MQTT DATA PROTOCOL IN REMOTE ACCESS CONTROL MANAGEMENT MODEL FOR INTERNET NETWORKS

The paper deals with security issues in the environment of "Internet of things" and, in particular, the management of safety access control at MQTT protocol application. We analyzed the most widespread data transfer protocols, CoAP and MQTT, and carried out the analysis of safety methods a...

Full description

Saved in:
Bibliographic Details
Published in:Nauchno-tekhnicheskiĭ vestnik informat͡s︡ionnykh tekhnologiĭ, mekhaniki i optiki mekhaniki i optiki, 2019-01, Vol.19 (1), p.109
Main Authors: Dikiy, D I, Artemeva, V D
Format: Article
Language:Russian
Subjects:
Access control
Algorithms
Authentication
Cryptography
Data transfer (computers)
Information management
Internet of Things
Protocol
Protocol (computers)
Remote control
Remote searching
Safety management
Traffic information
Traffic management
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The paper deals with security issues in the environment of "Internet of things" and, in particular, the management of safety access control at MQTT protocol application. We analyzed the most widespread data transfer protocols, CoAP and MQTT, and carried out the analysis of safety methods and means for the MQTT protocol being realized in it or maintained by it. The protocol implements authentication by login and password and allows for cryptographic transformations over the transmitted information via TLS protocol. Third-party services via OAuth protocol and others can be applied for authentication. The authentication takes place by the setting of ACL files or the third-party services and databases. A model is proposed for remote access control management of devices for machine-to-machine interaction under the MQTT protocol based on the Harrison-Ruzzo-Ullman model. The model provides six operators: addition and removal of the subject, addition and removal of the object, addition and deletion of access rights. The proposed model has the form of an access matrix and includes three types of rights: reading, writing and holding. The model is implemented with the result that it is compatible with the version v3.1 of MQTT protocol widely used at the moment. The change of access rights is performed on the basis of the types of messages available in MQTT protocol. An algorithm is considered for service data block creation so that this block can be easily recognized in the message body. The proposed model application gives the possibility to minimize administrator's participation by determination of access rights via the devices themselves without human involvement. Recommendations are given for security policy during information traffic management under MQTT protocol.
ISSN:2226-1494
2500-0373
DOI:10.17586/2226-1494-2019-19-1-109-117