The host layers protocols include session (SES), presentation (PRES) and application (APP) level, particularly APP (application) layer in the regular Internet communication is dominated by the HTTP protocol and XML-related derivatives, e.g. SoAP. Also, FTP protocol for file transfer is ubiquitous; it exists since the beginnings of the Internet. Most of them are somehow related to the text. They're referenced as “WEB” protocols. Although these protocols are frequently used by advanced and more powerful IoT devices, this is problematic to be implemented in the constrained IoT devices world. Event simplest HTTP header occupies at least 24 + 8 + 8 + 31 bytes without any payload! There is also a problem to cross firewall boundaries when communication between subnetworks of the IoT devices is expected to occur. Some IoT designed protocols are reviewed below.

MQTT protocol ^[1] was invented especially for the constrained IoT devices and low bandwidth networks. It is located in APP layer 7 of the ISO/OSI stack, but in fact, it covers all layers 5–7. It is text-based protocol yet very compact end efficient. Protocol stack implementation requires about 10 kB of RAM/flash only.

MQTT uses TCP connection so requires open connection channel (this is in opposite to UDP connections, where communications work in a way: “send and forget”). It is considered a drawback of the original MQTT protocol, but there do exist MQTT variations for non-TCP networks, e.g. MQTT-SN. Protocol definition provides reliability and delivery ensure mechanisms.

The standard MQTT Message header is composed of just two bytes only (Table 1)! There are 16 MQTT messages types. Some messages types require variable length header.

MQTT requires for its operation a centralized MQTT broker that is located outside of firewalls and NATs, where all clients connect, send and receive messages via publish/subscribe model. The client can act as publisher and subscriber simultaneously. The image 1 presents publish-subscribe model idea.

MQTT is a text-based protocol and is data-agnostic. A message is composed of a Topic (text) and a Payload (data). The topic is a directory-like string with slash (“/”) delimiter. Thus all Topics constitute (or actually may represent) a kind of tree-like folders, similar to those on the file system. The subscriber can subscribe to specific, single Topic, or to a variety of Topics using wildcards, where:

• # stands for the entire branch,
• + stands for the single level.

Example Scenario

Publishers deliver some air quality information data in separate MQTT messages and for various rooms at the department Inf of the Universities (SUT, RTU, ITMO) to the Broker:

The subscriber 1 wills to get all sensor data for SUT university, Inf (informatics) department only, for any space:

The subscriber 2 wills to get only Temperature data virtually from any sensor and in any location in ITMO:

The subscriber 3 wills to get any information from the sensors, but only for the RTU

The payload (data) of the message is text as well, so in case one need to send binary data, it is necessary to encode it (e.g. Base64).

MQTT Broker is a server for both publishers and subscribers. The connection is initiated from the client to the Broker, so assuming it is located outside of a firewall, it breaks firewall its boundaries. The Broker provides QoS (Quality of Service), and it can retain message payload. There are three levels of MQTT Broker QoS (supplied in the message level).

• Unacknowledged service: Ensures that MQTT message is delivered at most once to each subscriber.
• Acknowledged service: Ensures delivery of the message at least once to every subscriber. The broker expects acknowledgement to be sent from the subscriber. Otherwise, it retransmits data.
• Assured service: This is two-step delivery of the message, and ensures the message is delivered exactly once to every subscriber.

For Acknowledged and Assured services it is vital to provide unique packet IDs in MQTT frame.

The DUP flag (byte 1, bit 3) represents information sent by the publisher if the message is a “first try” (0) or a retransmitted one (1). It is mostly for internal purposes, and this flag is never propagated to the subscribers.

