Abstract
Due to the boom of Internet of Things (IoT) in recent years, various IoT devices are connected to the internet and communicate with each other through web protocols such as the Constrained Application Protocol (CoAP). These web protocols are typically defined and described in the Request for Comments (RFC) documents, which are written in natural or semi-formal languages. Since developers largely follow the RFCs when implementing web protocols, the RFCs have become the de facto protocol specifications. Therefore, it is desirable to ensure that the technical details being described in the RFC are consistent, to avoid technological issues, incompatibility, security risks or even legal concerns. In this work, we propose RFCKG, a knowledge graph based contradictions detection tool for CoAP RFC. Our approach can automatically parse the RFC documents and construct knowledge graphs from them through entity extraction, relation extraction, and rule extraction. It then conducts an intra-entity and inter-entity consistency checking over the generated knowledge graph. We implement RFCKG and apply it to the main RFC (RFC7252) of CoAP, one of the most extensively used messaging protocols in IoT. Our evaluation shows that RFCKG manages to detect both direct contradiction and conditional contradictions from the RFC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Assessed on 11th August, 2022.
References
Andow, B., et al.: \(\{\)PolicyLint\(\}\): investigating internal privacy policy contradictions on google play. In: 28th USENIX Security Symposium (USENIX security 19), pp. 585–602 (2019)
Bird, S., Klein, E., Loper, E.: Natural language processing with Python: analyzing text with the natural language toolkit. O’Reilly Media, Inc (2009)
Bradner, S.: Key words for use in RFCs to indicate requirement levels. http://datatracker.ietf.org/doc/html/rfc2119 (1997). Assessed 04 Aug 2022
Brown, T., et al.: Language models are few-shot learners. Adv. Neural. Inf. Process. Syst. 33, 1877–1901 (2020)
Chegini, H., Naha, R.K., Mahanti, A., Thulasiraman, P.: Process automation in an IoT-fog-cloud ecosystem: a survey and taxonomy. IoT 2(1), 92–118 (2021)
Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)
Hagberg, A.A., Schult, D.A., Swart, P.J.: Exploring network structure, dynamics, and function using networkx. In: Varoquaux, G., Vaught, T., Millman, J. (eds.) Proceedings of the 7th Python in Science Conference, pp. 11–15. Pasadena, CA USA (2008)
Harabagiu, S., Hickl, A., Lacatusu, F.: Negation, contrast and contradiction in text processing. In: AAAI, vol. 6, pp. 755–762 (2006)
Honnibal, M., Montani, I.: spaCy 2: Natural language understanding with Bloom embeddings, convolutional neural networks and incremental parsing (2017)
Huh, S., Cho, S., Kim, S.: Managing IoT devices using blockchain platform. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 464–467. IEEE (2017)
Khan, L.U., Saad, W., Han, Z., Hossain, E., Hong, C.S.: Federated learning for internet of things: recent advances, taxonomy, and open challenges. IEEE Commun. Surv. Tutorials PP(99), 1 (2021)
Kraus, A.: californium. https://github.com/eclipse/californium (2016). Accessed 11 Aug 2022
Le, D.P., Meng, H., Su, L., Yeo, S.L., Thing, V.: Biff: a blockchain-based IoT forensics framework with identity privacy. In: TENCON 2018–2018 IEEE region 10 conference, pp. 2372–2377. IEEE (2018)
Leiba, B.: Ambiguity of uppercase vs lowercase in RFC 2119 key words. https://datatracker.ietf.org/doc/html/rfc8174 (2017). Accessed 04 Aug 2022
Li, H., et al.: Improving API caveats accessibility by mining API caveats knowledge graph. In: 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 183–193. IEEE (2018)
Lynggaard, P., Skouby, K.E.: Complex IoT systems as enablers for smart homes in a smart city vision. Sensors 16(11), 1840 (2016)
Mahadewa, K., et al.: Scrutinizing implementations of smart home integrations. IEEE Trans. Softw. Eng. 47, 2667–2683 (2019)
Mahadewa, K., et al.: Identifying privacy weaknesses from multi-party trigger-action integration platforms. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 2–15 (2021)
