Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Analysing and Evaluating Multicast-Security in Topic-Based Publish/Subscribe Systems

: Tarafdar, Umair
: Jarke, Matthias

Aachen, 2019, 82 S.
Aachen, TU, Master Thesis, 2019
Master Thesis
Fraunhofer FIT ()
publish subscribe; multicast security; group key managment

Topic-based publish/subscribe systems have gained considerable success in building modern large scale distributed and IoT applications. They are characterized by properties like openness, loose coupling, intrinsic asynchronous communication, and high scalability. However, these properties have some drawbacks. They make the system vulnerable to cyber-attacks. This is a major concern because some of the distributed and IoT applications that use topic-based publish/subscribe are mission-critical. Insecure mission-critical systems may lead to massive negative consequences. There are many mitigation strategies available to curb the security vulnerabilities. But, these strategies usually focus only on individual vulnerability. There are some security frameworks proposed in the field of topic-based publish/subscribe. But, they are application specific or not comprehensive enough. Hence, there is a need for a comprehensive security framework that can mitigate the security vulnerabilities in systems that use topic-based publish/subscribe. To solve the problem of insecure topic-based publish/subscribe systems, this thesis explores the possibility of developing a secure architecture over a topic-based publish/subscribe which retains the characteristic properties of a topic-based publish/subscribe. The thesis identifies striking similarities between a topic-based publish/subscribe and IP multicast groups. Since IP multicast groups is a well-researched topic, there are some frameworks proposed for security in IP multicast groups. The thesis explores the idea of adapting one of such security frameworks proposed for IP multicast groups (Multicast Security (MSEC) Group Key Management Architecture) in topic-based publish/subscribe. The requirements to adapt the MSEC group key management architecture in a topic-based publish/subscribe are analyzed and defined. Some solutions that satisfy these requirements are explored. Considering these solutions a prototype is implemented, which adapts the MSEC group key management architecture in topic-based publish/subscribe. The implemented prototype focuses on the proof-of-concept of the idea of adapting the MSEC architecture in a topic-based publish/subscribe. The implemented prototype is evaluated by comparing its performance with a traditional topic-based publish/subscribe. The security improvements of the developed prototype are compared to the traditional topic-based publish/subscribe.