Secure Message Transfer In Internet Of Things Environment Using Weighted Based Fuzzy Technique

1999

Secure Message Transfer In Internet Of Things

Environment Using Weighted Based Fuzzy

Technique

Ankit Khare, Rashmi Sharma, Neelu Jyoti Ahuja

Abstract: Internet of Things (IoT) is growing technology and is used in the wide range of applications like wearables, telehealth, telemedicine, smart house to smart city. IoT devices are resource constraint devices and in need of lightweight method to enhance the security. Hence, fuzzing techniques are used to find the malware in the software program by passing unexpected input data and analysis the system. The novelty of the method involves in using weighting based fuzzy technique to secure the message in MQTT protocol. The Adaptive Neuro-Fuzzy Inference System (ANIFS) technique is used to fuzz the message and fuzzy is added with the fields of MQTT as redundancy bit. This helps to recalculate the length and other control field simply and automatically. As multiple protocols are there in IoT like MQTT, CoAP, ZigBee, DDS etc. out of these protocols “MQTT protocol” is the lightweight information exchange protocol, which is used to evaluate the proposed method. Further, this proposed work is compared with state-of-art method for message transfer purpose. The experimental result shows the weighted fuzzy technique has higher performance compared to the existing method. The message loss of proposed method 0.207%, while existing method has the message loss is 0.22% at 3000 message payloads.

Index Terms: Adaptive Neuro-Fuzzy Inference System (ANIFS), Internet of Things, Message loss, Light Weight Protocol, MQTT protocol, Scapy method, Weighting based Fuzzing Technique, .

—————————— ◆ ——————————

1 INTRODUCTION

Internet of Things (IoT) systems consists of the smart devices connected in the network. Here, “Things” refers to the smart devices like sensor to the health monitoring system, security camera, automobiles etc.., [1]. Application of IoT is in the different industries and this significantly reduces the human effects in monitoring and alerting even in the forest [2]. Recently, the security concern is the major hind rance for the applying the IoT in most application [3]. This increases the difficulty to manage the IoT objects and introduces the challenges of the unauthorized access that makes the IoT object most vulnerable to attacks [4]. Some security problems in the IoT application like location-based services have been analyzed to improve the security [5]. For example, malware named as Mirai that accessed a many IoT devices and used to provide Denial of Service (DoS) to the user [6]. MQTT is the well-known lightweight protocol developed for the message transferring process and this is highly used in the IoT to communicate between the devices. The message is transferred from the publisher to the subscriber and broker is used to manage the subscriber-publisher in the system. But when it comes into the security part MQTT not safe without authentication. Due to the limitation in the communication, the broker is used to transfer the messages from the publisher to the subscriber [7]. As differ from the HTTP, the MQTT depends upon Transmission Control Protocol (TCP) with publisher-subscriber architecture [8]. The MQTT protocol is developed to provide the Quality of Services (QoS) of each short message. Still, there is not guarantee for the delivery of the message in the exact same order [9]. However, the existing method involves in the low security [10] and in need to increase the security.

______________________________

• ANKIT KHARE*, RASHMI SHARMA, NEELU JYOTI AHUJA

• Department of Cybernetics, School of Computer Science, University of Petroleum and Energy Studies (UPES) Energy Acres, Bidholi. Dehradun- 248007, Uttarakhand, India

• Corresponding Author: [email protected]

The security system is need to be implement to ensure the safety in IoT devices, information exchange and application developed for them. In this research, weighted fuzzy technique is proposed for the network monitoring to increase the security without affecting the network QoS. The ANFIS fuzzy technique is applied in the network for filter, addition and monitor the network packets. The ANFIS fuzz value is consider as the weight value in the network. The ANFIS technique is used in this method due to the advantages of lightweight. The weight is added with the network packet and stored in the directory. The network is continuously monitored without affecting the QoS in the system. The proposed framework is involving in applying the lightweight verification process for the data transfer. The experimental results analyze the performance of the proposed method in the network. In next section groundwork of IoT, existing protocols with security issues will be discussed. Further, proposed method along with pseudocode and architecture has been explained. Afterwards, Experimental set-up with results will be elucidated. At the end, conclusion and future scope of proposed work is explained.

