Security in the Internet of Things: A Survey on Application Layer Protocols

The rapid development of technology nowadays led people to a new and revolutionary concept, named the Internet of Things. This model imposes that all "objects", such as personal objects (smartphones, notebooks, smart watches, tablets etc), electronic equipment embed with sensors and other environmental elements are always connected to a common network. Therefore, one can access any resource at any time, by using a device recognized in the network. While the IoT may be economically and socially beneficial, the implementation of such a system poses many difficulties, risks and security issues that must be taken into consideration. Nowadays, the architecture of the Internet must be updated and rethought in order to interconnect trillions of devices and to ensure interoperability between them. Nevertheless, the most important problem is the security requirements of the IoT, which is probably one of the main reasons of the relatively slow development of this field. This paper presents the most important application layer protocols that are currently used in the IoT context: CoAP, MQTT, XMPP. We discuss them both separately and by comparison, with focus on the security provided by these protocols. Finally, we provide some future research opportunities and conclusions.

[1]  Ueli Maurer,et al.  (De-)Constructing TLS 1.3 , 2015, INDOCRYPT.

[2]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..

[3]  Chen Hongsong,et al.  Security and trust research in M2M system , 2011, Proceedings of 2011 IEEE International Conference on Vehicular Electronics and Safety.

[4]  Inhyok Cha,et al.  Trust in M2M communication , 2009, IEEE Vehicular Technology Magazine.

[5]  Weizhe Zhang,et al.  Security Architecture of the Internet of Things Oriented to Perceptual Layer , 2013 .

[6]  Ramjee Prasad,et al.  Object Classification based Context Management for Identity Management in Internet of Things , 2013 .

[7]  Peter Friess,et al.  Internet of Things Strategic Research Roadmap , 2011 .

[8]  Andreas Leicher,et al.  TRUST IN M 2 M COMMUNICATION The New Security Threats , 2009 .

[9]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[10]  Cristina Alcaraz,et al.  Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks , 2009, FOSAD.

[11]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[12]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[13]  G. Padmavathi,et al.  A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks , 2009, ArXiv.

[14]  Donald Eastlake rd,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[15]  Jiang Du,et al.  A study of information security for M2M of IOT , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[16]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[17]  Aboubaker Lasebae,et al.  Security analysis of the constrained application protocol in the Internet of Things , 2013, Second International Conference on Future Generation Communication Technologies (FGCT 2013).

[18]  Jesus Alonso-Zarate,et al.  A Survey on Application Layer Protocols for the Internet of Things , 2015 .

[19]  Geir M. Køien,et al.  Security and privacy in the Internet of Things: Current status and open issues , 2014, 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).

[20]  Hugo Krawczyk,et al.  The OPTLS Protocol and TLS 1.3 , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[21]  Chiara Buratti,et al.  Comparing application layer protocols for the Internet of Things via experimentation , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[22]  Klaus Hartke,et al.  Practical Issues with Datagram Transport Layer Security in Constrained Environments , 2014 .

[23]  Hans Günter Brauch,et al.  Concepts of Security Threats, Challenges, Vulnerabilities and Risks , 2010, Coping with Global Environmental Change, Disasters and Security.

[24]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.