A comprehensive security framework for publish/subscribe-based IoT services communication

Duan, L; Sun, CA; Zhang, Y; Ni, W; Chen, J

A comprehensive security framework for publish/subscribe-based IoT services communication

Duan, L Sun, CA Zhang, Y Ni, W

Chen, J

Permalink

Publisher:: Institute of Electrical and Electronics Engineers (IEEE)
Publication Type:: Journal Article
Citation:: IEEE Access, 2019, 7, pp. 25989-26001
Issue Date:: 2019-01-01

Closed Access

	Filename	Description	Size
	A_Comprehensive_Security_Framework_for_Publish_Subscribe-Based_IoT_Services_Communication.pdf	Published version	2.39 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Duan, L
dc.contributor.author	Sun, CA
dc.contributor.author	Zhang, Y
dc.contributor.author	Ni, W https://orcid.org/0000-0002-4933-594X
dc.contributor.author	Chen, J
dc.date.accessioned	2022-09-17T02:09:59Z
dc.date.available	2022-09-17T02:09:59Z
dc.date.issued	2019-01-01
dc.identifier.citation	IEEE Access, 2019, 7, pp. 25989-26001
dc.identifier.issn	2169-3536
dc.identifier.issn	2169-3536
dc.identifier.uri	http://hdl.handle.net/10453/161867
dc.description.abstract	The publish/subscribe paradigm provides a loosely-coupled and scalable communication model for the large-scale IoT service systems, such as supervisory control and data acquisition (SCADA). Data confidentiality and service privacy are two crucial security issues for the publish/subscribe model deployed in different domains. The existing access control schemes for such model cannot address both the issues at the same time. In this paper, we propose a comprehensive access control framework (CACF) to bridge this gap. The design principle of the proposed framework is twofold: (a) a bi-directional policy matching scheme for protecting the privacy of IoT services; and (b) a fully homomorphic encryption scheme for encrypting published events to protect data confidentiality. We analyze the correctness and security of the CACF, moreover, we prototype CACF based on Apache ActiveMQ, an open source message broker, and evaluate its performance. The experimental results indicate that our security system meets the latency requirements for very high-quality SCADA services.
dc.language	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof	IEEE Access
dc.relation.isbasedon	10.1109/ACCESS.2019.2899076
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	08 Information and Computing Sciences, 09 Engineering, 10 Technology
dc.title	A comprehensive security framework for publish/subscribe-based IoT services communication
dc.type	Journal Article
utslib.citation.volume	7
utslib.for	08 Information and Computing Sciences
utslib.for	09 Engineering
utslib.for	10 Technology
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
dc.date.updated	2022-09-17T02:09:37Z
pubs.publication-status	Published
pubs.volume	7

Abstract:

The publish/subscribe paradigm provides a loosely-coupled and scalable communication model for the large-scale IoT service systems, such as supervisory control and data acquisition (SCADA). Data confidentiality and service privacy are two crucial security issues for the publish/subscribe model deployed in different domains. The existing access control schemes for such model cannot address both the issues at the same time. In this paper, we propose a comprehensive access control framework (CACF) to bridge this gap. The design principle of the proposed framework is twofold: (a) a bi-directional policy matching scheme for protecting the privacy of IoT services; and (b) a fully homomorphic encryption scheme for encrypting published events to protect data confidentiality. We analyze the correctness and security of the CACF, moreover, we prototype CACF based on Apache ActiveMQ, an open source message broker, and evaluate its performance. The experimental results indicate that our security system meets the latency requirements for very high-quality SCADA services.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/161867