Five Minutes Overview of IoT Messaging Protocol for CISOs

Although traditional methods of communications like RESTful APIs can be used for IOT communications, MQTT and CoAP are the two major IoT protocols for exchanging messages in IoT networks. This is a quick overview of both of these protocols.


  • Message Queuing Telemetry Transport (MQTT) is a TCP based protocol.
  • The protocol provides a publish/subscribe model. MQTT clients (devices or applications) can publish data to a broker. Any device or applications can subscribe to data published by devices using Topic and wildcards.
  • The publish/subscribe model enables many-to-many communication through a centralized broker.
  • MQTT messages consist of Subject/Topic, Message Content, and QoS level (0,1, or 2). QoS level shows the level of guarantee for message.
  • Since communication happens through a broker, the publishers and subscribers don’t need to know each other.
  • MQTT does not use encryption, so for security TLS can be used.


  • Constrained Application Protocol (CoAP) is an IETF protocols based upon UDP.
  • CoAP uses request/report model and useful for low power networks.
  • Repetitive messages are sent for reliability (e.g. a temperature sensor sending current temperature every second, such that even if a recipient misses one message, it can get the next one).
  • CoAP can be used over DTLS to provide security.
  • CoAP uses URIs for network nodes and sending/receiving messages.
  • The “observe” mode enables CoAP nodes to observe other nodes without active communication with them.
  • CoAP uses “reliability” for confirmable and non-confirmable message.


For detail, use the following references:


About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in InfoSec, IoT and tagged , , , . Bookmark the permalink.

Comments are closed.