2

LITERATURE

REVIEW

2000 density. The overhead is high for the system and this is due to

the two authentication processes. P. Diogo, et al., [13] developed an IoT system fully based on the latest standard and recent efforts. The open source hardware and software are used for this method, updated IoT architecture, application protocol and best suited networks are used. The former is the combination of a MQTT with the Interworking proxy and later interact with the restful Application Program Interface (API) application. These methods are latest developed applications and also subscribed to its updates. The security of the method is low and all devices used are resource constrained. S. Jeon, and I. Jung, [14] implemented a method named as Improved Middleware for Cooperative Interaction of Things (MinT-I) to increases the performance of MinT middleware by changing the threads. The MinT-I increases the performance of the connection part that analyze, process and retransmit the received packets. The experimental analysis shows that the throughput has been increased up to 25% to 35 % than the existing middleware. The method optimizes the resource and memory usage; this technique also reduces the power consumption. The request in the method increases and the power consumption also increases. The periodic information from the sensing devices that are not update frequently, causes the transmission delay and excess energy consumption. A. Ciuffoletti [15] developed a method based on the principles of the openness and expandability. The method supports both application level interface and single component interface in the IoT infrastructure. The application level interface allows the interaction with external application and single components, and also allowed interaction and coordination between the components. The application level interface and interface of the single component adopted a REST approach using HTTP for communication. The proof-of-concept is easily reproduced and focuses on the problem in the method. The method had a bottleneck for security, reliability and performance.

Table 1. Limitations of existing methods

Method Limitation

Vehicle Tracking System [11] Traceability is low Crypto-Hash-Modules [12] Large overhead Lightweight Method [13] Low efficiency _{Low Traceability}

MinT-I [14] Higher _Consumption energy Openness And Expandability [15] Bottleneck problem

Load Balancing method [16] Low efficiency _{Low tracebility}

Deepsubhra Guha Roy [16] established a method for the load balancing solution for the small talk static in the WS cluster network. The unusual behavior of the WSN gateway with the suitable expressions and dynamic gateway is used to minimize the delay and increase the packet delivery rate. The Eclipse-Paho client are used to measure the delay and message loss are analyzed using synthetic workloads with different QoS levels. The automated network packet analysis technique can be applied to increase the security and efficiency. From the analysis of the recent research in the IoT monitoring techniques, the major problem is found as using of complex techniques like WS cluster and monitoring technique in the middleware increases the computation process. As these techniques affects the QoS of the system and in some cases, bottle neck problem has been created. To overcome the above mentioned problem, the proposed architecture is used for network monitoring by adding weighted value in network packets and also increases

the security of the IoT environment. Table 1. Shows the previous techniques and the limitations in the existing methods.

3 PROPOSED

METHOD

The main objective of this study is to increase the efficiency of the IoT system without affecting the security. The weighted based fuzzy technique is proposed to increase the efficiency by automatically weight the network packets. The scapy method is used to analyze the network packets, which is process at the sniffer. The architecture used in the research of [17] are used to evaluate the performance of the proposed method. The MQTT is used in this method for message transfer due to lightweight and has the capacity to handle thousands of clients. The proposed method is compare with existing method to understand the efficiency of the weighted based fuzzy method. This section provides brief explanation for the proposed method.

3.1.Weighted Fuzzy system

The proposed fuzzy system recalculates the control fields automatically using the block based method. The framework of Boofuzz is the simple FTP and highly used now a days. This is successor to [17], which is highly influenced by SPIKE [18]. Sulley is actively developed fuzzing engines and fuzz testing framework consists of multiple extensible components. Sulley exceeds the capabilities of most previously published fuzzing technologies, public and commercial domain. The framework aims to simplify the data representation, transmission and instrumentation. Sulley is named after the creature from Monster Inc., due to the creature is fuzzy. The advantages of boofuzzy is as follows: Easy and quick data generation, Instrumentation – in the manner of Target reset after failure, failure detection, and test data recording. The complex protocols definition in this type of framework is slow that requires the knowledge of tool itself and entire protocol specification. For this kind, the weighted based approach would be useful. The tool monitors the communication based on the proxy technique. The series of parameters are need to provide by the user whereby the packets that are filtered. The traffic is generated between the client and server, when user want to fuzz. The specified packets are removed by the user and processed. The. json weight value is automatically generated with the help of provided format. The portion of the weight value shows the MQTT publish layer of the packets. Each fields in the packets will appear and two factors are added namely recalculate and fuzzable. The user has to provide the fuzzy to a specific field of a package to change the fuzzable value. The true value is need to assign by the user for consider the recalculate for packet consistency. The tool automatically provides the verification value in the field that are consider as fuzzable and measure all the fields in the package that recalculate flag set to true. The computation complexity of the developed method is 𝑂(𝑛) means that generated time is constant, independent of the generated weight value. The user no need to aware of the structure of any details in the tool or protocol, except the apply fuzzy and field that need to recalculate. In case, user want to make modification in the weight, do need for the special tool. That can be edited with the normal text editor if the structure of .json is maintained.

