Abstract
The MQTT (Message Queuing Telemetry Transport) protocol is becoming the main protocol for the Internet of Things (IoT). In this paper, we define a highly expressive ABAC (Attribute-Based Access Control) security model for the MQTT protocol. Our model allows us to regulate not only publications and subscriptions but also distribution of messages to subscribers. We can express various types of contextual security rules, (temporal security rules, content-based security rules, rules based on the frequency of events etc.).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Gabillon, A., Bruno, E.: Regulating IoT messages. Presented at the 14th International Conference on Information Security Practice and Experience (ISPEC 2018) - Short Paper, Tokyo (2018)
ISO/IEC 20922:2016 - Information Technology – Message Queuing Telemetry Transport (MQTT) v3.1.1. https://www.iso.org/standard/69466.html. Accessed 12 Jan 2018
Banks, A., Gupta, R.: MQTT Version 3.1.1. OASIS Stand., vol. 29 (2014)
Neisse, R., Steri, G., Fovino, I.N., Baldini, G.: SecKit: a model-based security toolkit for the internet of things. Comput. Secur. 54, 60–76 (2015)
Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source AUthenticated publish/subscribe system for the internet of things. Inf. Syst. 62, 29–41 (2016)
Sciancalepore, S., et al.: Attribute-based access control scheme in federated IoT platforms. In: Podnar Žarko, I., Broering, A., Soursos, S., Serrano, M. (eds.) InterOSS-IoT 2016. LNCS, vol. 10218, pp. 123–138. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56877-5_8
Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Security towards the edge: sticky policy enforcement for networked smart objects. Inf. Syst. 71, 78–89 (2017)
Phung, P.H., Truong, H.-L., Yasoju, D.T.: P4SINC-an execution policy framework for IoT services in the edge. In: 2017 IEEE International Congress on Internet of Things (ICIOT), pp. 137–142 (2017)
Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Dynamic policies in internet of things: enforcement and synchronization. IEEE Internet Things J. 4(6), 2228–2238 (2017)
Wang, C., Carzaniga, A., Evans, D., Wolf, A.L.: Security issues and requirements for internet-scale publish-subscribe systems. In: 2002 Proceedings of the 35th Annual Hawaii International Conference on System Sciences, HICSS, pp. 3940–3947 (2002)
Choi, S., Ghinita, G., Bertino, E.: A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations. In: Bringas, P.G., Hameurlain, A., Quirchmayr, G. (eds.) DEXA 2010. LNCS, vol. 6261, pp. 368–384. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15364-8_32
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 Proceedings of IEEE International Conference on Web Services, ICWS 2005 (2005)
Moses, T., et al.: Extensible access control markup language (xacml) version 2.0. Oasis Stand., vol. 200502 (2005)
Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)
Wielemaker, J., Ss, S., Ii, I.: SWI-Prolog 2.7-Reference Manual (1996)
Date, C.J., Darwen, H.: A Guide to the SQL Standard, vol. 3. Addison-Wesley, New York (1987)
Horrocks, I., et al.: SWRL: a semantic web rule language combining OWL and RuleML. W3C Memb. Submiss. 21, 79 (2004)
WOW Group, et al.: OWL 2 Web Ontology Language Document Overview (2009)
Giaffreda, R.: iCore: a cognitive management framework for the internet of things. In: Galis, A., Gavras, A. (eds.) FIA 2013. LNCS, vol. 7858, pp. 350–352. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38082-2_31
Light, R.: Mosquitto-an open source mqtt v3. 1 broker. URL Httpmosquitto Org (2013)
Han, W., Lei, C.: A survey on policy languages in network and security management. Comput. Netw. 56(1), 477–489 (2012)
Birgisson, A., Politz, J.G., Erlingsson, U., Taly, A., Vrable, M., Lentczner, M.: Macaroons: cookies with contextual caveats for decentralized authorization in the cloud. In: NDSS (2014)
Jones, M., Bradley, J., Sakimura, N.: JSON web token (JWT) (2015)
Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J., Moody, K.: Role-based access control for publish/subscribe middleware architectures. In: Proceedings of the 2nd international workshop on Distributed event-based systems, pp. 1–8 (2003)
Singh, J., Vargas, L., Bacon, J., Moody, K.: Policy-based information sharing in publish/subscribe middleware. In: 2008 IEEE Workshop on Policies for Distributed Systems and Networks, pp. 137–144 (2008)
Hermes. http://hermes-pubsub.readthedocs.io/en/latest/. Accessed 05 Nov 2017
Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., Bianchi, G.: OAuth-IoT: an access control framework for the Internet of Things based on open standards. In: 2017 IEEE Symposium on Computers and Communications (ISCC), pp. 676–681 (2017)
Hardt, D.: The OAuth 2.0 authorization framework (2012)
Shelby, Z.: Constrained RESTful environments (CoRE) link format. Internet Engineering Task Force IETF, vol. RFC6690 (2012)
Hu, Y.C., Patel, M., Sabella, D., Sprecher, N., Young, V.: Mobile edge computing—a key technology towards 5G. ETSI White Pap. 11(11), 1–16 (2015)
Pearson, S., Casassa-Mont, M.: Sticky policies: an approach for managing privacy across multiple parties. Computer 44(9), 60–68 (2011)
Abadi, M., Feigenbaum, J., Kilian, J.: On hiding information from an oracle. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 195–203 (1987)
Feigenbaum, J.: Encrypting problem instances. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 477–488. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_38
Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, New York, NY, USA, pp. 139–152 (2009)
Zhao, Y., Sturman, D.C.: Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In: 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), p. 60 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Gabillon, A., Bruno, E. (2018). A Security Model for IoT Networks. In: Dang, T., Küng, J., Wagner, R., Thoai, N., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2018. Lecture Notes in Computer Science(), vol 11251. Springer, Cham. https://doi.org/10.1007/978-3-030-03192-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-03192-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03191-6
Online ISBN: 978-3-030-03192-3
eBook Packages: Computer ScienceComputer Science (R0)