Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Privacy Requirements Engineering

International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems

SECPRE 2017, CyberICPS 2017: Computer Security pp 35–43Cite as

Introducing Usage Control in MQTT

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10683))

Abstract

MQTT is a widely-used general purpose IoT application layer protocol, usable in both constrained and powerful devices, which coordinates data exchanges through a publish/subscribe approach. In this paper we propose a methodology to increase the security of the MQTT protocol, by including Usage Control in its operative workflow. The inclusion of Usage Control enables a fine-grained dynamic control of the rights of subscribers to access data and data-streams over time, by monitoring mutable attributes related to the subscriber, the environment or data itself. We will present the architecture and workflow of MQTT enhanced through Usage Control, also presenting a real implementation on Raspberry Pi 3 for performance evaluation.

This work has been partially funded by EU Funded projects H2020 C3ISP, GA #700294, H2020 NeCS, GA #675320 and EIT Digital HII on Trusted Cloud Management.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.raspberrypi.org/products/raspberry-pi-3-model-b/.

References

  1. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutorials 17(4), 2347–2376 (2015)

    Article  Google Scholar 

  2. Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gener. Comput. Syst. 63(C), 37–55 (2016)

    Article  Google Scholar 

  3. Chen, D., Varshney, P.K.: QoS support in wireless sensor networks: a survey. In: International Conference on Wireless Networks, vol. 233, pp. 1–7 (2004)

    Google Scholar 

  4. Colitti, W., Steenhaut, K., De Caro, N., Buta, B., Dobrota, V.: Evaluation of constrained application protocol for wireless sensor networks. In: 2011 18th IEEE Workshop on Local Metropolitan Area Networks (LANMAN), pp. 1–6, October 2011

    Google Scholar 

  5. Fysarakis, K., Askoxylakis, I., Soultatos, O., Papaefstathiou, I., Manifavas, C., Katos, V.: Which IoT protocol? Comparing standardized approaches over a common M2M application. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–7. IEEE (2016)

    Google Scholar 

  6. Karagiannis, V., Chatzimisios, P., Vzquez-Gallego, F., Alonso-Zrate, J.: A survey on application layer protocols for the Internet of Things. Trans. IoT Cloud Comput. 1(1), 11–17 (2015)

    Google Scholar 

  7. Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)

    Article  Google Scholar 

  8. Lesjak, C., Hein, D., Hofmann, M., Maritsch, M., Aldrian, A., Priller, P., Ebner, T., Ruprechter, T., Pregartner, G.: Securing smart maintenance services: hardware-security and TLS for MQTT. In: 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pp. 1243–1250, July 2015

    Google Scholar 

  9. Luzuriaga, J.E., Perez, M., Boronat, P., Cano, J.C., Calafate, C., Manzoni, P.: A comparative evaluation of AMQP and MQTT protocols over unstable and mobile networks. In: 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), pp. 931–936, January 2015

    Google Scholar 

  10. La Marra, A., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in Internet of Things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, Sydney, Australia, 1–4 August 2017, pp. 1056–1063 (2017)

    Google Scholar 

  11. Martinelli, F., Mori, P.: On usage control for grid systems. Future Gener. Comput. Syst. 26(7), 1032–1042 (2010)

    Article  Google Scholar 

  12. Thangavel, D., Ma, X., Valera, A., Tan, H.X., Tan, C.K.Y.: Performance evaluation of MQTT and CoAP via a common middleware. In: 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 1–6. IEEE (2014)

    Google Scholar 

  13. Villari, M., Celesti, A., Fazio, M., Puliafito, A.: Alljoyn lambda: an architecture for the management of smart environments in IoT. In: 2014 International Conference on Smart Computing Workshops, pp. 9–14, November 2014

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy

    Antonio La Marra, Fabio Martinelli, Paolo Mori, Athanasios Rizos & Andrea Saracino

  2. Department of Computer Science, University of Pisa, Pisa, Italy

    Athanasios Rizos

Authors
  1. Antonio La Marra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Athanasios Rizos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andrea Saracino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrea Saracino .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, Ontario, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, Georgia, USA

    Annie Antón

  8. University of the Aegean, Karlovassi, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A. (2018). Introducing Usage Control in MQTT. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72817-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72816-2

  • Online ISBN: 978-3-319-72817-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation