Introducing Usage Control in MQTT protocol for IoT

The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.

Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)
Authors: 
Antonio La Marra
Fabio Martinelli
Paolo Mori
Andrea Saracino

MQTT is a widely-used general purpose IoT application layer protocol, usable in both constrained and powerful devices, which coordinates data exchanges through a publish/subscribe approach. In this paper we propose a methodology to increase the security of the MQTT protocol, by including Usage Control in its operative workflow. The inclusion of Usage Control enables a fine-grained dynamic control of the rights of subscribers to access data and data-streams over time, by monitoring mutable attributes related to the subscriber, the environment or data itself. We will present the architecture and workflow of MQTT enhanced through Usage Control, also presenting a real implementation on Raspberry Pi 3 for performance evaluation.

Links: 
Conference link
Athanasios Rizos
Venue: 
3rd Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2017) In Conjunction With ESORICS
Date: 
Monday, September 11, 2017 to Friday, September 15, 2017