Balancing Security and Performance in MQTT-Based IoT Systems: A Review of Adaptive Flow Control, Backpressure, and Wildcard-Intensive Access Control Mechanisms

The rapid proliferation of the Internet of Things (IoT) has positioned the Message Queuing Telemetry Transport (MQTT) protocol as a fundamental communication standard for large-scale, resource-constrained systems. Despite its lightweight design and scalability advantages, modern MQTT deployments operate under increasingly complex conditions characterized by intensive security enforcement, dynamic traffic patterns, and widespread use of wildcard subscriptions. These factors introduce tightly coupled challenges related to system performance, congestion, and security, which are often addressed independently in existing literature.
This review provides a comprehensive and critical analysis of MQTT-based IoT sys-tems, focusing on the interaction between adaptive flow control, backpressure phe-nomena, security mechanisms, and wildcard-intensive access control strategies. The study synthesizes recent research on authentication, authorization, and encryption techniques, highlighting their impact on computational overhead, latency, and broker load. In parallel, it examines backpressure formation as a system-level phenomenon arising from the imbalance between message arrivals and processing rates, and evalu-ates existing flow-control mechanisms, including TCP-based approaches, broker-level controls, and MQTT v5 features such as Receive Maximum.
Furthermore, the review investigates the role of wildcard subscriptions in scalable topic management, demonstrating their dual effect as both enablers of efficient data aggregation and amplifiers of routing complexity, traffic load, and security risks. The analysis reveals that wildcard usage significantly increases message fan-out and au-thorization overhead, thereby accelerating congestion and expanding the attack surface in poorly configured systems.
A key contribution of this work is the identification of a fundamental gap in the litera-ture: the absence of integrated, cross-layer frameworks that jointly consider security, flow control, and wildcard behavior under realistic IoT workloads. Current approaches remain fragmented, leading to inefficiencies, reduced reliability, and potential vulner-abilities in large-scale deployments.
Based on this synthesis, the paper outlines a forward-looking research roadmap that emphasizes security-aware adaptive flow control, wildcard-aware traffic optimization, cross-layer system design, and intelligent (AI-driven) management strategies. These directions are essential for enabling next-generation MQTT systems that are secure, scalable, and resilient in dynamic and adversarial environments.