Integrity Monitoring for IoT Device Based on MQTT Protocol Extension
CSTR:
Author:
  • Article
  • | |
  • Metrics
  • |
  • Reference [23]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    With the rapid development of the Internet of Things (IoT), the number of IoT devices has grown exponentially, which is accompanied by the increasing attention to IoT security. Generally, IoT devices adopt software attestation to verify the integrity of the software environment, so that system integrity tampering caused by the execution of malicious software can be detected timely. However, the existing software attestation suffers from poor performance in the synchronous attestation of massive IoT devices and the difficulty in extending the general IoT communication protocol. To address these problems, this study proposes a lightweight asynchronous integrity monitoring scheme. The scheme extends the security authentication message of software attestation on the general message queuing telemetry transport (MQTT) protocol and asynchronously pushes the integrity information of devices. It improves not only the security of IoT systems but also the efficiency of integrity attestation and verification. The following three security functions are realized: device integrity measurement in a kernel module; lightweight authentication extension of device identity and integrity based on MQTT; asynchronous integrity monitoring based on MQTT extension protocol. This scheme can resist common software attestation attacks and MQTT protocol attacks and has the characteristics of lightweight asynchronous software attestation and general MQTT security extension. The experimental results of the prototype system of IoT authentication based on MQTT show the high performance of the integrity measurement of IoT nodes, MQTT protocol connection authentication and PUBLISH message authentication, which can meet the application requirements of integrity monitoring of massive IoT devices.

    Reference
    [1] Liyanage M, Braeken A, Kumar P, et al. IoT Security: Advances in Authentication. Hoboken: John Wiley & Sons, 2020.
    [2] He WJ, Golla M, Padhi R, et al. Rethinking access control and authentication for the home Internet of Things (IoT). Proceedings of the 27th USENIX Conference on Security Symposium. Baltimore: USENIX Association, 2018. 255–272.
    [3] OASIS. MQTT version 3.1. 1 plus errata 01. http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html. (2015-12-10).
    [4] OASIS. MQTT version 5.0. https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html. (2019-03-07).
    [5] Jia Y, Xing LY, Mao YH, et al. Burglars’ IoT paradise: Understanding and mitigating security risks of general messaging protocols on IoT clouds. Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). San Francisco: IEEE, 2020. 465–481.
    [6] Hintaw AJ, Manickam S, Karuppayah S, et al. A brief review on MQTT’s security issues within the Internet of Things (IoT). Journal of Communications, 2019, 14(6): 463–469
    [7] Harsha MS, Bhavani BM, Kundhavai KR. Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Proceedings of 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). Bangalore: IEEE, 2018. 2244–2250.
    [8] 冯登国, 刘敬彬, 秦宇, 等. 创新发展中的可信计算理论与技术. 中国科学: 信息科学, 2020, 50(8): 1127–1147
    [9] Feng W, Qin Y, Zhao SJ, et al. AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS. Computer Networks, 2018, 134: 167–182. [doi: 10.1016/j.comnet.2018.01.039
    [10] Spinellis D. Reflection as a mechanism for software integrity verification. ACM Transactions on Information and System Security, 2000, 3(1): 51–62. [doi: 10.1145/353323.353383
    [11] Seshadri A, Perrig A, van Doorn L, et al. SWATT: Software-based attestation for embedded devices. Proceedings of the 2004 IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2004. 272–282.
    [12] Seshadri A, Luk M, Perrig A, et al. SCUBA: Secure code update by attestation in sensor networks. Proceedings of the 5th ACM Workshop on Wireless Security. Los Angeles: ACM, 2006. 85–94.
    [13] Li YL, McCune JM, Perrig A. VIPER: Verifying the integrity of PERipherals’ firmware. Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago: ACM, 2011. 3–16.
    [14] Li YL, McCune JM, Perrig A. SBAP: Software-based attestation for peripherals. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin: Springer, 2010. 16–29.
    [15] Shaneck M, Mahadevan K, Kher V, et al. Remote software-based attestation for wireless sensors. Proceedings of the 2nd European Workshop on Security in Ad-hoc and Sensor Networks. Visegrad: Springer, 2005. 27–41.
    [16] Ibrahim A, Sadeghi AR, Zeitouni S. SeED: Secure non-interactive attestation for embedded devices. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Boston: ACM, 2017. 64–74.
    [17] Asokan N, Brasser F, Ibrahim A, et al. SEDA: Scalable embedded device attestation. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver: ACM, 2015. 964–975.
    [18] Ambrosin M, Conti M, Ibrahim A, et al. SANA: Secure and scalable aggregate network attestation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna: ACM, 2016. 731–742.
    [19] Ibrahim A, Sadeghi AR, Tsudik G. US-AID: Unattended scalable attestation of IoT devices. Proceedings of the 37th Symposium on Reliable Distributed Systems (SRDS). Salvador: IEEE, 2018. 21–30.
    [20] Kuang BY, Fu AM, Yu S, et al. ESDRA: An efficient and secure distributed remote attestation scheme for IoT swarms. IEEE Internet of Things Journal, 2019, 6(5): 8372–8383. [doi: 10.1109/JIOT.2019.2917223
    [21] 杜变霞, 秦宇, 冯伟, 等. 面向物联网的高效集群证明机制. 计算机系统应用, 2018, 27(10): 22–32. [doi: 10.15888/j.cnki.csa.006626
    [22] 刘孜文, 冯登国. 基于可信计算的动态完整性度量架构. 电子与信息学报, 2010, 32(4): 875–879
    [23] Eldefrawy K, Tsudik G, Francillon A, et al. SMART: Secure and minimal architecture for (establishing dynamic) root of trust. Proceedings of the 19th Annual Network and Distributed System Security Symposium. San Diego: The Internet Society, 2012. 1–15.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

齐兵,秦宇,李敏虹,谢宏,尚科彤,冯伟,李为.基于MQTT协议扩展的IoT设备完整性监控.计算机系统应用,2022,31(11):68-78

Copy
Share
Article Metrics
  • Abstract:1083
  • PDF: 2037
  • HTML: 2317
  • Cited by: 0
History
  • Received:February 24,2022
  • Revised:March 15,2022
  • Online: July 07,2022
Article QR Code
You are the first990365Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-3
Address:4# South Fourth Street, Zhongguancun,Haidian, Beijing,Postal Code:100190
Phone:010-62661041 Fax: Email:csa (a) iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063