Professional Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 1
Abstract—In the last years, several academic research efforts A. Publish/subscribe Services for Industrial IoT
focused on security requirements, threat models, and attack
taxonomies concerning the application of Internet of Things in Such a multitude of nodes within an IoT infrastructure are
critical systems. Since such systems are strongly data-intensive, characterized by a different communication pattern comple-
it is of pivotal importance to provide integrity for the messages menting the more traditional request/reply mechanism imple-
moving throughout the IoT infrastructure by means of pub- mented by web services, needed for their direct referencing by
lish/subscribe services. Integrity provisioning in industrial IoT users and/or applications. For scalability and seamless mobility
scenarios has received marginal attention with respect to other
primary security features. The existing solutions are lacking the reasons, it is important to avoid the necessity of static or
needed focus on the peculiarities of event notification and on the rigidly established interconnections among the IoT nodes and
demand introduced by resource-constrained devices. This work intermediaries, so as to apply a plug & play approach for
contributes by applying group signatures so as to avoid managing the automatic detection of a novel node and the establishment
certificates, violating the spatial decoupling, or implying an of a new connection. For this reason, the publish/subscribe
excessive resource usage. A proof-of-concept prototype of the
proposed solution has been realized for platforms based on paradigm [4] has imposed itself as the best communication
TinyOS and simulations with TOSSIM have been conducted in scheme to convey data within an IoT system thanks to its de-
order to empirically assess its performance and effectiveness. coupling, asynchrony and flexibility features. Moreover, such a
Index Terms—Publish/subscribe Service, Message Integrity, scheme natively supports data-centric communications, rather
Group Signature, Identity-Based Crypto-Systems. than network-centric ones, which perfectly matches the event-
driven model of the sensors where nodes express their interest
I. I NTRODUCTION by means of subscriptions that are string-matching predicates
on the notification contents or their topics. Within the current
I NTERNET of Things (IoT) [1] can be simply described
as the integration of Wireless Sensor Networks with Cloud
Computing, where smart sensing nodes (or actuators) located
panorama of communication middleware for IoT scenarios,
there are several solutions providing an implementation of the
publish/subscribe paradigm, as surveyed in [5]. Most of them
on the network edge monitor (or control) the physical environ-
are based on well-formalized standards from the IETF, OMG
ment by eventually performing some initial pre-processing on
or OASIS, and assume an infrastructure-based architecture
the gathered data. Such data moves from the edge towards the
with the presence of special nodes (i.e., characterized by
network core by reaching the cloud, in order to be persistently
more computational and storage resources than the IoT nodes),
stored and analyzed by generating new information, or taking
where notification brokers are hosted, to mediate among the
proper decisions to control a given process. Differently from
IoT nodes by managing subscriptions and routing notifications
the devices operating in traditional sensor networks scenarios,
to the interested subscribers. Also infrastructure-less solutions
many IoT nodes are equipped with long- or short-range
are present, despite being mainly research prototypes, such as
wireless communication interfaces, with IP capabilities, in
in [6], where nodes assume a promiscuous architectures with-
order to connect to a base station, a local router or a access
out any brokers and where the notifications are managed in a
point (often referred as “gateway”), providing Internet access,
decentralized way by the publishers and subscribers running
and hence allowing the node to directly reach the cloud. This
on the IoT nodes. Such a second solution lies along the current
removes the need of a sink node collecting the sensory data
research frontier and it is more complex to implement, since it
and forwarding them to Internet-accessible remote processing
requires that the nodes have to self-organize themselves within
services. However, it is possible to have IoT nodes not directly
a proper overlay organization but provides an higher degree
connected to the cloud, but having some intermediaries along
of scalability, availability and reliability due to the lack of
the way, performing some sort of pre-processing, filtering or
brokers, which may represent a performance bottleneck and
aggregation, and hence leading to the so-called Fog Computing
single point of failure for the overall infrastructure.
