism for a Programmable Logic Controller control system with one-time password in nuclear power plants”, Nuclear Engineering and Technology, Volume 51, Issue 7,2019, Pages 1791-1798, ISSN 1738-5733,https://doi.org/10.1016/j.net.2019.05.012.
[23]Ralph C. Merkle. 1978. “Secure communications over insecure channels”, Commun. ACM 21,4,294–299. https://doi.org/10.1145/359460.359473
[24]Huang, Yun & Huang, Zheng & Zhao, Haoran & Lai, Xuejia. “A new One-time Password Method”, IERI Procedia. 4. 32-37. 10.1016/j.ieri.2013.11.006. DOI:10.1016/j.ieri.2013.11.006
[25]Anee Sharma, Ningrinla Marchang, “A review on client-server attacks and defenses in federated learning”, Computers & Security, Volume 140,103801, ISSN 0167-4048 https://doi.org/10.1016/j.cose.2024.103801
[26]Alberto Blanco-Justicia, Josep Domingo-Ferrer, Sergio Martínez, David Sánchez, Adrian Flanagan, Kuan Eeik Tan, “Achieving security and privacy in federated learning systems: Survey”, research challenges and future directions, Engineering Applications of Artificial Intelligence, Volume 106,2021,104468, ISSN 0952-1976, https://doi.org/10.1016/j.engappai.2021.104468
[27]H. Wu, Z. Zhao, L. Y. Chen and A. Van Moorsel, "Federated Learning for Tabular Data: Exploring Potential Risk to Privacy", IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE), Charlotte, NC, USA, 2022, pp. 193-204, doi: 10.1109/ISSRE55969.2022.00028
[28]Suzan Almutairi, Ahmed Barnawi, “Federated learning vulnerabilities, threats and defenses: A systematic review and future directions”, Internet of Things, Volume 24,2023,100947, ISSN 2542-6605, https://doi.org/10.1016/j.iot.2023.100947
[29]Liu, P., Xu, X. & Wang, W. “Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives”, Cybersecurity 5, 4 https://doi.org/10.1186/s42400-021-00105-6
[30]Oualid, A., & Maleh, Y.” Federated learning techniques applied to credit risk management: A systematic literature review”, Applied Artificial Intelligence, 37(1), Article e2241647. https://doi.org/10.1080/07366981.2023.2241647