Visible to the public Remote Access Control Model for MQTT Protocol

Submitted by aekwall on Mon, 01/11/2021 - 1:32pm
TitleRemote Access Control Model for MQTT Protocol
Publication TypeConference Paper
Year of Publication2020
AuthorsDikii, D. I.
Conference Name2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)
Keywordsaccess control model, access matrix, access privileges, authorisation, computer network security, cryptographic protocols, data deletion, data transferring, device discretionary access control model, Internet of Things, Internet of Things security problems, MQTT, MQTT protocol, OAuth protocol, privacy, pubcrawl, remote access control model, Scalability, secure access control, security, third-party services, TLS protocol
AbstractThe author considers the Internet of Things security problems, namely, the organization of secure access control when using the MQTT protocol. Security mechanisms and methods that are employed or supported by the MQTT protocol have been analyzed. Thus, the protocol employs authentication by the login and password. In addition, it supports cryptographic processing over transferring data via the TLS protocol. Third-party services on OAuth protocol can be used for authentication. The authorization takes place by configuring the ACL-files or via third-party services and databases. The author suggests a device discretionary access control model of machine-to-machine interaction under the MQTT protocol, which is based on the HRU-model. The model entails six operators: the addition and deletion of a subject, the addition and deletion of an object, the addition and deletion of access privileges. The access control model is presented in a form of an access matrix and has three types of privileges: read, write, ownership. The model is composed in a way that makes it compatible with the protocol of a widespread version v3.1.1. The available types of messages in the MQTT protocol allow for the adjustment of access privileges. The author considered an algorithm with such a service data unit build that the unit could easily be distinguished in the message body. The implementation of the suggested model will lead to the minimization of administrator's involvement due to the possibility for devices to determine access privileges to the information resource without human involvement. The author suggests recommendations for security policies, when organizing an informational exchange in accordance with the MQTT protocol.
DOI10.1109/EIConRus49466.2020.9039122
Citation Keydikii_remote_2020
Groups: