TLS Beyond the Broker: Enforcing Fine-grained Security and Trust in Publish/Subscribe Environments for IoT

by   Korbinian Spielvogel, et al.

Message queuing brokers are a fundamental building block of the Internet of Things, commonly used to store and forward messages from publishing clients to subscribing clients. Often a single trusted broker offers secured (e.g. TLS) and unsecured connections but relays messages regardless of their inbound and outbound protection. Such mixed mode is facilitated for the sake of efficiency since TLS is quite a burden for MQTT implementations on class-0 IoT devices. Such a broker thus transparently interconnects securely and insecurely connected devices; we argue that such mixed mode operation can actually be a significant security problem: Clients can only control the security level of their own connection to the broker, but they cannot enforce any protection towards other clients. We describe an enhancement of such a publish/subscribe mechanism to allow for enforcing specified security levels of publishers or subscribers by only forwarding messages via connections which satisfy the desired security levels. For example, a client publishing a message over a secured channel can instruct the broker to forward the message exclusively to subscribers that are securely connected. We prototypically implemented our solution for the MQTT protocol and provide detailed overhead measurements.



There are no comments yet.


page 2


Memory Forensic Analysis of MQTT Devices

Internet of Things is revolutionizing the current era with its vast usag...

DSTC: DNS-based Strict TLS Configurations

Most TLS clients such as modern web browsers enforce coarse-grained TLS ...

F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure

We present F-PKI, an enhancement to the HTTPS public-key infrastructure ...

ExTru: A Lightweight, Fast, and Secure Expirable Trust for the Internet of Things

The resource-constrained nature of the Internet of Things (IoT) devices,...

JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT)

This paper is an overview of JSON Web Token (JWT) and Transport Layer Se...

On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name

Most modern web browsers today sacrifice optimal TLS security for backwa...

Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference

The proliferation of Internet of Things (IoT) devices has made people's ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.