English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113648/144635 (79%)
Visitors : 51593820      Online Users : 887
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/143781


    Title: 基於OAuth研製具主題管控能力的MQTT授權機制
    An Approach for MQTT Topic Authorization based on OAuth
    Authors: 吳少棠
    Wu, Shao-Tang
    Contributors: 廖峻鋒
    Liao, Chun-Feng
    吳少棠
    Wu, Shao-Tang
    Keywords: 物聯網
    MQTT
    OAuth
    授權
    Internet of Things
    MQTT
    OAuth
    Authorization
    Date: 2023
    Issue Date: 2023-03-09 18:25:10 (UTC+8)
    Abstract: 隨著網路技術與聯網硬體設備的技術提升,物聯網的規模日與俱增,物聯網的資訊安全也漸漸成為嚴重的問題,而目前物聯網最廣泛使用的通訊協定是MQTT(Message Queuing Telemetry Transport )。MQTT目前流行的版本有3.1.1版與5.0版,前者只提供了基礎的username與password驗證,後者則可以實作Challenge-Response風格的驗證,但都沒有提供標準的授權機制。有許多研究便因此試圖透過其他方式處理MQTT的授權,例如著名的授權框架OAuth(Open Authorization),目前最廣泛使用的是OAuth 2.0版,利用OAuth 2.0的Scope授權限制MQTT Client的存取範圍,但目前的研究中,將OAuth 2.0直接套用到MQTT的訂閱機制可能會有授權範圍過於嚴格的問題,以及不易更新Client的權限的問題。因此,本研究提出一個結合OAuth 2.0的MQTT授權機制,並著重於讓訂閱的授權可以較為開放,以及使用簡單的方式更新Client的權限,並實作出授權伺服器、MQTT Broker與MQTT Client來驗證可行性,最後也進行了一系列的實驗,以檢視本論文提出設計的效能,並評估此設計的安全性。
    With the advances in computing and network technologies, the scale of the Internet of Things is increasing day by day. Hence, security issues of the Internet of Things are gradually becoming none ignorable issues. Currently, one of the most widely used protocols for Internet of Things integration is MQTT (Message Queuing Telemetry Transport). MQTT’s popular versions are 3.1.1 and 5.0, where the former only provides the basic username and password authentication, and the latter can be implemented as Challenge-Response style authentication. However, current specifications still do not provide a standard authorization mechanism. Therefore, many studies tried to handle MQTT authorization in various ways, including the use of a well-known authorization framework called OAuth (Open Authorization). It restricts MQTT Client access using OAuth 2.0`s Scope authorization. However, in the current study, the direct application of OAuth 2.0 to the MQTT subscription mechanism may have the problem of overly strict authorization scope and the problem of not easily updating the Client`s privileges. Therefore, this study proposes an MQTT authorization mechanism based on OAuth 2.0, and focuses on making the authorization of subscriptions more open, and using a simple way to update the privileges of the Client, and implementing an authorization server, MQTT Broker and MQTT Client to verify the feasibility. Finally, the author performs a series of experiments to examine the performance impact of this framework, and to examine how much this framework improves security. This research has also conducted a series of experiments to examine the performance impact of this architecture, and to examine how much the security of this architecture has improved.
    Reference: [1] M. Rothmuller and S. Barker, “IoT–The Internet of transformation 2020”, Basingstoke, U.K., Apr. 2020.
    [2] Z. Sheng, H. Wang, C. Yin, X. Hu, S. Yang and V. C. M. Leung, "Lightweight management of resource-constrained sensor devices in the Internet of Things", IEEE Internet Things J., vol. 2, no. 5, pp. 402-411, Oct. 2015.
    [3] B. Mishra and A. Kertesz, "The Use of MQTT in M2M and IoT Systems: A Survey", IEEE Access, vol. 8, pp. 201071-201086, 2020.
    [4] T I Skerrett, "Why MQTT Has Become the De-Facto IoT Standard", Oct. 2019, [online] Available: dzone.com/articles/.
    [5] M. O. Al Enany, H. M. Harb, and G. Attiya, “A Comparative analysis of MQTT and IoT application protocols,” in Proceedings of the 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRISs2021 International Conference on Electronic Engineering (ICEEM), pp. 1–6, Menouf, Egypt, July 2021.
    [6] D. Happ and A. Wolisz, "Limitations of the pub/sub pattern for cloud based IoT and their implications", Proc. Cloudification Internet Things (CIoT), pp. 1-6, Nov. 2016.
    [7] H. R. Ghorbani and M. H. Ahmadzadegan, "Security challenges in internet of things: survey", Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017.
    [8] "MQTT Version 3.1.1. Edited by Andrew Banks and Rahul Gupta. OASIS Standard", Oct. 2014, [online] Available: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html.
    [9] "MQTT Version 5.0. Edited by Andrew Banks, Ed Briggs, Ken Borgendale, and Rahul Gupta. OASIS Standard", 07 March 2019, [online] Available: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html.
    [10] D. Fett, R. Küsters and G. Schmitz, "A comprehensive formal security analysis of OAuth 2.0", Proc. ACM CCS, 2016.
    [11] P. Fremantle, B. Aziz, J. Kopecký and P. Scott, "Federated Identity and Access Management for the Internet of Things", Proceedings of IEEE International Workshop on Secure Internet of Things (SIoT), pp. 10-17, 2014.
    [12] M.Michaelides, C.Sengul and P.Patras, "An Experimental Evaluation of MQTT Authentication and Authorization in IoT", Proc. ACM WiNTECH, 2021.
    [13] D. Hardt, "RFC6749: The OAuth 2.0 Authorization Framework", 2012.
    [14] A. Niruntasukrat et al., "Authorization mechanism for MQTT-based Internet of Things", IEEE Int. Conf. on Communications Workshops, pp. 290-295, May 2016.
    [15] O. Yerlikaya and G. Dalkiliç, "Authentication and authorization mechanism on message queue telemetry transport protocol", 3rd international conference on computer science and engineering (UBMK), pp. 145-150, 2018.
    [16] M. G. Spina, F. D. Rango, G. M. Marotta, "Lightweight Dynamic Topic-Centric End-to-End Security Mechanism for MQTT", IEEE/ACM 25th International Symposium on Distributed Simulation and Real Time Applications (DS-RT), pp. 1-7, Sep 2021.
    [17] K. M. Dryja; M. Markovic; P. Edwards, "FlyTrap: A Blockchain-based Proxy for Authorisation and Audit of MQTT Connections", pp. 1-8, Dec 2021.
    [18] P. Colombo and E. Ferrari, "Access control enforcement within mqtt-based internet of things ecosystems", Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 223-234, 2018.
    [19] C. Sengul et al. 2020. "MQTT-TLS profile of ACE" (draft-ietf-ace-mqtt-tls-profile-04). Internet Draft.
    [20] J. Richer, "RFC7662: The OAuth 2.0 Token Introspection", 2015.
    Description: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    109971013
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0109971013
    Data Type: thesis
    Appears in Collections:[資訊科學系碩士在職專班] 學位論文

    Files in This Item:

    File Description SizeFormat
    101301.pdf2425KbAdobe PDF2207View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback