A real time demonstrative analysis of lightweight payload encryption in resource constrained devices based on mqtt

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Kısıtlı cihazların kaynakları, yani bellek (ROM ve RAM), CPU ve pil ömrü (varsa) sınırlıdır. Genellikle, veri toplayan sensörler, makinadan makineye (M2M) veya servisleri ve elektrikli ev aletlerini kontrol eden akıllı cihazlar için puanlar. Bu tür aygıtlar bir ağa bağlandığında "nesnelerin Internet'i" nin (IoT) bir parçasını oluştururlar. Message Queue Telemetry Transport (yani MQTT), hafif, açık, basit, istemci-sunucu yayın/abone mesajlaşma taşıma protokolüdür. Güvenilir iletişim için üç Hizmet Kalitesi (QoS) seviyesini destekleyen çoğu kaynak kısıtlamalı IoT cihazı için kullanışlıdır ve verimlidir. Cihazdan Cihaza (D2D) ve nesnelerin Internet'i (IoT) bağlamları gibi kısıtlı ortamlarda iletişim için gerekli olan bir protokoldür. MQTT protokolü, güvenli soket katmanı (SSL) sertifikalarına dayalı taşıma katmanı güvenliği (TLS) dışında somut güvenlik mekanizmalarından yoksundur. Bununla birlikte, bu güvenlik protokollerinin en hafif değildir ve özellikle kısıtlı cihazlar için ağ yüklerini artırır. IoT cihazlarının yaklaşık %70'inde özellikle de istemci tarafında veri şifrelemesi yoktur ve TLS için mükemmel bir alternatif olabilir. Bu tezde, farklı Hizmet Kalitesi (QoS) ve veri yüklerin değişken boyutu için kısıtlı bir cihaz üzerinde MQTT protokolünün ağ performansı üzerindeki etkisini göstermek için bir deney düzeneği tasarlanmıştır. Bu çalışmanın yeni kısmı, yüklerin istemci tarafında şifrelenmesini ve ağ performansı üzerindeki etkisini kapsıyor. Denemelerde, verilere 128-bits ileileri şifreleme standardı (AES) hafif bir şifreleme uygulanmıştır. Mesajlar, farklı yük boyutlarına dayanan bir komisyoncu sunucusu aracılığıyla gerçek kablolu alt uçtakı yayıncılık istemcisi ve düşük uçtakı abone istemcisi üzerinden MQTT'deki üç farklı QoS seviyesini kullanarak aktarılır. Paketler, şifreleme ve şifre çözme işlem süresinin ölçülmesiyle birlikte uçtan uca gecikme, verimlilik ve mesaj kaybı analiz etmek için yakalanır. Deney sonuçlarına göre, şifrelenmemiş (şifresiz metin) yükün daha düşük bir ağ yük etkisine sahip olduğu ve bu nedenle, yüzde kaybı ve mesaj tesliminde, şifreli yüke göre MQTT'yi kullanarak nispeten daha iyi bir ağ performansı ürettiği sonucuna varılmıştır.Constrained devices are limited in resources namely, memory (ROM and RAM), CPU and battery life (if available). They are often used as sensors that collects data, machine to machine (M2M) or smart devices that control services and electrical appliances. When such devices are connected to a network they form what is called "things" and in a whole, they form part of the "Internet of Things" (IoT). Message Queue Telemetry Transport (MQTT) is a common light weight, open, simple, client-server publish/subscribe messaging transport protocol useful and efficient for most resource constrained IoT devices that supports three Quality of Service (QoS) levels for reliable communication. It is an essential protocol for communication in constrained environments such as Device to Device (D2D) and Internet of Things (IoT) contexts. MQTT protocol is devoid of concrete security mechanisms apart from Transport Layer Security (TLS) based on Secure Socket Layer (SSL) certificates. However, this is not the lightest of security protocols and increases network overheads especially for constrained devices. About 70 % of most ordinary IoT devices also lack data encryption especially at the client-end which could have been a perfect alternative for TLS. In this thesis, an experimental setup is designed to demonstrate the effect on network performance of MQTT protocol on a constrained device for different Quality of Service (QoS) and variable size of payloads. The novel part of this study covers client-side encryption of payloads and its effect over network performance. In the experiments, a lightweight encryption of 128-bits Advanced Encryption Standard (AES) is applied on the data. The messages are transferred using the three different QoS levels in MQTT over real wired low-end publish client and low-end subscriber client via a broker server based on different payload sizes. The packets are captured to analyze end-to-end latency, throughput and message loss along with the measurement of encryption and decryption processing time. According to the results of the experiment, it was concluded that, non-encrypted (plaintext) payload have a lower network load effect and hence produces a relatively better network performance using MQTT in terms of percentage loss and message delivery than the encrypted payload

