Skip to main content
SpringerLink
Log in

A Security Model for IoT Networks

  • Conference paper
  • First Online:
Book cover Future Data and Security Engineering (FDSE 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11251))

Included in the following conference series:

Abstract

The MQTT (Message Queuing Telemetry Transport) protocol is becoming the main protocol for the Internet of Things (IoT). In this paper, we define a highly expressive ABAC (Attribute-Based Access Control) security model for the MQTT protocol. Our model allows us to regulate not only publications and subscriptions but also distribution of messages to subscribers. We can express various types of contextual security rules, (temporal security rules, content-based security rules, rules based on the frequency of events etc.).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://emqtt.io/.

References

  1. Gabillon, A., Bruno, E.: Regulating IoT messages. Presented at the 14th International Conference on Information Security Practice and Experience (ISPEC 2018) - Short Paper, Tokyo (2018)

    Google Scholar 

  2. ISO/IEC 20922:2016 - Information Technology – Message Queuing Telemetry Transport (MQTT) v3.1.1. https://www.iso.org/standard/69466.html. Accessed 12 Jan 2018

  3. Banks, A., Gupta, R.: MQTT Version 3.1.1. OASIS Stand., vol. 29 (2014)

    Google Scholar 

  4. Neisse, R., Steri, G., Fovino, I.N., Baldini, G.: SecKit: a model-based security toolkit for the internet of things. Comput. Secur. 54, 60–76 (2015)

    Article  Google Scholar 

  5. Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source AUthenticated publish/subscribe system for the internet of things. Inf. Syst. 62, 29–41 (2016)

    Article  Google Scholar 

  6. Sciancalepore, S., et al.: Attribute-based access control scheme in federated IoT platforms. In: Podnar Žarko, I., Broering, A., Soursos, S., Serrano, M. (eds.) InterOSS-IoT 2016. LNCS, vol. 10218, pp. 123–138. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56877-5_8

    Chapter  Google Scholar 

  7. Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Security towards the edge: sticky policy enforcement for networked smart objects. Inf. Syst. 71, 78–89 (2017)

    Article  Google Scholar 

  8. Phung, P.H., Truong, H.-L., Yasoju, D.T.: P4SINC-an execution policy framework for IoT services in the edge. In: 2017 IEEE International Congress on Internet of Things (ICIOT), pp. 137–142 (2017)

    Google Scholar 

  9. Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Dynamic policies in internet of things: enforcement and synchronization. IEEE Internet Things J. 4(6), 2228–2238 (2017)

    Google Scholar 

  10. Wang, C., Carzaniga, A., Evans, D., Wolf, A.L.: Security issues and requirements for internet-scale publish-subscribe systems. In: 2002 Proceedings of the 35th Annual Hawaii International Conference on System Sciences, HICSS, pp. 3940–3947 (2002)

    Google Scholar 

  11. Choi, S., Ghinita, G., Bertino, E.: A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations. In: Bringas, P.G., Hameurlain, A., Quirchmayr, G. (eds.) DEXA 2010. LNCS, vol. 6261, pp. 368–384. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15364-8_32

    Chapter  Google Scholar 

  12. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 Proceedings of IEEE International Conference on Web Services, ICWS 2005 (2005)

    Google Scholar 

  13. Moses, T., et al.: Extensible access control markup language (xacml) version 2.0. Oasis Stand., vol. 200502 (2005)

    Google Scholar 

  14. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)

    Article  Google Scholar 

  15. Wielemaker, J., Ss, S., Ii, I.: SWI-Prolog 2.7-Reference Manual (1996)

    Google Scholar 

  16. Date, C.J., Darwen, H.: A Guide to the SQL Standard, vol. 3. Addison-Wesley, New York (1987)

    Google Scholar 

  17. Horrocks, I., et al.: SWRL: a semantic web rule language combining OWL and RuleML. W3C Memb. Submiss. 21, 79 (2004)

    MathSciNet  Google Scholar 

  18. WOW Group, et al.: OWL 2 Web Ontology Language Document Overview (2009)

    Google Scholar 

  19. Giaffreda, R.: iCore: a cognitive management framework for the internet of things. In: Galis, A., Gavras, A. (eds.) FIA 2013. LNCS, vol. 7858, pp. 350–352. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38082-2_31