Meng, M.H., et al.: Post-GDPR threat hunting on android phones: dissecting OS-level safeguards of user-unresettable identifiers. In: The Network and Distributed System Security Symposium (NDSS) (2023)
Meurer, A., et al.: SymPy: symbolic computing in python. Peer. J. Comput. Sci. 3, e103 (2017)
Mondal, I., Hou, Y., Jochim, C.: End-to-end NLP knowledge graph construction. arXiv preprint arXiv:2106.01167 (2021)
Pacheco, M.L., von Hippel, M., Weintraub, B., Goldwasser, D., Nita-Rotaru, C.: Automated attack synthesis by extracting finite state machines from protocol specification documents. arXiv preprint arXiv:2202.09470 (2022)
Shanthamallu, U.S., Spanias, A., Tepedelenlioglu, C., Stanley, M.: A brief survey of machine learning methods and their sensor and IoT applications. In: 2017 8th International Conference on Information, Intelligence, Systems & Applications (IISA), pp. 1–8. IEEE (2017)
Shelby, Z., Hartke, K., Bormann, C.: The constrained application protocol (CoAP). http://datatracker.ietf.org/doc/html/rfc7252 (2014). Accessed 04 Aug 2022
Singh, A.K.: We will be surrounded by 500 billion connected devices by 2030, says anter virk of subcom. https://opportunityindia.franchiseindia.com/article/we-will-be-surrounded-by-500-billion-connected-devices-by-2030-says-anter-virk-of-subcom-35012 (2022). Accessed 28 Aug 2022
Soares, L.B., FitzGerald, N., Ling, J., Kwiatkowski, T.: Matching the blanks: distributional similarity for relation learning. arXiv preprint arXiv:1906.03158 (2019)
Tian, C., Chen, C., Duan, Z., Zhao, L.: Differential testing of certificate validation in SSL/TLS implementations: an RFC-guided approach. ACM. Trans. Softw. Eng. Methodol. 28(4), 1–37 (2019).https://doi.org/10.1145/3355048
Uddin, H., et al.: IoT for 5g/b5g applications in smart homes, smart cities, wearables and connected cars. In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1–5. IEEE (2019)
Wang, K., Bai, G., Dong, N., Dong, J.S.: A framework for formal analysis of privacy on SSO protocols. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 763–777. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_41
Wang, Q., et al.: \(\{\)MPInspector\(\}\): A systematic and automatic approach for evaluating the security of \(\{\)IoT\(\}\) messaging protocols. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 4205–4222 (2021)
Wang, Q., Mao, Z., Wang, B., Guo, L.: Knowledge graph embedding: a survey of approaches and applications. IEEE Trans. Knowl. Data Eng. 29(12), 2724–2743 (2017)
Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning: how do IoT devices use AI to enhance security? IEEE Signal Process. Mag. 35(5), 41–49 (2018)
Xie, D., et al.: DocTer: documentation-guided fuzzing for testing deep learning API functions. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 176–188 (2022)
Xie, F., et al.: Scrutinizing privacy policy compliance of virtual personal assistant apps. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2022)
Zhang, B., Xu, Y., Li, J., Wang, S., Ren, B., Gao, S.: SMDM: tackling zero-shot relation extraction with semantic max-divergence metric learning. Appl. Intell. 1–16 (2022). https://doi.org/10.1007/s10489-022-03596-z
Zhang, C., et al.: Towards better generalization for neural network-based sat solvers. In: Gama, J., Li, T., Yu, Y., Chen, E., Zheng, Y., Teng, F. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2022. LNCS, vol. 13281. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-05936-0_16
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A Table for Predefined Entities and Relations
Appendix B Algorithms for Extracting Rule Statements and Detecting Contradictions
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Feng, X., Zhang, Y., Meng, M.H., Teo, S.G. (2022). Detecting Contradictions from CoAP RFC Based on Knowledge Graph. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds) Network and System Security. NSS 2022. Lecture Notes in Computer Science, vol 13787. Springer, Cham. https://doi.org/10.1007/978-3-031-23020-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-23020-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23019-6
Online ISBN: 978-3-031-23020-2
eBook Packages: Computer ScienceComputer Science (R0)