A Lightweight, End-to-End Encrypted Data Pipeline for IIoT: An AES-GCM Implementation for ESP32, MQTT, and Raspberry Pi

Amirkhanova G. Ismailov S. Amirkhanov A. Adilzhanova S. Zhasuzakova M. Chen S.
January 2026 Multidisciplinary Digital Publishing Institute (MDPI)

Information (Switzerland)
2026 #17 Issue 1

Industrial Internet of Things (IIoT) deployments increasingly rely on low-cost microcontrollers and single-board computers to stream operational telemetry for monitoring, control, and predictive maintenance, yet the canonical “TLS-to-broker” model does not protect message content from a compromised or curious MQTT broker. This study therefore designs and implements a practical, application-layer end-to-end (E2E) encryption pipeline spanning an ESP32 data client (C++/mbedTLS), an untrusted MQTT broker, and a Raspberry Pi gateway (Python/PyCryptodome) using AES-256-GCM with Additional Authenticated Data (AAD). Sensor measurements are serialized as compact JSON, encrypted and authenticated on the ESP32, framed into a binary record, Base64-encoded for MQTT payload carriage, and verified/decrypted only at the gateway. Experiments on ESP32-WROOM-32 and Raspberry Pi 4 show an average ESP32 packet-preparation latency of 41.754 ms (JSON 1.0 ms; AES-GCM 29.5 ms; Base64 11.2 ms), robust rejection of ciphertext tampering and unauthorized devices via MAC verification and whitelist checks, and 99.72% decrypt-and-store success over a one-hour run (718/720 messages). These results indicate that commodity IIoT hardware can support practical and replicable E2E confidentiality and integrity without sacrificing operational throughput, while eliminating the MQTT broker as a de facto man-in-the-middle.

AES-GCM , end-to-end encryption , ESP32 , Industrial IoT (IIoT) , mbedtls , MQTT , PyCryptodome , security

Text of the article Перейти на текст статьи

Faculty of Information Technology and Artificial Intelligence, Al-Farabi Kazakh National University, Almaty, 050040, Kazakhstan
Faculty of Information Technologies and Artificial Intelligence, Almaty Technological University, Almaty, 050012, Kazakhstan
School of Data Science, Fudan University, Shanghai, 200437, China

Faculty of Information Technology and Artificial Intelligence
Faculty of Information Technologies and Artificial Intelligence
School of Data Science

10 лет помогаем публиковать статьи Международный издатель

Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026