Abstract
Security in Internet-of-Things (IoT) environments has become a major concern. This is partly due to a large number of remotely exploitable IoT vulnerabilities in service authentication and access control combined with the lack of timely technical support. To reduce the threat surface of remote vulnerability exploitation, we propose CMXsafe, a secure-by-design application-agnostic proxy layer that can be updated and managed independently of the IoT device application. CMXsafe places IoT devices behind gateways operating as 4th OSI transport layer relayers to offload security concerns of IoT network communications into the proxy layer. Specifically, the proxy layer produces secure communication paths between IoT applications and platforms while enforcing mutual authentication and access control to proxied services. We evaluate the performance of our architecture on the MQTT protocol used in a standard publisher-broker-subscriber configuration provided by Eclipse Mosquitto. We compare the performance penalty on the protocol when securing communications with TLS following a monolithic implementation and with CMXsafe. The experimental results suggest that CMXsafe outperforms integrated security by providing at least a 25% latency reduction and a 22% bandwidth improvement.
Original language | English (US) |
---|---|
Pages (from-to) | 5767-5782 |
Number of pages | 16 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 19 |
DOIs | |
State | Published - 2024 |
Bibliographical note
Publisher Copyright:© 2005-2012 IEEE.
Keywords
- Internet-of-Things
- secure communications
- secure proxy session
- security context
- socket proxy
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications