Introducing Usage Control in MQTT

MQTT is a widely-used general purpose IoT application layer protocol, usable in both constrained and powerful devices, which coordinates data exchanges through a publish/subscribe approach. In this paper we propose a methodology to increase the security of the MQTT protocol, by including Usage Control in its operative workflow. The inclusion of Usage Control enables a fine-grained dynamic control of the rights of subscribers to access data and data-streams over time, by monitoring mutable attributes related to the subscriber, the environment or data itself. We will present the architecture and workflow of MQTT enhanced through Usage Control, also presenting a real implementation on Raspberry Pi 3 for performance evaluation.

[1]  Fabio Martinelli,et al.  Usage control in computer security: A survey , 2010, Comput. Sci. Rev..

[2]  Antonio Puliafito,et al.  AllJoyn Lambda: An architecture for the management of smart environments in IoT , 2014, 2014 International Conference on Smart Computing Workshops.

[3]  Juan-Carlos Cano,et al.  A comparative evaluation of AMQP and MQTT protocols over unstable and mobile networks , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[4]  Fabio Martinelli,et al.  Implementing Usage Control in Internet of Things: A Smart Home Use Case , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[5]  Jesus Alonso-Zarate,et al.  A Survey on Application Layer Protocols for the Internet of Things , 2015 .

[6]  Peter Priller,et al.  Securing smart maintenance services: Hardware-security and TLS for MQTT , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[7]  Kris Steenhaut,et al.  Evaluation of constrained application protocol for wireless sensor networks , 2011, 2011 18th IEEE Workshop on Local & Metropolitan Area Networks (LANMAN).

[8]  Fabio Martinelli,et al.  On usage control for GRID systems , 2010, Future Gener. Comput. Syst..

[9]  P.K. Varshney,et al.  Decision fusion rules in multi-hop wireless sensor networks , 2005, IEEE Transactions on Aerospace and Electronic Systems.

[10]  Fabio Martinelli,et al.  Usage Control on Cloud systems , 2016, Future Gener. Comput. Syst..

[11]  Xiaoping Ma,et al.  Performance evaluation of MQTT and CoAP via a common middleware , 2014, 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP).

[12]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[13]  Ioannis G. Askoxylakis,et al.  Which IoT Protocol? Comparing Standardized Approaches over a Common M2M Application , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).