architectures [2]. This means pushing the frontier of processing
applications and analytics away from centralized nodes by
distributing processing intelligence near to the true origins of B. The need for Security in Industrial IoT
the data of interest [3]. IoT is among the recent technologies that are paving the
Manuscript received XX X, 201X; revised X X, 201X. Corresponding way for the fourth industrial revolution, named as Industry
author: C. Esposito (email: esposito@unisa.it). 4.0 [7], which, as the other revolutions, consists in a radical
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 2
35000 10000
30000 9000
Number of publications
8000
Number of publications
Data Processing 25000 7000
Sensor Management
6000
Data Storage 20000
5000
Cloud-Based
15000 4000
Cloud
10000 3000
2000
5000 1000
0 0
2010 2011 2012 2013 2014 2015 2016 2010 2011 2012 2013 2014 2015 2016
Year Year
Wide-Area Network
IoT Security IoT Fault-Tolerance IoT Realibility IoT IoT Cryptography IoT Access Control IoT Signature
(a) (b)
Gateway
Sensor Overlay
even if such a situation is changing in the last years. Indeed, membership information and disseminating the key among
multiple kinds of attacks [15], such as Man-in-the-Middle, the cluster members by using identity-based encryption and
False Data Injection or Message Replay, potentially affect signature. Despite offering those capabilities, such a solution
IIoT infrastructures and can be faced only if the integrity of is known to be inefficient, and some recent works, such
the exchanged data is preserved and their source is strongly as [19] and [20], have been devoted to the scope of resolving
authenticated and traceable. such an issue by reducing the signature length and signature
creation/verification time, in order to contain the latency
C. Integrity Enforcement and Open Issues introduced. We have based our work on these solutions for
short group signatures, and applied them to the case of event
When integrity of exchanged messages has to be verified,
notification within the IIoT. Also in [21], [22], group signature
techniques based on digital signature must be used. They
is advocated as a promising solution based on qualitative
generically consist in a publisher computing some kind of
considerations, but not implemented or quantitatively assessed
hash on the data to be exchanged and associating it to the
within the context of IIoT. Concrete usages of group signatures
outgoing notification after encrypting it with its private key.
within IIoT can be found in [23], [24], and we differ from
On the other hand, the subscriber can verify the integrity
them since we introduce clustering in order to improve the
by computing the hash of the message, decrypting the hash
scalability and efficiency of such a scheme when dealing with
contained in the received notification by using the public key
a large number of dynamic nodes, and an effective setup thanks
of the publisher, and checking if these two hashes coincide.
to the use of identity-based crypto-primitives. Therefore, the
Typically, a public key infrastructure (PKI) is used so that
major contributions of this work are the following ones:
the entity that needs to verify the received digital signature
can obtain the public key of the signer, so that the identity 1) We present an analysis of the available platforms for
of the signer is documented by a valid digital certificate [16]. event notification within the IIoT and discuss their solu-
Such a basic scheme underlying every specific solution for tions to provide integrity of the exchanged notifications.
digital signature implies several issues when applied within the 2) We have applied the group signature scheme within
context of publish/subscribe services, as investigated in [17]. the context of the infrastructure-less publish/subscribe
Summarizing the reported findings, the current solutions for protocol from [6] in order to achieve a scalable and
digital signatures in publish/subscribe services exhibit two anonymous signature management framework.
main problems: on the one hand, we can find some overheads 3) We used identity-based crypto-primitives to allow the
and inefficiencies in retrieving and keeping certificates; on the cluster head to disseminate new group keys and designed
other hand, there are identity exposures and violations of the a mechanism to revoke group keys when novel members
spatial decoupling, since the subscriber needs to know the join the clusters and/or some participants leave them.
identity of the publisher of a received notification in order 4) We have performed a simulation-based assessment of
to perform the signature verification. Such issues are further the proposed solution in order to present its achievable
exacerbated within the context of the IIoT, since we have to quality in terms of latency and energy consumption.
consider their resource constrained nature and the need of
minimizing the energy drained from the battery, which imply
E. Roadmap
the need of storing a limited amount of information, executing
simple mathematical operations and keeping the amount of The rest of the paper is structured as follows. Section II
additional data to be exchanged (security overhead) as smaller introduces the key aspects of event-based and secure commu-
as possible. This strongly limits the applicability of the basic nications within the context of the IIoT by paying attention
digital signature schemes and calls out for solutions tailored to to the integrity needs of the IIoT. Section III presents the
provide scalable and anonymous signature management with proposed group key-based solution and its application within
contained resource usage. an infrastructure-less publish/subscribe service Section IV
illustrates the results achieved by running our solution in a
simulated scenario. We conclude with Section V, where the
D. Our Contribution
lesson learnt and the plan for future work are discussed.
The primary objective of this work has been to apply group-
based signature [18] to IIoT communications, by integrating it
II. BACKGROUND AND R ELATED W ORK
within the event-driven publish/subscribe framework presented
in [6]. Such a cryptographic technique consists in having A. Publish/Subscribe Services within the IoT
(i) only the members of a given group able to sign the The Publish/Subscribe interaction pattern [4] perfectly mod-
messages exchanged within the group, (ii) the destinations els event-driven communications occurring at the edge of
able to verify if a signature is valid, without disclosing the the IIoT among the sensing nodes and the gateways towards
true identity of the signer, and (iii) the signature able to be the fog computing devices and/or the applications hosted
“opened” so as to reveal the identity of the group member within the cloud. It is an evolution in the distributed pro-
that has signed the message. Specifically, the publish/subscribe ducer/consumer systems design, characterized by producer
service implements a node clustering scheme based on their applications, called publishers, where events can occur and
specific topic and dynamically elects the cluster head, which notifications are generated with a description of those events,
is responsible for generating the group key, maintaining the and consumer applications, called subscribers, that receive
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 4
notifications of the events they are interested in. Within this B. Integrity in the Event Notification within IoT
pattern we have the presence of an abstraction for gluing
together publishers and subscribers that deals with the routing Within the context of publish/subscribe-based event notifi-
of the notifications from the emitting publishers to the receiv- cation, integrity refers to the protection from any possible ma-
ing subscribers based on their own interests manifested by licious manipulation of the notification content. Such manipu-
means of subscriptions, i.e., proper predicates on the context, lations may take place on forwarders along the path from the
the type or the topic of the exchanged notifications. Such an publisher to an interested subscriber, maliciously changing the
abstraction can be concretely implemented, at the middleware data contained in the notifications, or on compromised nodes
level, by means of brokers, which are applications running on replaying forged notifications by masquerading themselves as
special nodes (which differ from the ones hosting publishers legitimate publishers. Digital signature and hashing schemes
and subscribers since being characterized by a higher amount represent the widely accepted solution for providing such a
of computing and storage capabilities and/or available energy), fundamental security feature.