IoT-MQTT based denial of service attack modelling and detection

Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks

Performance evaluation of CoAP and MQTT with security support for IoT environments

World is living an overwhelming explosion of smart devices: electronic gadgets, appliances, meters, cars, sensors, camera and even traffic lights, that are connected to the Internet to extend their capabilities, constituting what is known as Internet of Things (IoT). In these environments, the application layer is decisive for the quality of the connection, which has dependencies to the transport layer, mainly when secure communications are used. This paper analyses the performance offered by these two most popular protocols for the application layer: Constrained Application Protocol (CoAP) and Message Queue Telemetry Transport (MQTT). This analysis aims to examine the features and capabilities of the two protocols and to determine their feasibility to operate under constrained devices taking into account security support and diverse network conditions, unlike the previous works. Since IoT devices typically show battery constraints, the analysis is focused on bandwidth and CPU use, using realistic network scenarios, since this use translates to power consumption.This work was supported in part by the Ministry of Economy and Competitiveness (Spain) under the project MAGOS (TEC2017-84197-C4-1-R) and by the Comunidad de Madrid (Spain) under the projects: CYNAMON (P2018/TCS-4566), co-financed by European Structural Funds (ESF and FEDER), and the Multiannual Agreement with UC3M in the line of Excellence of University Professors (EPUC3M21), in the context of the V PRICIT (Regional Programme of Research and Technological Innovation)

Handling Mobility in IoT applications based on the MQTT protocol

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Connectivity clearly plays an important role in Internet of Things (loT) solutions, and the efficient handling of mobility is crucial for the overall performance of loT applications. Currently, the most widely adopted protocols for loT and Machine to Machine (M2M) environments, namely MQTT, CoAP or LWM2M, are directly dependent on the TCP/IP protocol suite. This suite is highly reliable when using wired networks, but it is not the best solution in the presence of intermittent connections. In this work we provide a solution to improve MQTT with an emphasis on mobile scenarios. The advantage of the solution we propose is making the system more immune to changes in the point of attachment of mobile devices. This way we avoid loT service developers having to explicitly consider this issue. Moreover, our solution does not need extra support from the network through protocols like MobilelP or LISP. The obtained results show that our proposal, based on intermediate buffering, guarantees that there is no information loss during hand-off periods due to node mobility; furthermore, based on discrete event simulation results, we determine the maximum number of sources and the required amount of buffers for a mobile node.This work was partially supported by the Ministerio de Economía y Competitividad, Programa Estatal de Investigación, Desarrollo e Innovación Orientada a los Retos de la Sociedad, Proyectos I+D+I 2014, Spain, under Grant TEC2014-52690-R.Luzuriaga Quichimbo, JE.; Cano Escribá, JC.; Tavares De Araujo Cesariny Calafate, CM.; Manzoni, P.; Perez, M.; Boronat, P. (2015). Handling Mobility in IoT applications based on the MQTT protocol. IEEE. https://doi.org/10.1109/ITechA.2015.7317403

Smart home power management system for electric vehicle battery charger and electrical appliance control

This paper presents a power management system (PMS) designed for smart homes aiming to deal with the new challenges imposed by the proliferation of plug-in electric vehicles (EVs) and their coexistence with other residential electrical appliances. The PMS is based on a hybrid wireless network architecture composed by a local hub/gateway and several Bluetooth Low Energy (BLE) and Wi-Fi sensor/actuator devices. These wireless devices are used to transfer information inside the smart home using the MQTT (Message Queuing Telemetry Transport) protocol. Based on the proposed solution, the current consumption of the EV battery charger and other residential electrical appliances are dynamically monitored and controlled by using a configurable algorithm, ensuring that the total current consumption does not cause the tripping of the home circuit breaker. An Android client application allows the user to monitor and configure the system operation in real-time, a developed Wi Fi smart plug permits to measure the RMS values of current of the connected electrical appliance and change its state of operation remotely, and an EV battery charger may be controlled in terms of operating power according to set-points received from the Android client application. Experimental tests are used to evaluate the quality of service provided by the developed smart home platform in terms of communication delay and reliability. An experimental validation for different conditions of operation of the proposed smart home PMS concerning the power operation of the EV battery charger with the proposed control algorithm is also presented.info:eu-repo/semantics/acceptedVersio

