Abstract
The MQTT (Message Queuing Telemetry Transport) protocol has become the main protocol for managing messages on Internet of Things (IoT). In earlier papers, we defined a highly expressive ABAC (Attribute-Based Access Control) model for regulating MQTT-based IoT communications. Our model allows us to express various types of contextual security rules, (temporal security rules, content-based security rules, rules based on the frequency of events etc.). These rules regulate not only publications and subscriptions but also distribution of messages to subscribers. In this paper we present an access control enforcement system based on our model. Our system is built according to the XACML architecture standard. The Policy Enforcement Point (PEP) is written in Python and acts as a proxy between the nodes and the MQTT broker. It intercepts MQTT requests and transfer them to the Policy Decision Point (PDP). RDF and SHACL are used to represent security rules and more generally any knowledge contained in the Policy Information System (PIP). We conduct some experiments that show that our solution is viable in terms of performances.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that in the MQTT protocol the distribution of messages is implemented by means of publish messages. From a security point of view, we prefer to make a clear distinction between the privilege to publish in a given topic (this privilege can be held by any node) and the privilege to deliver messages to subscribers (this privilege can only be held by the broker).
- 2.
References
ISO/IEC 20922:2016 - Information technology – Message Queuing Telemetry Transport (MQTT) v3.1.1. https://www.iso.org/standard/69466.html. Accessed 11 Jan 2018
Banks, A., Gupta, R.: MQTT Version 3.1.1, vol. 29. OASIS Standard (2014)
Gabillon, A., Bruno, E.: Regulating IoT messages. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 468–480. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_29
Gabillon, A., Bruno, E.: A security model for IoT networks. In: Dang, T.K., Küng, J., Wagner, R., Thoai, N., Takizawa, M. (eds.) FDSE 2018. LNCS, vol. 11251, pp. 39–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03192-3_4
Moses, T., et al.: Extensible access control markup language (XACML) version 2.0. Oasis Standard, vol. 200502 (2005)
Knublauch, H., Kontokostas, D.: Shapes Constraint Language (SHACL). W3C Candidate Recommendation, vol. 11, no. 8 (2017)
SHACL API in Java based on Apache Jena. Contribute to TopQuadrant/shacl development by creating an account on GitHub. TopQuadrant, Inc. (2019)
W.O.W. Group, et al.: OWL 2 Web Ontology Language Document Overview (2009)
Horrocks, I., et al.: SWRL: a semantic web rule language combining OWL and RuleML. W3C Member Submission, vol. 21, p. 79 (2004)
Carroll, J.J., Dickinson, I., Dollin, C., Reynolds, D., Seaborne, A., Wilkinson, K.: Jena: implementing the semantic web recommendations. In: Proceedings of the 13th International World Wide Web Conference on Alternate Track Papers & Posters, pp. 74–83 (2004)
McBride, B.: The resource description framework (RDF) and its vocabulary description language RDFS. In: Staab, S., Studer, R. (eds.) Handbook on Ontologies, pp. 51–65. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24750-0_3
Status for resource description framework (RDF) model and syntax specification. https://www.w3.org/1999/.status/PR-rdf-syntax-19990105/status. Accessed 25 May 2019
SHACL advanced features. https://w3c.github.io/data-shapes/shacl-af/#rules. Accessed 23 Jun 2019
Pérez, J., Arenas, M., Gutierrez, C.: Semantics and complexity of SPARQL. ACM Trans. Database Syst. TODS 34(3), 16 (2009)
Light, R.: Mosquitto-an open source MQTT v3.1 broker (2013). http://mosquitto.org
Colombo P., Ferrari, E.: Access control enforcement within MQTT-based Internet of Things ecosystems. In: Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies, pp. 223–234 (2018)
Neisse, R., Steri, G., Fovino, I.N., Baldini, G.: SecKit: a model-based security toolkit for the Internet of Things. Comput. Secur. 54, 60–76 (2015)
Giaffreda, R.: iCore: a cognitive management framework for the Internet of Things. In: Galis, A., Gavras, A. (eds.) FIA 2013. LNCS, vol. 7858, pp. 350–352. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38082-2_31
Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source AUthenticated publish/subscribe system for the Internet of Things. Inf. Syst. 62, 29–41 (2016)
Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Dynamic policies in Internet of Things: enforcement and synchronization. IEEE Internet Things J. 4(6), 2228–2238 (2017)
Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Security towards the edge: sticky policy enforcement for networked smart objects. Inf. Syst. 71, 78–89 (2017)
Phung, P.H., Truong, H.-L., Yasoju, D.T.: P4SINC-an execution policy framework for IoT services in the edge. In: IEEE International Congress on Internet of Things (ICIOT), pp. 137–142 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bruno, E., Gallier, R., Gabillon, A. (2019). Enforcing Access Controls in IoT Networks. In: Dang, T., Küng, J., Takizawa, M., Bui, S. (eds) Future Data and Security Engineering. FDSE 2019. Lecture Notes in Computer Science(), vol 11814. Springer, Cham. https://doi.org/10.1007/978-3-030-35653-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-35653-8_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35652-1
Online ISBN: 978-3-030-35653-8
eBook Packages: Computer ScienceComputer Science (R0)