or in a promiscuous manner by having the publishing and The existing standards for publish/subscribe services within
subscribing applications (and hence nodes) to deal with the the IoT provide proper solutions to support integrity demands.
routing of notifications by autonomously establishing an over- First, the OMG has fully standardized the security features
lay communication infrastructure among themselves. Despite for DDS where the Cryptographic Service Plugin supports
in the typical solutions for publish/subscribe services the use of all cryptographic operations including digital signatures in-
brokers is appreciated for scalability, maintainability, usability, serted within the RTPS Header. Despite describing why and
and availability needs, in the specific IIoT scenario, brokers’ how using digital signatures, the standard does not indicate
deployment becomes a serious concern due to the higher which specific technique has to be used. The main products
economic costs of resulting infrastructure, and to the necessity available implement such a standard by adopting state-of-the-
of a pre-optimized planning of the location of the sensors art solutions; for a concrete example, Connext DDS Secure
with respect to the available brokers. On the contrary, having from RTI [37] uses the X.509 [38] certificates with a pre-
a broker-less solution is strongly preferable since it implies configured shared Certificate Authority, while the signatures
reduced costs and deployment efforts as well as it is more are computed with Digital Signature Algorithm (DSA) [39].
adaptive to mobility patterns and scalable with the number Differently, the OpenSplice framework uses R. Rivest, A.
of IoT devices. However, the downside is represented by the Shamir and L. Adleman (RSA) [39] signatures. Second, with
complexity of managing the overlay among the nodes. respect to XMPP, there is a specific extension for signa-
tures called Encapsulated Digital Signatures in XMPP (XEP-
For these reasons, the currently available solutions for 0290) [40], which describes a signature approach based upon
event notifications within the IoT, which are facing a large XML Signatures (XMLDSIG) [41]. Third, in the MQTT
application also within the context of IIoT, rely on standards context, notifications can contain a digital signature of the
where architectures based on the brokers are preferred [12], contents implemented by using X509 client certificates. The
[25]. First, the OMG issued the Data Distribution Service specific technique to be used for computing the signature is not
(DDS) [26] specification for a broker-less event notification fully standardized and in [42] the authors propose the use of
and its adaptation to the peculiarities of the IoT has been RSA and a solution based on Elliptic Curves (ECCSA), which
proposed in [27], [28]. Second, the IETF has issued a represents a valuable signature scheme compared to traditional
set of specifications named as Extensible Messaging and schemes (RSA, DSA), since it exhibits an equivalent security
Presence Protocol (XMPP) [29], where the XEP-0174 speci- degree with smaller key sizes, lower complexity and hence
fication [30] has been thought specifically for IoT, since no faster computation [43]. Last, there is an on-going work
intermediaries are needed. Third, there is an ISO standard on the security for COAP [44] with a focus on integrity
(ISO/IEC PRF 20922) named Message Queuing Telemetry protection based on JSON Web Signature (JWS) [45], while
Transport (MQTT) [31] with an extension known as MQTT [46] proposes a RESTful CoAP message signature generation
for Sensor Networks (MQTT-SN) [32] that is a lightweight and verification scheme. These experiences show how the
broker-based protocol for resource-constrained devices, such signatures can be integrated within the overall CoAP architec-
as the ones used in IoT. Last, the IETF has standardized the ture and in the structure of the exchanged messages, without
Constrained Application Protocol (CoAP) [33] for the web indicating a given signature approach. Some research efforts
transfers based on the Representational State Transfer (REST) aim at fulfilling such a lack, such as [47], where ECCSA
on top of HTTP functionalities, with the possibility of using is applied, or [48] where EdDSA [49], a variant of Schnorr
an optional extension [34] for group communications with IP signature based on Twisted Edwards curves, is recommended.
Multicast or multiple unicast sessions. Recently, such a RFC Despite the various solutions proposed in available products
evolved in [35], which defines a broker-based architecture for and standards, the literature regarding secure publish/subscribe
CoAP implemented in [36]. Within the academic literature, we services lacks of focus on the specific peculiarities of such
can find some proposals for a promiscuous publish/subscribe a kind of approach, and the typical strategy for introducing
service, such as the aforementioned protocol presented in [6], security services is to adopt schemes taken from secure unicast
providing automatic discovery of newly activated devices and communications by adapting them to group communication
establishment of overlay links among nodes without any bro- scenarios. This causes three main problems: (i) issues in man-
ker. This approach will be used as the basis for our proposal. aging certificates, (ii) identity exposure, and (iii) scalability
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 5
certificate, (ii) to check its validity, and (iii) to get the signer
public key for verifying the signature of the received notifica-
tion. This causes overheads and inefficiencies, which can be
overwhelming within the case of IoT due to the large number
of nodes (whose certificates are needed) and limited storage
capacity and availability of battery power, which can be easily
Group-Based
drained by continuously acquiring certificates. The problem of Signature Scheme
managing certificates can be resolved by using identity-based
crypto-systems [50], where the public key of a user is easily
computable from a string corresponding to the user identity by
means of bilinear pairings [51], and without requiring a certifi-
cation authority. Since the seminal work in [52] that introduced Fig. 3. Sequence diagram of the proposed signing approach.
certificate-less signatures, a series of papers, such as [53], [54],
have been proposed in order to further improve such a scheme
has been proposed in [56] named Ring Signature scheme,
and to make it more secure, by removing the key escrow
where the signature creation and verification process is not
problem, or more efficient by removing bilinear pairing (whose
assigned to a manager, but directly performed by the interested
computations are heavier than the ones in traditional schemes)
applications. The absence of managers allows the achievement
and basing the signature on the most efficient RSA. However,
of greater efficiency. In our approach, we have considered the
the use of identity-based crypto-systems is not advantageous
Short Group Signature [19] solution for its simplicity and
in publish/subscribe services. In fact, signature schemes with
efficiency, where the generation and management of group
or without certificates are characterized by the problem of the
signatures is delegated to the cluster head dynamically elected
publisher’s identity being exposed during signature verification
by the publish/subscribe service. However, at the beginning
by a subscriber demanding the public keys of all the interacting
of the approach the cluster head has to distribute the needed
publishers. This violates the spatial decoupling property of the
information so that publishers can generate the signatures and
publish/subscribe services, since the identity of the publisher
the subscribers verify signatures extracted from the received
needs to be explicit and the event dissemination is no longer
notifications. Such a protection can only be obtained by
anonymous. Moreover, the need for subscribers to know the
encrypting and authenticating the messages exchanged by the
public keys of the signers still reduces the scalability of the
cluster head with the other members. Also in this case, it is
signature scheme.
necessary to adopt a PKI for the management and verification
III. G ROUP S IGNATURES FOR E VENT N OTIFICATION of certificates used for message authentication, causing over-
WITHIN II OT heads and inefficiencies. A suitable solution for simplifying
key management and managing certificates, is the adoption of
Figure 3 shows our envisioned approach for the signature of
identity-based crypto systems [50], where the public key of a
exchanged notifications without violating the anonymity of the
user is easily computable from a string corresponding to the
publish/subscribe service and by guaranteeing the scalability
user’s identity by means of bilinear pairings [51], and without
of the communication. The core functionality consists in
requiring a certification authority. In the rest of this section,
a new way for authenticating notifications without leaking
these three aspects of our solution will be described in details.
signer identity, and a suitable approach is a Group Signature
scheme [18], which exhibits the following three properties: (i)
only members of a given group, in our case the ones advertised A. The group signature scheme
on the same topic, can sign the exchanged notifications; The scheme from [19] is made of four distinct algorithms.
(ii) subscribers can verify if the signature is valid, without KeyGen deals with generating the key that publishers must
disclosing the true identity of the publishing signer; (iii) use in order to sign their outgoing notifications. It takes as
the signature can optionally be “opened” so as to reveal the input a parameter n, the number of members authorized to
identity of the group member that has signed the message. sign and proceeds as follows. First, it builds two random
A first practical solution to realize group signatures has been G G
generators g1 ∈ 1 and g2 ∈ 2 , and generates a random
presented in [55] by using dynamic accumulators. However, G
number h ∈ 1 \ {1G1 }, and two other random numbers
the inefficiency of the available schemes has limited the ξ1 , ξ2 ∈ Zq∗ . Based on such numbers, it determines u, v ∈ 1 G
widespread adoption of these group signature schemes. This as follows: u = ξ1−1 h and v = ξ2−1 so that uξ1 = v ξ2 = h.
issue has been considered in [19] and [20] in order to reduce Then, a random number γ ∈ Zq∗ is generated and w = g2γ is
the signature length, revocation capability, and signature cre- determined. For each i-th member of the group that intends
ation/verification time. A simplified group signature scheme to publish notifications and asks the needed information for
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 6
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 7
StartC
250
ReceiverC 200
Time (msec)
StartMasterC StartNodeC PubSubC 150
100
SenderC
0
CryptoIBSC CryptoIBEC UtilityC GroupSigC ActiveMessageC TimerMilliC AMSenderC AMReceiverC 25 50 100
Number of Nodes
(a)
3500
the implementation of our prototype, which is organized in
3000
layers, with components sending commands and requests to
2500
the ones below them, which in turn notify events to the
Time (msec)
2000
requesting components at the higher layer. StartC is the root 1500
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 8
3000 ACKNOWLEDGEMENT
2500
1000
500
R EFERENCES
0 [1] L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,”
25 50 100 Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010.
Number of Nodes
[2] A. V. Dastjerdi and R. Buyya, “Fog Computing: Helping the Internet
No Signature With Signature, no Clustering With Signature, and Clustering of Things Realize Its Potential,” Computer, vol. 49, no. 8, pp. 112–116,
August 2016.
[3] W. Feng, Z. Yan, H. Zhang, K. Zeng, Y. Xiao, and T. Hou, “A Survey
Fig. 6. Energy consumption of a forwarding operation. on Security, Privacy and Trust in Mobile Crowdsourcing,” IEEE Internet
of Things Journal, vol. In Press, 2017.
[4] P. Eugster, P. Felber, R. Guerraoui, and A.-M. Kermarrec, “The many
Faces of Publish/subscribe,” ACM Computing Surveys, vol. 35, no. 2,
on the length of the signature. Moreover, every time a node pp. 114–131, June 2003.
receives a notification, even if not being interested and acting [5] A. Al-Fuqaha and M. Guizani and M. Mohammadi and M. Aledhari and
as a forwarder, it must verify the attached signature, and this M. Ayyash, “Internet of Things: A Survey on Enabling Technologies,
Protocols, and Applications,” IEEE Communication Surveys & Tutorials,
has a performance cost. When the network grows, the number vol. 17, no. 4, pp. 2347–2376, Fourth Quarter 2015.
of hops to reach a destination probably augments, causing [6] C. Esposito and A. Castiglione and F. Palmieri and M. Ficco and K. K. R.
the trend illustrated in the figures. Moreover, the increasing Choo, “A Publish/Subscribe Protocol for Event-Driven Communications
in the Internet of Things,” in Proceedings of the IEEE 14th International
size of a notification causes the need of fragmenting it in Conference on Dependable, Autonomic and Secure Computing, August
multiple packets and managing the needed reassembling of the 2016, pp. 376–383.
overall fragments and their retransmission in case of losses, [7] Y. Koren, The Global Manufacturing Revolution: Product-Process-
Business Integration and Reconfigurable Systems. Wiley, June 2010.
implying the consequent increase of the delivery time. A last [8] M. Wollschlaeger and T. Sauter and J. Jasperneite, “The Future of Indus-
consideration is related to the energy consumption, illustrated trial Communication: Automation Networks in the Era of the Internet of
in Figure 6, where a signing scheme augments it, but clustering Things and Industry 4.0,” IEEE Industrial Electronics Magazine, vol. 11,
no. 1, pp. 17–27, March 2017.
is able to slightly reduce such a cost, since it does not depends [9] EFFRA, “Factories Of The Future - Multi-annual
only on the exchanged messages, but also the mathematical roadmap for the contractual PPP under Horizon 2020,”
computations performed by the nodes when generating or https://ec.europa.eu/research/industrial technologies/factories-of-the-
future en.html, accessed: 2016-10-24.
verifying signatures. [10] Executive Office of the President President’s Council of Advisors
on Science and Technology, “Report To The President On Capturing
V. C ONCLUSIONS AND F INAL R EMARKS Domestic Competitive Advantage In Advanced Manufacturing,”
http://energy.gov/eere/downloads/report-president-capturing-domestic-
In this manuscript, we have presented the known issues competitive-advantage-advanced-manufacturing, accessed: 2016-10-24.
associated to ensuring message integrity and authentication [11] F. Tao and Y. Zuo and L. D. Xu and L. Zhang, “IoT-Based Intelligent
Perception and Access of Manufacturing Resource Toward Cloud Man-
by means of digital signatures within the context of pub- ufacturing,” IEEE Transactions on Industrial Informatics, vol. 10, no. 2,
lish/subscribe services. The currently available solutions lack pp. 1547–1557, May 2014.
energy efficiency and scalability, which are fundamental re- [12] L. D. Xu and W. He and S. Li, “Internet of Things in Industries: A
Survey,” IEEE Transactions on Industrial Informatics, vol. 10, no. 4,
quirements within the context of Industrial IoT; moreover, pp. 2233–2243, November 2014.
