To begin, you can configure the MQTT broker (server) UNDER YOUR CONTROL to require user and password authentication.
For a free public broker you may use payload signing/encrypting as described
Full-blown PKI/RSA cryptography may be a slight overkill for the intended purpose, but some secret (a key) shared between any two parties can be easily used.
I'm not aware of any ready-made 
component to do encryption. but even simple XOR may be suitable.
There are some extra info.