Abstract
The Internet of Things (IoT) is playing a key role in consumer and business environments. Due to the sensitivity of the information IoT devices collect and share, and the potential impact a data breach can have in people’s lives, securing communication and access to data in IoT has become a critical feature. Multiple application layer protocols are used nowadays in IoT, with the Constrained Application Protocol (CoAP) and the Message Queue Telemetry Transport (MQTT) being two of the most widely popular. In this paper, we propose a solution to increase the security of both CoAP and MQTT based on the distributed Usage Control (UCON) framework. The inclusion of UCON provides dynamic access control to the data shared using these protocols. This occurs by monitoring mutable attributes related to the local protocol nodes and also by sharing data values between remote nodes via the distributed instances of UCON. We present the architecture and the workflow of our approach together with a real implementation for performance evaluation purposes.
This work has been partially funded by EU Funded projects H2020 NeCS, GA #675320, H2020 C3ISP, GA #700294 and EIT Digital HC&IoT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015). https://doi.org/10.1109/COMST.2015.2444095. (Fourthquarter)
Bastos, D., Shackleton, M., El-Moussa, F.: Internet of Things: a survey of technologies and security risks in smart home and city environments. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, pp. 1–7, March 2018. https://doi.org/10.1049/cp.2018.0030
Capossele, A., Cervo, V., De Cicco, G., Petrioli, C.: Security as a CoAP resource: an optimized DTLS implementation for the IoT. In: 2015 IEEE International Conference on Communications (ICC), pp. 549–554. IEEE (2015)
Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gener. Comput. Syst. 63(C), 37–55 (2016). https://doi.org/10.1016/j.future.2016.04.010
Chen, D., Varshney, P.K.: QoS support in wireless sensor networks: a survey. In: International Conference on Wireless Networks, vol. 233, pp. 1–7 (2004)
Collina, M., Corazza, G.E., Vanelli-Coralli, A.: Introducing the QEST broker: scaling the IoT by bridging MQTT and REST. In: 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), pp. 36–41, September 2012. https://doi.org/10.1109/PIMRC.2012.6362813
Costantino, G., La Marra, A., Martinelli, F., Mori, P., Saracino, A.: Privacy preserving distributed attribute computation for usage control in the Internet of Things. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 1844–1851, August 2018. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00279
Faiella, M., Martinelli, F., Mori, P., Saracino, A., Sheikhalishahi, M.: Collaborative attribute retrieval in environment with faulty attribute managers. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 296–303, August 2016. https://doi.org/10.1109/ARES.2016.51
Gerdes, S., Bergmann, O., Bormann, C., Selander, G., Seitz, L.: Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE). Internet-Draft draft-ietf-ace-dtls-authorize-07, Internet Engineering Task Force, March 2019. https://datatracker.ietf.org/doc/html/draft-ietf-ace-dtls-authorize-07. (work in Progress)
Giusto, D., Iera, A., Morabito, G., Atzori, L.: The Internet of Things. Springer, New York (2010). https://doi.org/10.1007/978-1-4419-1674-7
Granjal, J., Monteiro, E., Silva, J.S.: Security for the Internet of Things: a survey of existing protocols and open research issues. IEEE Commun. Surv. Tutor. 17(3), 1294–1312 (2015)
Hartke, K.: Observing Resources in the Constrained Application Protocol (CoAP). RFC 7641, September 2015. https://doi.org/10.17487/RFC7641. https://rfc-editor.org/rfc/rfc7641.txt
Karopoulos, G., Mori, P., Martinelli, F.: Usage control in SIP-based multimedia delivery. Comput. Secur. 39, 406–418 (2013). https://doi.org/10.1016/j.cose.2013.09.005
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Improving MQTT by inclusion of usage control. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 545–560. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_43
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Introducing usage control in MQTT. In: Katsikas, S.K., et al. (eds.) CyberICPS/SECPRE 2017. LNCS, vol. 10683, pp. 35–43. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_3
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010). https://doi.org/10.1016/j.cosrev.2010.02.002
Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful data usage control for android mobile devices. Int. J. Inf. Secur., pp. 1–25 (2016). https://doi.org/10.1007/s10207-016-0336-y
Locke, D.: MQ telemetry transport (MQTT) v3. 1 protocol specification. IBM developerWorks Technical Library (2010)
Marra, A.L., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in Internet of Things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063, August 2017. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004). https://doi.org/10.1145/984334.984339
Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the Internet of Things. IEEE Sens. J. 13(10), 3711–3720 (2013). https://doi.org/10.1109/JSEN.2013.2277656
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347, January 2012. https://doi.org/10.17487/RFC6347. https://rfc-editor.org/rfc/rfc6347.txt
Rescorla, E., Tschofenig, H., Modadugu, N.: The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. Internet-Draft draft-ietf-tls-dtls13-31, Internet Engineering Task Force, March 2019. https://datatracker.ietf.org/doc/html/draft-ietf-tls-dtls13-31. (work in Progress)
INFSO D.4 Networked Enterprise and RFID INFSO G.2 Micro and Nanosystem: Internet of Things in 2020, A Roadmap for the Future (2009)
Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252, June 2014. https://doi.org/10.17487/RFC7252. https://rfc-editor.org/rfc/rfc7252.txt
Singh, M., Rajan, M.A., Shivraj, V.L., Balamuralidhar, P.: Secure MQTT for Internet of Things (IoT). In: 2015 Fifth International Conference on Communication Systems and Network Technologies, pp. 746–751, April 2015. https://doi.org/10.1109/CSNT.2015.16
Tiloca, M., Selander, G., Palombini, F., Park, J.: Group OSCORE - Secure Group Communication for CoAP. Internet-Draft draft-ietf-core-oscore-groupcomm-04, Internet Engineering Task Force, March 2019. https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm-04. (work in Progress)
Ukil, A., Bandyopadhyay, S., Bhattacharyya, A., Pal, A., Bose, T.: Lightweight security scheme for IoT applications using CoAP. Int. J. Pervasive Comput. Commun. 10(4), 372–392 (2014)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rizos, A., Bastos, D., Saracino, A., Martinelli, F. (2020). Distributed UCON in CoAP and MQTT Protocols. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)