they violate the anonymity and decoupling properties for event [13] S. Jeschke, C. Brecher, T. Meisen, D. Özdemir, and T. Eschert, “In-
notification in publish-subscribe schemes. To cope with these dustrial internet of things and cyber manufacturing systems,” Industrial
Internet of Things: Cybermanufacturing Systems, pp. 3–19, 2017.
problems, we have proposed a group signature-based scheme [14] S. Mumtaz and A. Alsohaily and Z. Pang and A. Rayes and K. F. Tsang
and applied it to a prototype of infrastructure-less topic-based and J. Rodriguez, “Massive Internet of Things for Industrial Applica-
publish/subscribe service for sensors. We have empirically tions: Addressing Wireless IIoT Connectivity Challenges and Ecosystem
Fragmentation,” IEEE Industrial Electronics Magazine, vol. 11, no. 1,
assessed it so as to measure the consequent performance pp. 28–33, March 2017.
worsening and the increase in the battery consumption. An [15] M. Nawir and A. Amir and N. Yaakob and O. B. Lynn, “Internet of
open issue in our approach is the key revocation, mainly Things (IoT): Taxonomy of security attacks,” 2016 3rd International
Conference on Electronic Design (ICED), pp. 321–326, August 2016.
related to a publisher leaving the group. In our approach, [16] M. O’Brien and G.R.S. Weir, “Understanding digital certificates,” Pro-
we have adopted the simple solution from [63], where the ceedings of the 2nd International Conference on Cybercrime Forensics
signing and verification parameters, respectively gpk and Education & Training, September 2008.
[17] C. Esposito and M. Ciampi, “On Security in Publish/Subscribe Services:
gsk[i] for the i-th publisher and gpk for the subscribers A Survey,” IEEE Communications Surveys Tutorials, vol. 17, no. 2, pp.
are changed and retransmitted when a node leaves. Despite 966–997, Second quarter 2015.
having a simple implementation, such a solution is not optimal [18] D. Chaum and E. Heyst, “Group Signatures,” Advances in Cryptology
- EUROCRYPT 91, Lecture Notes in Computer Science, vol. 547, pp.
since the associated cost (in terms of revocation time and 257–265, 1991.
energy consumption) is considerable. As a future work we [19] D. Boneh and X. Boyen and H. Shacham, “Short Group Signatures,”
will investigate more suitable revocation schemes among the Advances in Cryptology - CRYPTO 04, Lecture Notes in Computer
Science, vol. 3152, pp. 41–55, 2004.
ones in the current literature, and adapt it in our approach; in [20] S. Zhou and D. Lin, “Group signatures with reduced bandwidth,” IEE
addition, other signature schemes suitable for our aims, such as Proceedings on Information Security, vol. 153, no. 4, pp. 146–152,
batch-signatures [64] or ring-based ones [65], will be studied. December 2006.
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 9
[21] H. Yue, L. Guo, R. Li, H. Asaeda, and Y. Fang, “DataClouds: Enabling [43] N. Koblitz and A. Menezes and S. Vanstone, “The State of Elliptic Curve
Community-Based Data-Centric Services Over the Internet of Things,” Cryptography,” Towards a Quarter-Century of Public Key Cryptography,
IEEE Internet of Things Journal, vol. 1, no. 5, pp. 472–482, October pp. 103–123, 2000.
2014. [44] J. Mattsson and G. Selander and L. Seitz. (2014) Object
[22] L. Malina, J. Hajny, R. Fujdiak, and J. Hosek, “On perspective of security for COAP. Accessed: July 2013. [Online]. Available:
security and privacy-preserving solutions in the internet of things,” https://www.ietf.org/proceedings/91/slides/slides-91-ace-2.pdf
Computer Networks, vol. 102, no. Supplement C, pp. 83–95, 2016. [45] M. Jones and J. Bradley and N. Sakimura. (2015) JSON
[23] J. Su, D. Cao, B. Zhao, X. Wang, and I. You, “ePASS: An expressive Web Signature (JWS). Accessed: July 2013. [Online]. Available:
attribute-based signature scheme with privacy and an unforgeability https://tools.ietf.org/html/rfc7515
guarantee for the Internet of Things,” Future Generation Computer [46] H. V. Nguyen and L. L. Iacono, “REST-ful CoAP Message Authentica-
Systems, vol. 33, no. Supplement C, pp. 11–18, 2014. tion,” Proceedings of the International Workshop on Secure Internet of
[24] C. Lai, H. Li, X. Liang, R. Lu, K. Zhang, and X. Shen, “CPAL: A Things (SIoT), pp. 35–43, September 2015.
Conditional Privacy-Preserving Authentication With Access Linkability [47] Lavanya and Natarajan, “Lightweight Authentication for COAP Based
for Roaming Service,” IEEE Internet of Things Journal, vol. 1, no. 1, IOT,” Proceedings of the 6th International Conference on the Internet
pp. 46–57, February 2014. of Things, pp. 167–168, 2016.
