Authors:
(1) Moritz Jasper, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany ([email protected]);
(2) Stefan Kopsell, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany ([email protected]).
Attacker Model and Security Goals
Abstract—We propose LCMsec, a brokerless, decentralised Publish/Subscribe protocol. It aims to provide low-latency and high-throughput message-passing for IoT and automotive applications while providing much-needed security functionalities to combat emerging cyber-attacks in that domain. LCMsec is an extension for the Lightweight Communications and Marshalling (LCM) protocol. We extend this protocol by providing not only authenticated encryption of the messages in transit, but also a group discovery protocol inspired by the Raft consensus protocol. The Dutta-Barua group key agreement is used to agree upon a shared symmetric key among subscribers and publishers on a topic. By using a shared group key, we reduce the key agreement overhead and the number of message authentication codes (MACs) per message compared to existing proposals for secure brokerless Publish/Subscribe protocols, which establish a symmetric key between each publisher and subscriber and append multiple MACs to each message.
Index Terms—Publish/Subscribe security, cryptography, multicast, IoT security, secure group communication, cybersecurity
Publish/Subscribe architectures [1] are widespread and an important building block for Internet of Things (IoT), automotive and cloud applications. They can improve scalability and flexibility of communication infrastructures by decreasing dependencies between components, since entities in such a system need not know about one another. They additionally support dynamic communication patterns in which publishers and subscribers can be added and removed without affecting the rest of the system. Some Publish/Subscribe protocols like the Lightweight Communication and Marshalling protocol (LCM) [2] are brokerless, which offers advantages in terms of latency and throughput in some situations, removes a central point of failure (the broker) and reduces the administrative overhead.
However, LCM fails to offer convenient and fast possibilities of securing it. There exists no easy way to achieve security by leveraging existing transport-layer encryption mechanisms due to the multicast-based communication topology that is used in LCM: achieving security in the multicast case is generally a much harder problem than in the unicast case [3]. Thus, LCM, even when used in an isolated network, not only violates the emerging zero-trust paradigm but also the needto-know principle: messages are simply routed to all other users of the system, even those that have not subscribed to the particular topic.
Nevertheless, the brokerless Publish/Subscribe communication topology offers the distinct advantages in terms of latency, throughput and simplicity mentioned above. The purpose of this work is therefore to provide an extension to LCM, which preserves the benefits in performance and ease of usability. Furthermore, it ensures confidentiality, integrity and authenticity for the messages in transit.
An overview and evaluation of the existing security solutions in the Publish/Subscribe space is discussed in Section II. In Section III, we discuss the LCM protocol in detail since it forms the basis for this work. After defining an attacker model and security goals in Section IV, we present the proposed LCMsec protocol in Section V, which contains two phases: firstly, the scheme used to secure messages based on shared keying material, secondly, the scheme used to agree on that keying material. Finally, we evaluate the performance of the proposed protocol in Section VI.
This paper is available on arxiv under CC BY 4.0 DEED license.