A Practical Evaluation of a Secure and Energy-Efficient Smart Parking System Using the MQTT Protocol Ali Alqazzaz Oakland University Rochester Hills, MI aalqazzaz@oakland.edu Raed Alharthi Oakland University Rochester Hills, MI rsalharthi@oakland.edu Ibrahim Alrashdi Oakland University Rochester Hills, MI iralrashdi@oakland.edu Esam Aloufi Oakland University Rochester Hills, MI aloufi@oakland.edu Mohamed A. Zohdy Oakland University Rochester Hills, MI zohdyma@oakland.edu Hua Ming Oakland University Rochester Hills, MI ming@oakland.edu ABSTRACT The smart parking system is a major component of the smart city concept, especially in the age of the Internet of Things (IoT). It attempts to take the stress out of finding a free parking space in crowded places, mostly during peak times. This paper focuses on implementing a secure smart parking solution based on the publish-subscribe communica- tion model for exchanging a huge volume of data with a large number of clients while minimizing the power consumption. The Elliptic Curve Cryptography (ECC) was adopted in this paper as a promising substitution to traditional public key cryptography such as Rivest-Shamir-Adleman (RSA). The implemented system provides several functional services in- cluding parking vacancy detection, real-time information for drivers about parking availability, driver guidance, and park- ing reservation. Moreover, it provides security mechanisms for both network and application layers. Performance and power consumption experiments using a testbed show the efficiency and practicality of the implemented system, es- sentially with the IoT resource-constrained devices. Our findings demonstrate achieving energy consumption reduc- tions of up to 54% and a CPU usage decrease of up to 55% compared to the existing solutions. CCS Concepts •Networks → Application layer protocols; •Security and privacy → Mobile and wireless security; Keywords IoT; publish/subscribe; messaging protocol; security; park- ing system 1. INTRODUCTION Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full cita- tion on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- publish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. ICISDM ’19 April 6–8, 2019, Houston, TX, USA c  2019 ACM. ISBN 978-1-4503-6635-9. . . $15.00 DOI: http://dx.doi.org/10.1145/12345.67890 Finding a free parking space in crowded places during peak hours has become a serious problem for drivers, espe- cially with the rapid increase in automobile numbers. It has been shown that 30% of daily traffic jams in crowded areas is caused by car-owners looking for vacant parking spaces, and that a driver spends, on average, 7.8 minutes trying to find an available spot [10, 22]. As the situation becomes worse, so the demand for smart parking systems and services is rapidly growing. The IoT-enabling technologies are attrac- tive alternatives for providing an ideal solution for parking hassles. However, collected data in any IoT ecosystem can be easily used to extract or infer private information about users’ private lives, routines and relations, which all refer to individuals’ privacy [16]. Therefore, it is crucial that IoT systems guarantee the confidentiality and integrity of the data as well as the privacy of users [4]. Throughout the past decade, many researchers have pro- posed various solutions, which introduced sensible improve- ments in the field of parking management, but they still suffer from a lack of suitability and adaptability to IoT requirements to ensure their openness, reliability, and net- working accessibility. First, they utilize the traditional re- quest/response communication model, which is not suitable for building large-scale parking solutions and handling mas- sive volumes of data. Moreover, they rely on the hypertext transfer protocol (HTTP) as the messaging protocol, which is not the ideal choice for resource-constrained devices. In addition, all of them are characterized by several functional services, but they do not pay enough attention to the non- functional services, among which security and privacy play important roles, due to the existence of diverse cyberattacks targeting most cyberphysical systems. Previously, we designed a theoretical framework known as SecSPS [2] to secure the data in smart parking systems while being transmitted over the IoT network communica- tions. In this paper, our main contributions aim at per- forming a series of tests to determine the CPU usage and power consumption impact of using ECC-based TLS over plain MQTT communications. Second, the difference be- tween ECC and RSA certificates in a real-world scenario in terms of security, scalability, and power consumption. Fur- thermore, the results of RSA are compared to those obtained by ECC algorithms with key sizes large enough to guaran- tee an acceptable security level for the next several years. In short, our goal is to verify the efficiency and suitability