Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/143781
|
Title: | 基於OAuth研製具主題管控能力的MQTT授權機制 An Approach for MQTT Topic Authorization based on OAuth |
Authors: | 吳少棠 Wu, Shao-Tang |
Contributors: | 廖峻鋒 Liao, Chun-Feng 吳少棠 Wu, Shao-Tang |
Keywords: | 物聯網 MQTT OAuth 授權 Internet of Things MQTT OAuth Authorization |
Date: | 2023 |
Issue Date: | 2023-03-09 18:25:10 (UTC+8) |
Abstract: | 隨著網路技術與聯網硬體設備的技術提升,物聯網的規模日與俱增,物聯網的資訊安全也漸漸成為嚴重的問題,而目前物聯網最廣泛使用的通訊協定是MQTT(Message Queuing Telemetry Transport )。MQTT目前流行的版本有3.1.1版與5.0版,前者只提供了基礎的username與password驗證,後者則可以實作Challenge-Response風格的驗證,但都沒有提供標準的授權機制。有許多研究便因此試圖透過其他方式處理MQTT的授權,例如著名的授權框架OAuth(Open Authorization),目前最廣泛使用的是OAuth 2.0版,利用OAuth 2.0的Scope授權限制MQTT Client的存取範圍,但目前的研究中,將OAuth 2.0直接套用到MQTT的訂閱機制可能會有授權範圍過於嚴格的問題,以及不易更新Client的權限的問題。因此,本研究提出一個結合OAuth 2.0的MQTT授權機制,並著重於讓訂閱的授權可以較為開放,以及使用簡單的方式更新Client的權限,並實作出授權伺服器、MQTT Broker與MQTT Client來驗證可行性,最後也進行了一系列的實驗,以檢視本論文提出設計的效能,並評估此設計的安全性。 With the advances in computing and network technologies, the scale of the Internet of Things is increasing day by day. Hence, security issues of the Internet of Things are gradually becoming none ignorable issues. Currently, one of the most widely used protocols for Internet of Things integration is MQTT (Message Queuing Telemetry Transport). MQTT’s popular versions are 3.1.1 and 5.0, where the former only provides the basic username and password authentication, and the latter can be implemented as Challenge-Response style authentication. However, current specifications still do not provide a standard authorization mechanism. Therefore, many studies tried to handle MQTT authorization in various ways, including the use of a well-known authorization framework called OAuth (Open Authorization). It restricts MQTT Client access using OAuth 2.0`s Scope authorization. However, in the current study, the direct application of OAuth 2.0 to the MQTT subscription mechanism may have the problem of overly strict authorization scope and the problem of not easily updating the Client`s privileges. Therefore, this study proposes an MQTT authorization mechanism based on OAuth 2.0, and focuses on making the authorization of subscriptions more open, and using a simple way to update the privileges of the Client, and implementing an authorization server, MQTT Broker and MQTT Client to verify the feasibility. Finally, the author performs a series of experiments to examine the performance impact of this framework, and to examine how much this framework improves security. This research has also conducted a series of experiments to examine the performance impact of this architecture, and to examine how much the security of this architecture has improved. |
Reference: | [1] M. Rothmuller and S. Barker, “IoT–The Internet of transformation 2020”, Basingstoke, U.K., Apr. 2020. [2] Z. Sheng, H. Wang, C. Yin, X. Hu, S. Yang and V. C. M. Leung, "Lightweight management of resource-constrained sensor devices in the Internet of Things", IEEE Internet Things J., vol. 2, no. 5, pp. 402-411, Oct. 2015. [3] B. Mishra and A. Kertesz, "The Use of MQTT in M2M and IoT Systems: A Survey", IEEE Access, vol. 8, pp. 201071-201086, 2020. [4] T I Skerrett, "Why MQTT Has Become the De-Facto IoT Standard", Oct. 2019, [online] Available: dzone.com/articles/. [5] M. O. Al Enany, H. M. Harb, and G. Attiya, “A Comparative analysis of MQTT and IoT application protocols,” in Proceedings of the 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRISs2021 International Conference on Electronic Engineering (ICEEM), pp. 1–6, Menouf, Egypt, July 2021. [6] D. Happ and A. Wolisz, "Limitations of the pub/sub pattern for cloud based IoT and their implications", Proc. Cloudification Internet Things (CIoT), pp. 1-6, Nov. 2016. [7] H. R. Ghorbani and M. H. Ahmadzadegan, "Security challenges in internet of things: survey", Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017. [8] "MQTT Version 3.1.1. Edited by Andrew Banks and Rahul Gupta. OASIS Standard", Oct. 2014, [online] Available: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html. [9] "MQTT Version 5.0. Edited by Andrew Banks, Ed Briggs, Ken Borgendale, and Rahul Gupta. OASIS Standard", 07 March 2019, [online] Available: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html. [10] D. Fett, R. Küsters and G. Schmitz, "A comprehensive formal security analysis of OAuth 2.0", Proc. ACM CCS, 2016. [11] P. Fremantle, B. Aziz, J. Kopecký and P. Scott, "Federated Identity and Access Management for the Internet of Things", Proceedings of IEEE International Workshop on Secure Internet of Things (SIoT), pp. 10-17, 2014. [12] M.Michaelides, C.Sengul and P.Patras, "An Experimental Evaluation of MQTT Authentication and Authorization in IoT", Proc. ACM WiNTECH, 2021. [13] D. Hardt, "RFC6749: The OAuth 2.0 Authorization Framework", 2012. [14] A. Niruntasukrat et al., "Authorization mechanism for MQTT-based Internet of Things", IEEE Int. Conf. on Communications Workshops, pp. 290-295, May 2016. [15] O. Yerlikaya and G. Dalkiliç, "Authentication and authorization mechanism on message queue telemetry transport protocol", 3rd international conference on computer science and engineering (UBMK), pp. 145-150, 2018. [16] M. G. Spina, F. D. Rango, G. M. Marotta, "Lightweight Dynamic Topic-Centric End-to-End Security Mechanism for MQTT", IEEE/ACM 25th International Symposium on Distributed Simulation and Real Time Applications (DS-RT), pp. 1-7, Sep 2021. [17] K. M. Dryja; M. Markovic; P. Edwards, "FlyTrap: A Blockchain-based Proxy for Authorisation and Audit of MQTT Connections", pp. 1-8, Dec 2021. [18] P. Colombo and E. Ferrari, "Access control enforcement within mqtt-based internet of things ecosystems", Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 223-234, 2018. [19] C. Sengul et al. 2020. "MQTT-TLS profile of ACE" (draft-ietf-ace-mqtt-tls-profile-04). Internet Draft. [20] J. Richer, "RFC7662: The OAuth 2.0 Token Introspection", 2015. |
Description: | 碩士 國立政治大學 資訊科學系碩士在職專班 109971013 |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0109971013 |
Data Type: | thesis |
Appears in Collections: | [資訊科學系碩士在職專班] 學位論文
|
Files in This Item:
File |
Description |
Size | Format | |
101301.pdf | | 2425Kb | Adobe PDF2 | 207 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|