QoS Analysis of Wireless Sensor Networks for Temperature and Humidity Monitoring and Control of Soybean Seed Storage Based IOT Using NodeMCU

Based on data from Central Bureau of Statistics in 2016 - 2020 soybean production deficit, the main factor is the decline in the quality of soybean seeds temperature and humidity sensitive. And so we need a system of monitoring and control of temperature and humidity container store soya beans. Wireless sensor network wireless technology that consists of a collection of sensor nodes distributed on a given area can support the communication between the sensor nodes using the system and sensor NodeMCU DHT11. This research was to analyze the WSN QoS monitoring system and temperature and humidity control soybean seed store container-based IOT using NodeMCU clients and coordinators are connected to an access point for sending data to the server in realtime. Tests carried out by putting the sensor node at 3 points with a distance variation of the coordinator and a data packet transmission interval. The test results obtained using a star topology indoor NLOS conditions optimal distance sensor node 3 which is 4 meters and the delivery interval 40s with packet loss value of 0-20%, delay 1.154 - 5,92s, jitter 0.241 to 7.57 ms, and throughput 66.32 bits / s. WSN protocol IOT uses MQTT NodeMCU and goes well with a low throughput value is 529.81 bps to 544.85 bps can still generate a delay kualiatas 200.33 to 270.83 ms and packet loss from 0 to 1.284% which is good. 92s, jitter 0.241 to 7.57 ms, and the throughput of 66.32 bits / s. WSN protocol IOT uses MQTT NodeMCU and goes well with a low throughput value is 529.81 bps to 544.85 bps can still generate a delay kualiatas 200.33 to 270.83 ms and packet loss from 0 to 1.284% which is good. 92s, jitter 0.241 to 7.57 ms, and the throughput of 66.32 bits / s. WSN protocol IOT uses MQTT NodeMCU and goes well with a low throughput value is 529.81 bps to 544.85 bps can still generate a delay kualiatas 200.33 to 270.83 ms and packet loss from 0 to 1.284% which is good