[25] A. Al-Fuqaha and M. Guizani and M. Mohammadi and M. Aledhari and [48] M. Tiloca and G. Selander and F. Palombini. (2017)
M. Ayyash, “Internet of Things: A Survey on Enabling Technologies, Secure group communication for CoAP - draft-tiloca-core-
Protocols, and Applications,” IEEE Communications Surveys Tutorials, multicast-oscoap-03. Accessed: July 2017. [Online]. Avail-
vol. 17, no. 4, pp. 2347–2376, Fourthquarter 2015. able: https://ericssonresearch.github.io/Multicast-OSCOAP/draft-tiloca-
[26] OMG, “Data Distribution Service (DDS) for Real-Time Systems, v1.2,” core-multicast-oscoap.html
www.omg.org, accessed: September 2012. [49] S. Josefsson and I. Liusvaara. (2017) Edwards-Curve Digital Signature
[27] A. Hakiri and P. Berthou and A. Gokhale and S. Abdellatif, Algorithm (EdDSA). Accessed: July 2017. [Online]. Available:
“Publish/subscribe-enabled software defined networking for efficient https://tools.ietf.org/html/rfc8032
and scalable IoT communications,” IEEE Communications Magazine, [50] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,”
vol. 53, no. 9, pp. 48–54, September 2015. Advances in Cryptology, Lecture Notes in Computer Science, vol. 196,
[28] A. Hakiri, A. Gokhale, P. Berthou, D. Schmidt, and T. Gayraud, pp. 47–53, 1985.
“Software-defined networking: Challenges and research opportunities [51] F. Zhang and R. Safavi-Naini and W. Susilo, “An Efficient Signature
for future internet,” Computer Networks, vol. 75, Part A, pp. 453–471, Scheme from Bilinear Pairings and Its Applications,” Public Key Cryp-
December 2014. tography - PKC 04, Lecture Notes in Computer Science, vol. 2947, pp.
[29] IETF, “RFC 6120: Extensible Messaging and Presence Protocol 277–290, 2004.
(XMPP),” http://tools.ietf.org/html/rfc6120, accessed: March 2016. [52] S.S. Al-Riyami and K.G. Paterson, “Certificateless Public Key Cryptog-
[30] P. Saint-Andre, “XEP-0174: Serverless Messaging,” raphy,” Advances in Cryptology - ASIACRYPT 2003, Lecture Notes in
http://www.xmpp.org/extensions/xep-0174.html, accessed: March Computer Science, vol. 2894, pp. 452–473, 2003.
2016. [53] R. Tso and X. Huang and W. Susilo, “Strongly Secure Certificateless
[31] D. Locke, “MQ Telemetry Transport (MQTT) V3.1 Protocol Spec- Short Signatures,” Journal of Systems and Software, vol. 85, no. 6, pp.
ification,” http://www.ibm.com/developerworks/webservices/library/ws- 1409–1417, June 2012.
mqtt/, accessed: March 2016. [54] J. Zhang and J. Mao, “An efficient rsa-based certificateless signature
[32] A. Stanford-Clark and H. L. Truong, “MQTT for sensor networks scheme,” Journal of Systems and Software, vol. 85, no. 3, pp. 638–642,
(MQTT-S),” http://www.mqtt.org/MQTTs Specification V1.0.pdf, ac- March 2012.
cessed: March 2016. [55] J. Camenisch and A. Lysyanskaya, “Dynamic Accumulators and Ap-
[33] C. Bormann and A. P. Castellani and Z. Shelby, “CoAP: An Application plication to Efficient Revocation of Anonymous Credentials,” Advances
Protocol for Billions of Tiny Internet Nodes,” IEEE Internet Computing, in Cryptology - CRYPTO 02, Lecture Notes in Computer Science, vol.
vol. 16, no. 2, pp. 62–67, March 2012. 2442, pp. 61–76, 2002.
[34] A. Rahman and E. Dijk, “Group Communication for the [56] R.L. Rivest and A. Shamir and Y. Tauman, “How to Leak a Secret,”
Constrained Application Protocol (CoAP),” Internet Engineering Advances in Cryptology - ASIACRYPT 01, Lecture Notes in Computer
Task Force (IETF), Request for Comments: 7390, available at Science, vol. 2248, pp. 552–565, 2001.
https://tools.ietf.org/html/rfc7390, October 2014. [57] D. Boneh and M. Franklin, “Identity-based encryption from the weil
[35] M. Koster and A. Keranen and J. Jimenez, “Publish-Subscribe Broker for pairing,” Advances in Cryptology - Proceedings of the 21st Annual
the Constrained Application Protocol (CoAP),” Network Working Group, International Cryptology Conference, pp. 213–229, August 2001.
