New approach for securing communication over MQTT protocol A comparaison between RSA and Elliptic Curve

Mektoubi, Abdessamad; Hassani, Hicham Lalaoui; Belhadaoui, Hicham; Rifi, Mounir; Zakari, Abdelouahed

doi:10.1109/sysco.2016.7831326

Cited by 31 publications

(30 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Moreover, RSA uses common public-key cryptography algorithms, and EC is very useful in pervasive computing [60,61]. Furthermore, three variants of EC algorithms are implemented-ECDAC for digital signature, ECIES for data encryption, and ECDH for key exchange [46].…”

Section: Security Threats and Solutionsmentioning

confidence: 99%

“…Additionally, the lightweight concept for IoT is extended to lightweight attribute-based encryption schema for cloud applications [40][41][42], lightweight collaborative key management protocol [43], lightweight protocol for smart home authentication and key-session exchange [44,45]. Many IoT protocols have been proposed for different ISO layers, such as link layer (802.15.4, PLC), network layer (RPL, 6LoWPA), presentation layer (TLS, 802.1AR, 802.1X), and application layer (CoAP) [46]. Since 6LoWPA takes advantage of the IEEE 802.15.4 standard for low-rate wireless networks and IPv6, it provides low processing and a lack of authentication as an advantage and a disadvantage, respectively [9].…”

mentioning

confidence: 99%

“…RPL uses the Advanced Encryption Standard (AES) protocol with key length of 128 [47]. RPL can support point-to-point communication and multi-cast routing in lower power networks [46]. However, its vulnerability to many attacks, such as forwarding, sinkhole, Sybil, Hello flooding, wormhole, black hole, and DoS, is the greatest disadvantage of RPL [9].…”

mentioning

confidence: 99%

See 2 more Smart Citations

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Mrabet

Belguith

Alhomoud

et al. 2020

Sensors

190

View full text Add to dashboard Cite

The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond.

show abstract

Section: Security Threats and Solutionsmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Mrabet

Belguith

Alhomoud

et al. 2020

Sensors

190

View full text Add to dashboard Cite

show abstract

“…Most of the works related to MQTT protocol available in the literature focus on performance evaluation (Fehrenbach, 2017;Gündoğan et al, 2018;Lee et al, 2013;Luzuriaga et al, 2015;Scalagent, 2015;Thangavel et al, 2014;Yokotani & Sasaki, 2016), proposing security enhancements to the existing protocol (Mektoubi et al, 2016;Shin et al, 2016;Singh et al, 2015), formal modelling (Aziz, 2016;Houimli et al, 2017) and security evaluation (Andy et al, 2017;Firdous et al, 2017;Perrone et al, 2017).…”

Section: Literature Reviewmentioning

confidence: 99%

Denial of service attack detection through machine learning for the IoT

Syed

Baig

Ibrahim

et al. 2020

Journal of Information and Telecommunication

View full text Add to dashboard Cite

Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on legitimate and protocol compliant DoS attack scenarios. To protect the MQTT message brokers from such attacks, we propose a machine learning-based detection framework developed for the MQTT protocol. Through experiments, we demonstrate the impact of such attacks on various MQTT brokers and evaluate the effectiveness of the proposed framework to detect these malicious attacks. The results obtained indicate that the attackers can overwhelm the server resources even when legitimate access was denied to MQTT brokers and resources have been restricted. In addition, the MQTT features we have identified showed high attack detection accuracy. The field size and length-based features drastically reduced the false-positive rates and are suitable in detecting IoT based attacks.

show abstract

“…[25] have proposed another security mechanism based on ECC which focuses on data confidentiality with less resource requirement compared to TLS. Furthermore, Mektoubi et.al [26] have performed a study comparing RSA and ECC to protect the data confidentiality and provide good non-repudiation. In the case of constrained devices, Niruntasukrat et.al.…”

Section: E Botnet Over Mqttmentioning

confidence: 99%

Attack Scenarios and Security Analysis of MQTT Communication Protocol in IoT System

Andy¹,

Rahardjo²,

Hanindhito³

2017

EECSI

View full text Add to dashboard Cite

Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. This paper discusses several reasons on why there are many IoT system that does not implement adequate security mechanism. Next, it also demonstrates and analyzes how we can attack this protocol easily using several attack scenarios. Finally, after the vulnerabilities of this protocol have been examined, we can improve our security awareness especially in MQTT protocol and then implement security mechanism in our MQTT system to prevent such attack. Keywords-attack; MQTT; protocol; scenario I. INTRODUCTION Internet of Things (IoT) or inter-machine communication (M2M) over the internet is a concept that allows communication between devices over the Internet. The number of IoT devices is growing rapidly where Cisco IBSG predicts the number of IoT devices will reach 50 billion by 2020 [1]. Moreover, Gartner predicts, by 2020, the internet of things devices will be made up of 20.4 billion units [2]. IoT plays a major role in smart city implementation like smart home, smart transportation, and smart parking. Nowadays, many protocols are used as a communication protocol in the IoT devices. Five of the most prominent protocols used for IoT is Hypertext Transfer Protocol (HTTP), Constrained Application Protocol (CoAP), Extensible Messaging and Presence Protocol (XMPP), Advanced Message Queuing Protocol (AMQP), and MQ Telemetry Protocol (MQTT) [3]. Some considerations that must be taken into account when we choose the protocol are energy efficiency (total consumed energy for the given execution time), performance (total transmission time it takes to send messages and receive their acknowledgments), resource usage (CPU, RAM, and ROM usage), and reliability (ability to avoid packet loss, i.e. QoS) [4]. Moreover, when advanced functionalities (e.g. message persistence, wills, and exactly once delivery), reliability, and ability to secure multicast message are highly considered, MQTT protocol is one of the best options [5].

show abstract

New approach for securing communication over MQTT protocol A comparaison between RSA and Elliptic Curve

Cited by 31 publications

References 2 publications

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

A Survey of IoT Security Based on a Layered Architecture of Sensing and Data Analysis

Denial of service attack detection through machine learning for the IoT

Attack Scenarios and Security Analysis of MQTT Communication Protocol in IoT System

Contact Info

Product

Resources

About