MQTT offers some limited set of features (options):

• clean session flag for durable connections:
  • if set TRUE, Broker removes all of the client subscriptions on client disconnect;
  • otherwise Broker collects messages (QoS depending) and delivers them on client reconnecting; thus, connections remain idle;
• MQTT “will”: on connection lost, Broker will automatically “simulate” publishing of the pre-defined MQTT message (topic and payload). All clients subscribing this message (whether directly or via a wildcard) will be notified immediately. It is a great feature for failure/disaster discovery;
• message retaining: it is a feature for regular messages. Any message can be set as retaining and in such case Broker will keep the last one. Once a new client subscribes topic, it will receive a retained message immediately even if the publisher is not publishing any message at the moment. This feature is last known good value. It is good to present publishers state (e.g. publisher sends retained message meaning “I'm going offline” and then disconnects. Any client connecting will be notified immediately about the device (client) state.
  

Interestingly MQTT is a protocol used by Facebook Messenger ^[2]. It is also implemented natively in Microsoft Azure and Amazon Web Services (among many others).

MQTT security is rather weak. MQTT Broker can offer user and password verification yet it is sent plain text. However, all communication between client and Broker may be encapsulated in SSL, encrypted stream.

A short comparison of MQTT and HTTP protocols are presented in the Table 2.

CoAP protocol (RFC7252) originates from the REST (Representational State Transfer). CoAP does not use a centralised server as MQTT does, but every single device “hosts” a server on its own to provide available resources to the clients asking for service offering distributed resources. CoAP uses UDP (comparing to MQTT that uses TCP) and is stateless thus does not require memory for tracking the state. The CoAP implementation assumes every single IoT device has a unique ID, and things can have multiple various representations. It is intended to link “things” together using existing standard methods. It is rather a resource-oriented (not document-oriented like HTTP/HTML), designed for slow IoT networks with a high degree of packet loss, also support devices to be periodically offline. CoAP uses URIs :

• "coap:" "//" host[":"port] path ["?" query] to access a service/resource,
• a secure, encrypted version uses “coaps” instead of “coap”.

It supports various content types, can work with proxy and can be cached.
The protocol is designed to be compact and simple to implement. The stack implementation takes only about 10 kB of RAM and 100 kB of storage. The header is only 4 bytes.

CoAP protocol has a binary header to decrease overhead but payload depends on the content type. Initial, non-exclusive list of the payload types include:

• text/plain (charset=utf-8) (ID=0, RFC2046, RFC3676, RFC5147),
• application/link-format (ID=40, RFC6690),
• application/xml (ID=41 RFC3023),
• application/octet-stream (ID=42, RFC2045, RFC2046),
• application/json (ID=50, RFC7159).

CoAP endpoint services are identified by unique IP and port number. However, they operate on the UDP instead of TCP (like, e.g. HTML does). The transfer in CoAP is made using non-reliable UDP network so that a message can appear duplicated, disappear or it can be delivered in other order than initially sent. Because of the nature of datagram communication, messages are exchanged asynchronously between two endpoints, transporting Requests and Responses. CoAP messages can be (non-exhaustive list):

• CON (Confirmable, those requiring ACK Acknowledge),
• NON (Non-Confirmable, those that do not need ACK),
• ACK (an acknowledgement message),
• RESET (sent if CON or NON was received, but the receiver cannot understand the context, e.g. part of the communication is missing because of device restart, messages memory loss, etc.). Empty RESET messages can be used to “ping” the device.

Because of the UDP network characteristics, CoAP provides an efficient yet straightforward reliability mechanism to ensure successful delivery of messages:

• stop and wait for retransmission with exponential back-off for CON messages,
• duplicate message detection for CON and NON-messages.

Request-reponse pair is identified by a unique “Token”. Sample request-response scenarios are presented in images below. Sample CoAP message exchange scenarios between client and server are presented (two per image) in Figure 2 and Figure 3.

The scenario in the Figure 2 (left, with token 0 × 70) is executed in situation when a CoAP server device (a node) need some time to prepare data and cannot deliver information right away. The scenario in Figure 2 (right, with token 0 × 71) is used, when a CoAP server can provide information to the client immediately. The scenario in Figure 3 (left, with token 0 × 72) appears when a CoAP server cannot understand the request. The scenario in Figure 3 (right, with token 0 × 73) presents the situation where the request to the CoAP server was made with a non-confirmable request.