Managing Mobility for Distributed Smart Cities Services

The IoT refers to the idea of internetworking physical devices, vehicles, buildings, and any other item embedded with the appropriate electronics, software, sensors, actuators, and network connectivity to allows them to interchange data and to provide highly effective new services. In this thesis we focus on the communications issues of the IoT in relation to mobility and we provide different solutions to alleviate the impact of these potential problems and to guarantee the information delivery in mobile scenarios. Our reference context is a Smart City where various mobile devices collaboratively participate, periodically sending information from their sensors. We assume that these services are located in platforms based in cloud infrastructures where the information is protected through the use of virtualisation ensuring their security and privacy. This thesis is structured into seven chapters. We first detail our objectives and identify the current problems we intend to address. Next, we provide a thorough review of the state of the art of all the areas involved in our work, highlighting how we improved the existing solutions with our research. The overall approach of the solutions we propose in this thesis use prototypes that encompasses and integrates different technologies and standards in a small infrastructure, using real devices in real scenarios with two of the most commonly used networks around the world: WiFi and 802.15.4 to efficiently solve the problems we originally identified. We focussed on protocols based on a producer/consumer paradigm, namely AMQP and particularly MQTT. We observed the behaviour of these protocols using in lab experiments and in external environments, using a mesh wireless network as the backbone network. Various issues raised by mobility were taken into consideration, and thus, we repeated the tests with different messages sizes and different inter-message periodicity, in order to model different possible applications. We also present a model for dimensioning the number of sources for mobile nodes and calculating the number of buffers required in the mobile node as a function of the number of sources and the size of the messages. We included a mechanism for avoiding data loss based on intermediate buffering adapted to the MQTT protocol that, in conjunction with the use of an alternative to the Network Manager in certain contexts, improves the connection establishment for wireless mobile clients. We also performed a detailed study of the jitter behaviour of a mobile node when transmitting messages with this proposal while moving through a real outdoor scenario. To emulate simple IoT networks we used the Cooja simulator to study and determine the effects on the probability of delivering messages when both publishers and subscribers were added to different scenarios. Finally we present an approach that combines the MQTT protocol with DTN which we specifically designed for constrained environments and guarantees that important information will never be lost. The advantage of our proposed solutions is that they make an IoT system more resilient to changes in the point of attachment of the mobile devices in an IoT network without requiring IoT application & service developers to explicitly consider this issue. Moreover, our solutions do not require additional support from the network through protocols such as MobileIP or LISP. We close the thesis by providing some conclusions, and identifying future lines of work which we unable to address here.Internet de las cosas (IoT) se refiere a la idea de interconectar sensores, actuadores, dispositivos físicos, vehículos, edificios y cualquier elemento dotado de la electrónica, así como del software y de la conectividad de red que los hace capaces de intercambiar datos para proporcionar servicios altamente efectivos. En esta tesis nos centramos en temas relacionados con la comunicación de sistemas IoT, específicamente en situaciones de movilidad y en los problemas que esto conlleva. Con este fin ofrecemos diferentes soluciones que alivian su impacto y garantizan la entrega de información en estas situaciones. El contexto de referencia es una ciudad inteligente donde varios dispositivos móviles participan de forma colaborativa enviando periódicamente información desde sus sensores hacia servicios ubicados en plataformas en la nube (cloud computing) donde mediante el uso de virtualización, la información está protegida garantizando su seguridad y privacidad. Las soluciones propuestas en esta tesis se enfocan en probar sobre una pequeña infraestructura un prototipo que abarca e integra diferentes tecnologías y estándares para resolver eficientemente los problemas previamente identificados. Hemos enfocado nuestro esfuerzo en el uso de dispositivos sobre escenarios reales con dos de las redes más extendidas en todo el mundo: WiFi y enlaces 802.15.4. Nos enfocamos en protocolos que ofrecen el paradigma productor/consumidor como el protocolo avanzado de colas de mensajes (AMQP) y particularmente el protocolo de transporte de mensajes telemétricos (MQTT), observamos su comportamiento a través de experimentos en laboratorio y en pruebas al aire libre, repitiendo las pruebas con diferentes tamaños de mensajes y diferente periodicidad entre mensajes. Para modelar las diferentes posibles aplicaciones de la propuesta, se tomaron en consideración varias cuestiones planteadas por la movilidad, resultando en un modelo para dimensionar eficientemente el número de fuentes para un nodo móvil y para calcular el tamaño requerido del buffer, en función del número de fuentes y del tamaño de los mensajes. Proponemos un mecanismo adaptado al protocolo MQTT que evita la pérdida de datos en clientes móviles, basado en un buffer intermedio entre la producción y publicación de mensajes que, en conjunto con el uso de una alternativa al gestor de conexiones inalámbricas "Network Manager", en ciertos contextos mejora el establecimiento de las