3.2.System Design

2001 architecture is shown in the Fig.1 and the weighted based fuzzy

is used in the sniffer.

Figure 1: The architecture of the proposed method

Mitmfuzzer: Mitmfuzzer is the driver that is used to call the remaining application function. The user enters the argument that is present in this and this is process by the python module argparse [19]. This provides the small interface to show the activity state of the tool. Sniffer: Sniffer feature is the important function of the tool, which is present in the middle of the communication to monitor the data and select the data for filter and process. This also filter the data that are specified by the user for weight generation. The model is implemented using the Scapy [20], an architecture for low treatment of network and supports the large number of protocols. Once it finds the package selected by the user, this process and sent it in certain format in the python language. The method also provides the weight value for the module. Weight: The package is received in module with certain formant and process it generation of weight in .json format. The generated weight is stored in the directory and fuzzer is later used for the packages and fields are fuzzed and recalculated. Fuzzer: The fuzzer is the important module and this process the monitoring, filter, addition and insertion of test case. ANIFS techniques is used in this method due to the advantages of lightweight in the fuzzy process. The weight file is the input to the module that is generated in weight module. Using the iptables and nfquene [21], [22] monitoring the communication and transfer the packages that is not identified with the weight based on filtering and introduced and the packages are process based on weight. The matching packets are processed and its fields are compared with weight and check the one user specified. In case more than one field is identified, then module checks for the directory provided by the user to process. If the directory is not provided, then the module will call for Radamsa [23], passing the parameter as file with the valid case like validcases/fieldnamedirectory. Radamsa is a stock generator developed for software verification. The pseudo code of the method is shown below. ANFIS generates a set of fuzzy rules(𝑅𝑗, 1 ≤ 𝑗 ≤ 𝐽), that each fuzzy rule has the following form.

If 𝑄₁ IS 𝜇_𝑗,1 AND 𝑄₂ IS 𝜇_𝑗,2 AND … AND 𝑄_𝑖 IS 𝜇_𝑗,𝑖 AND … AND 𝑄𝑛 IS 𝜇𝑗,𝑛 THEN

𝑄𝑡+1= 𝑏𝑗,0+ 𝑏𝑗,1𝑄1+ 𝑏𝑗,2𝑄2+ ⋯ + 𝑏𝑗,𝑖𝑄𝑖+ ⋯ + 𝑏𝑗,𝑛𝑄𝑛 Where 𝜇_𝑗,0 is a Gaussian function and written as:

𝜇_𝑗,𝑖(𝑥𝑖) = exp [− (𝑥𝑖− 𝑚_𝑗,𝑖

𝜎𝑗,𝑖 )

2 ]

Where 𝑚𝑗,𝑖 is the mean and 𝜎𝑗,𝑖 is the standard deviation that

are unknown parameters of 𝑗 rule. A five-layer network with different inputs and one output is constructed based on 𝐽 fuzzy rules. The structure of the ANFIS model for 𝑛 inputs of {𝑄0, 𝑄1, … , 𝑄𝑖, … , 𝑄𝑛} [24]. Each layer is based on the research [24].

Figure 2: ANFIS architecture

Scapy: Scapy is the library, which is used for the packet manipulation in the large number of network protocols. This plays the important role in the application core. The Scapy advantages is that it uses the block based method to support the protocol. The fields in the package are modified, control field and length are recalculated automatically. The fuzzer has the packet, it sends to the Scapy to process. The structure of the packets is returned by the Scapy that is easy to change. The modification is made in the MQTT packets, Scapy takes the manipulated package that is inconsistence in the control field such as length field or checksum field. The control field is recalculated based on a block based method and the data is encapsulated if it is original.

2002 of identified fields. The parameter is set based on the number

of fields and number of parameter is measured. The random number of generation is made between 0 and number of control fields. The weight value is generated based on these values and stored in the directory. The fuzzy modules perform the monitor, filter and addition of the data blocks. The scapy method analyze the directory and check the data integrity of the method. Once the analysis has been completed, the data has been delivered to the destination nodes.