    Chapter  Google Scholar 

  20. Light, R.: Mosquitto-an open source mqtt v3. 1 broker. URL Httpmosquitto Org (2013)

    Google Scholar 

  21. Han, W., Lei, C.: A survey on policy languages in network and security management. Comput. Netw. 56(1), 477–489 (2012)

    Article  Google Scholar 

  22. Birgisson, A., Politz, J.G., Erlingsson, U., Taly, A., Vrable, M., Lentczner, M.: Macaroons: cookies with contextual caveats for decentralized authorization in the cloud. In: NDSS (2014)

    Google Scholar 

  23. Jones, M., Bradley, J., Sakimura, N.: JSON web token (JWT) (2015)

    Google Scholar 

  24. Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J., Moody, K.: Role-based access control for publish/subscribe middleware architectures. In: Proceedings of the 2nd international workshop on Distributed event-based systems, pp. 1–8 (2003)

    Google Scholar 

  25. Singh, J., Vargas, L., Bacon, J., Moody, K.: Policy-based information sharing in publish/subscribe middleware. In: 2008 IEEE Workshop on Policies for Distributed Systems and Networks, pp. 137–144 (2008)

    Google Scholar 

  26. Hermes. http://hermes-pubsub.readthedocs.io/en/latest/. Accessed 05 Nov 2017

  27. Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., Bianchi, G.: OAuth-IoT: an access control framework for the Internet of Things based on open standards. In: 2017 IEEE Symposium on Computers and Communications (ISCC), pp. 676–681 (2017)

    Google Scholar 

  28. Hardt, D.: The OAuth 2.0 authorization framework (2012)

    Google Scholar 

  29. Shelby, Z.: Constrained RESTful environments (CoRE) link format. Internet Engineering Task Force IETF, vol. RFC6690 (2012)

    Google Scholar 

  30. Hu, Y.C., Patel, M., Sabella, D., Sprecher, N., Young, V.: Mobile edge computing—a key technology towards 5G. ETSI White Pap. 11(11), 1–16 (2015)

    Google Scholar 

  31. Pearson, S., Casassa-Mont, M.: Sticky policies: an approach for managing privacy across multiple parties. Computer 44(9), 60–68 (2011)

    Article  Google Scholar 

  32. Abadi, M., Feigenbaum, J., Kilian, J.: On hiding information from an oracle. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 195–203 (1987)

    Google Scholar 

  33. Feigenbaum, J.: Encrypting problem instances. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 477–488. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_38

    Chapter  Google Scholar 

  34. Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, New York, NY, USA, pp. 139–152 (2009)

    Google Scholar 

  35. Zhao, Y., Sturman, D.C.: Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In: 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), p. 60 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université de la Polynésie Française, BP 6570, 98702, Punaauia, Faa’a, French Polynesia

    Alban Gabillon

  2. Université de Toulon, CNRS, LIS, UMR 7020, 83957, La Garde, France

    Emmanuel Bruno

Authors
  1. Alban Gabillon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel Bruno
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alban Gabillon .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Johannes Kepler University of Linz, Linz, Austria

    Roland Wagner

  4. Ho Chi Minh City University of Technology, Ho Chi Minh, Vietnam

    Nam Thoai

  5. Hosei University, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gabillon, A., Bruno, E. (2018). A Security Model for IoT Networks. In: Dang, T., Küng, J., Wagner, R., Thoai, N., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2018. Lecture Notes in Computer Science(), vol 11251. Springer, Cham. https://doi.org/10.1007/978-3-030-03192-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03192-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03191-6

  • Online ISBN: 978-3-030-03192-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation