With the rapid development of the Internet of Things (IoT), the number of IoT devices has grown exponentially, which is accompanied by the increasing attention to IoT security. Generally, IoT devices adopt software attestation to verify the integrity of the software environment, so that system integrity tampering caused by the execution of malicious software can be detected timely. However, the existing software attestation suffers from poor performance in the synchronous attestation of massive IoT devices and the difficulty in extending the general IoT communication protocol. To address these problems, this study proposes a lightweight asynchronous integrity monitoring scheme. The scheme extends the security authentication message of software attestation on the general message queuing telemetry transport (MQTT) protocol and asynchronously pushes the integrity information of devices. It improves not only the security of IoT systems but also the efficiency of integrity attestation and verification. The following three security functions are realized: device integrity measurement in a kernel module; lightweight authentication extension of device identity and integrity based on MQTT; asynchronous integrity monitoring based on MQTT extension protocol. This scheme can resist common software attestation attacks and MQTT protocol attacks and has the characteristics of lightweight asynchronous software attestation and general MQTT security extension. The experimental results of the prototype system of IoT authentication based on MQTT show the high performance of the integrity measurement of IoT nodes, MQTT protocol connection authentication and PUBLISH message authentication, which can meet the application requirements of integrity monitoring of massive IoT devices.