conexiones. Para la evaluación de esta propuesta se presenta un estudio detallado de un nodo móvil que se mueve en un escenario real al aire libre, donde estudiamos el comportamiento del jitter y la transmisión de mensajes. Además, hemos utilizado emuladores de redes IoT para estudiar y determinar los efectos sobre la probabilidad de entrega de mensajes, cuando se agregan tanto publicadores como suscriptores a diferentes escenarios. Finalmente, se presenta una solución totalmente orientada a entornos con dispositivos de recursos limitados que combina los protocolos MQTT con redes tolerantes a retardos (DTN) para garantizar la entrega de información. La ventaja de las soluciones que proponemos reside en el hecho de que los sistemas IoT se vuelven resilientes a la movilidad y a los cambios de punto de acceso, permitiendo así que los desarrolladores creen fácilmente aplicaciones y servicios IoT evitando considerar estos problema. Otra ventaja de nuestras soluciones es que no necesitan soporte adicional de la red como sucede con protocolos como MobileIP o el protocolo que separa el identificador del localizador (LISP). Se destaca cómo hemos mejorado las soluciones existentes hasta el momento de la escritura de esta disertación, y se identifican futuras líneas de actuación que no han sido contempladas.Internet de les coses (IoT) es refereix a la idea d'interconnectar sensors, actuadors, dispositius físics, vehicles, edificis i qualsevol element dotat de l'electrònica, així com del programari i de la connectivitat de xarxa que els fa capaces d'intercanviar dades per proporcionar serveis altament efectius. En aquesta tesi ens centrem en temes relacionats amb la comunicació de sistemes IoT, específicament en situacions de mobilitat i en els problemes que això comporta. A aquest efecte oferim diferents solucions que alleugeren el seu impacte i garanteixen el lliurament d'informació en aquestes situacions. El context de referència és una ciutat intel·ligent on diversos dispositius mòbils participen de forma col·laborativa enviant periòdicament informació des dels seus sensors cap a serveis situats en plataformes en el núvol (cloud computing) on mitjançant l'ús de virtualització, la informació està protegida garantint la seva seguretat i privadesa. Les solucions proposades en aquesta tesi s'enfoquen a provar sobre una xicoteta infraestructura un prototip que abasta i integra diferents tecnologies i estàndards per a resoldre eficientment els problemes prèviament identificats. Hem enfocat el nostre esforç en l'ús de dispositius sobre escenaris reals amb dos de les xarxes més esteses a tot el món: WiFi i enllaços 802.15.4. Ens enfoquem en protocols que ofereixen el paradigma productor/consumidor com el protocol avançat de cues de missatges (AMQP) i particularment el protocol de transport de missatges telemètrics (MQTT), observem el seu comportament a través d'experiments en laboratori i en proves a l'aire lliure, repetint les proves amb diferents grandàries de missatges i diferent periodicitat entre missatges. Per a modelar les diferents possibles aplicacions de la proposta, es van prendre en consideració diverses qüestions plantejades per la mobilitat, resultant en un model per a dimensionar eficientment el nombre de fonts per a un node mòbil i per a calcular la grandària requerida del buffer, en funció del nombre de fonts i de la grandària dels missatges. Proposem un mecanisme adaptat al protocol MQTT que evita la pèrdua de dades per a clients mòbils, basat en un buffer intermedi entre la producció i publicació de missatges que en conjunt amb l'ús d'una alternativa al gestor de connexions sense fils "Network Manager'', en certs contextos millora l'establiment de les connexions. Per a l'avaluació d'aquesta proposta es presenta un estudi detallat d'un node mòbil que es mou en un escenari real a l'aire lliure, on estudiem el comportament del jitter i la transmissió de missatges. A més, hem utilitzat emuladors de xarxes IoT per a estudiar i determinar els efectes sobre la probabilitat de lliurament de missatges, quan s'agreguen tant publicadors com subscriptors a diferents escenaris. Finalment, es presenta una solució totalment orientada a entorns amb dispositius de recursos limitats que combina els protocols MQTT amb xarxes tolerants a retards (DTN) per a garantir el lliurament d'informació. L'avantatge de les solucions que proposem resideix en el fet que els sistemes IoT es tornen resilients a la mobilitat i als canvis de punt d'accés, permetent així que els desenvolupadors creuen fàcilment aplicacions i serveis IoT evitant considerar aquests problema. Un altre avantatge de les nostres solucions és que no necessiten suport addicional de la xarxa com succeeix amb protocols com MobileIP o el protocol que separa l'identificador del localitzador (LISP). Es destaca com hem millorat les solucions existents fins al moment de l'escriptura d'aquesta dissertació, i s'identifican futures línies d'actuació que no han sigut contemplades.Luzuriaga Quichimbo, JE. (2017). Managing Mobility for Distributed Smart Cities Services [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/84744TESI

Denial of service attack detection through machine learning for the IoT

Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on legitimate and protocol compliant DoS attack scenarios. To protect the MQTT message brokers from such attacks, we propose a machine learning-based detection framework developed for the MQTT protocol. Through experiments, we demonstrate the impact of such attacks on various MQTT brokers and evaluate the effectiveness of the proposed framework to detect these malicious attacks. The results obtained indicate that the attackers can overwhelm the server resources even when legitimate access was denied to MQTT brokers and resources have been restricted. In addition, the MQTT features we have identified showed high attack detection accuracy. The field size and length-based features drastically reduced the false-positive rates and are suitable in detecting IoT based attacks