Aiming at the lack of built-in security mechanism in Message Queue Telemetry Transport (MQTT) protocol to protect communication information between the Internet of Things (IoT) devices, as well as the problem that the credibility of MQTT broker is questioned in the new concept of zero trust security, a new solution based on proxy re-encryption for implementing secure end-to-end data transmission between publisher and subscriber in MQTT communication was proposed. Firstly, the Advanced Encryption Standard (AES) was used to symmetrically encrypt the transmitted data for ensuring the confidentiality of the data during the transmission process. Secondly, the proxy re-encryption algorithm that defines the MQTT broker as a semi-honest participant was adopted to encrypt the session key used by the AES symmetric encryption, so as to eliminate the implicit trust of the MQTT broker. Thirdly, the computation of re-encryption key generation was transferred from clients to a trusted third party for the applicability of the proposed scheme in resource-constrained IoT devices. Finally, Schnorr signature algorithm was employed to digitally sign the messages for the authenticity, integrity and non-repudiation of the data source. Compared with the existing MQTT security schemes, the proposed scheme acquires the end-to-end security features of MQTT communication at the expense of the computation and communication overhead equivalent to that of the lightweight security scheme without end-to-end security.