Internet Engineering Task Force (IETF), Internet-Draft , available at [58] M. S. Kiraz and O. Uzunkol, “Still wrong use of pairings in cryptogra-
https://tools.ietf.org/html/draft-ietf-core-coap-pubsub-01, March 2017. phy,” arXiv preprint arXiv:1603.02826, 2016.
[36] M. Kovatsch and S. Duquennoy and A. Dunkels, “A Low-Power CoAP [59] K. G. Paterson and J. C. N. Schuldt, “Efficient Identity-Based Signatures
for Contiki,” Proceedings of the IEEE Eighth International Conference Secure in the Standard Model,” Information Security and Privacy - Pro-
on Mobile Ad-Hoc and Sensor Systems, pp. 855–860, October 2011. ceedings of the 11th Australasian Conference, ACISP 2006, Melbourne,
[37] RTI. Connext DDS Secure. Accessed: July 2017. [Online]. Available: Australia, pp. 207–222, July 2006.
https://www.rti.com/products/secure [60] P. Levis and S. Madden and J. Polastre and R. Szewczyk and K.
[38] R. Housley and W. Polk and W. Ford and D. Solo. Internet Whitehouse and A. Woo and D. Gay and J. Hill and M. Welsh and
X.509 Public Key Infrastructure Certificate and Certificate Revocation E. Brewer and D. Culler, “TinyOS: An operating system for sensor
List (CRL) Profile. Accessed: July 2013. [Online]. Available: networks,” Ambient intelligence, vol. 35, pp. 115–148, 2005.
http://www.ietf.org/rfc/rfc3280.txt [61] P. Levis and N. Lee and M. Welsh and D. Culler, “TOSSIM: Accurate
[39] W. Stallings, Network Security Essentials - Applications and Standards, and Scalable Simulation of Entire TinyOS Applications,” Proceedings
4th Edition. Prentice Hall, 2010. of the 1st International Conference on Embedded Networked Sensor
[40] K. Zeilenga. (2011) XEP-0290: Encapsulated Digital Signa- Systems, pp. 126–137, 2003.
tures in XMPP. Accessed: July 2017. [Online]. Available: [62] D. F. Aranha and C. P. L. Gouvêa, “RELIC is an Efficient LIbrary for
https://xmpp.org/extensions/xep-0290.html Cryptography,” https://github.com/relic-toolkit/relic.
[41] D. Eastlake and J. Reagle and D. Solo and F. Hirsch and T. [63] G. Ateniese, D. Song, and G. Tsudik, “Quasi-efficient revocation of
Roessler. XML Signature Syntax and Processing (Second Edition) group signatures,” Proceedings of the 6th Financial Cryptography Con-
- W3C Recommendation. Accessed: July 2013. [Online]. Available: ference, Lecture Notes on Computer Science, vol. 2357, pp. 88–98, 2016.
http://www.w3.org/TR/xmldsig-core/ [64] Z. Yan, W. Feng, and P. Wang, “Anonymous Authentication for Trust-
[42] A. Mektoubi and H. L. Hassani and H. Belhadaoui and M. Rifi and worthy Pervasive Social Networking,” IEEE Transactions on Computa-
A. Zakari, “New approach for securing communication over MQTT tional Social Systems, vol. 2, no. 3, pp. 11–18, February 2016.
protocol A comparaison between RSA and Elliptic Curve,” Proceedings [65] J. K. Liu, M. H. Au, W. Susilo, and J. Zhou, “Linkable ring signature
of the Third International Conference on Systems of Collaboration with unconditional anonymity,” IEEE Transactions on Knowledge and
(SysCo), pp. 1–6, November 2016. Data Engineering, vol. 26, no. 1, pp. 157–165, January 2014.
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2018.2791956, IEEE
Transactions on Industrial Informatics
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. X, NO. Y, Z 201W 10
Christian Esposito (S’06-M’09) received the Ph.D. Francesco Palmieri received the M.S. degree and
degree in computer engineering and automation from the Ph.D. degree in computer science from the
the University of Napoli “Federico II”, Italy. Ac- University of Salerno. He is an Associate Professor
tually, he is adjunct professor at the University of at the University of Salerno. His research interests
Naples ”Federico II”, Italy, and at the University of include advanced networking protocols and architec-
Salerno, Italy, where he is also a research fellow. tures and network security. He has been the director
He regularly serves as a reviewer and guest editor of the Networking Division of the University of
for several international journals, and conferences Naples ”Federico II” and contributed to the develop-
(with about 200 reviews being done). He has been ment of the Internet in Italy as a senior member of
involved in the organization of about 40 interna- the Technical-Scientific Advisory Committee and of
tional conferences/workshops. His research interests the CSIRT of the Italian NREN GARR. He serves as
include reliable and secure communications, middleware, distributed systems, the editor-in-chief of an international journal and participates to the editorial
positioning systems, multi-objective optimization, and game theory. board of other ones.
1551-3203 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.