4 EXPERIMENTAL

DESIGN

The experimental setup consists of the different stages: sensor

nodes, open source mosquito broker/server, and ThingSpeak. The temperature data is measured from the different room in the building as the temperature data are sensed with the help of sensors. These data are send through the MQTT gateway and stored in the ThingSpeak. The proposed method is compared with existing method [16] in the same environment at that method architecture. The requirements for experimental setup are provided here in the following Table 2.

Table 2. Experimental design

Equipment Equipment quantity Provider/ _vender RAM HDD Processor Operating _system

Sensor node Temperature sensonr _{(5 pcs)} - - -

MQTT broker MQTT broker: Computation instance

Raspberry

Pi 3 1 GB 32 GB

4× ARM Cortex-A53

@1.2 GHz

Noobs

Receiver

node Receiver node 1 ThingSpeak - - -

5 RESULTS

AND

DISCUSSION

The IoT devices are growing and used in the different field for the continuous monitoring and controlling. The major issues in the IoT is security and these devices are deployed in the different place, which makes it difficult to protect. These devices are low constraint devices and this requires lightweight security protocol with efficiency. The major objective of this research is to improve the security of the IoT devices without much affecting the efficiency. MQTT protocol is simple and lightweight protocol, which has the capable of supporting thousands of clients. Due to the efficiency of MQTT, this is highly used in the IoT application. The fuzzy technique is used to verify the security in IoT devices. In this research, the weighting based fuzzy method is proposed to reduce the load of the user and increase the efficiency. This method is completely automated to weight the field to test each network packets. Due to fuzzification process message can be extracted at any platform by means of defuzz [17]. The data can be well secured by fuzzified packets during transmission and transferred through a well know MQTT broker in the current architecture to reduce data loss. The experiment is carried out in the given scenario and result is measured. These results are compared with state-of-art method to investigate the efficiency of the proposed method.

Subscriber delay

The proposed method is compared with state-of-art method [16] and experimented in the same scenario. The publisher to subscriber delay is measured for the different message payload and the result is compared with state-of-art method, as shown in table 3.

Table 3. Publisher to subscriber delay with message payload

Mes

sa

ge

p

ay

loa

d

go

ing

to

be

p

ub

lis

he

d

to

t

he

b

ro

ke

r

se

t b

y

P

ah

o

A

P

I

(in

by

te

)

P

ub

-to

-s

ub

de

lay

s

ob

ta

ine

d

at

Qo

S

le

ve

l-0

[1

6]

(

s)

P

ub

-to

-s

ub

de

lay

s

ob

ta

ine

d

at

Qo

S

le

ve

l-1

[1

6]

(

s)

P

ub

-to

-s

ub

de

lay

s

ob

ta

ine

d

at

Qo

S

le

ve

l-2

[1

6]

(

s)

W

eigh

te

d

Fu

zz

y

Met

ho

d

(s

)

1000 183 227 310 174

2000 293 421 526 286

3000 385 494 580 318

4000 498 580 697 447

The weighted fuzzy method has the low delay compared to the existing method at different payload. For 4000 bytes of payload, the weighted fuzzy method is send the message in 447 s and QoS level-2 method is send in 697 s. The proposed framework has the low computation time due to the weighted value in the less size is used for the verification.

Message Loss

2003

Table 4. Source to destination message loss with message

payload Mes sa ge p ay loa d in b yt e w hic h ar e go ing t o pu bli sh ed t o th e B ro ke r se t by P ah o A P I (in by te s) S ou rc e-to -d es tina tion lo ss of mes sa ge s ca lc ulat ion at Qo S lev el -0 ( In % ) S ou rc e-to -d es tina tion lo ss of mes sa ge s ca lc ulat ion at Qo S lev el -1 ( In % ) S ou rc e-to -d es tina tion lo ss of mes sa ge s ca lc ulat ion at Qo S lev el -2 ( In % ) W eigh te d Fu zz y Me th od ( In % )

1000 1 0.24 0.18 0.18

2000 1.4 0.41 0.2 0.195

3000 1.6 0.6 0.22 0.207

4000 1.8 0.78 0.24 0.223

There are three level of QoS method is proposed in the research [16] and these are compared with proposed method. The message loss of the proposed weighted fuzzy method is equal to the QoS level-2 at 1000 bytes of payload. The proposed method has the low message loss compared to the three level of state-of-art method. For 3000 bytes of message payload, the proposed method has the message loss of 0.223 % compared to the existing method of QoS-level-2 0.24 %. The proposed framework involves in using the fuzzy set generated are used for the verification. This will check the integrity of the data with lower message loss compared to other existing

Figure 3: Message loss of the proposed method

methods. The message loss of the proposed method and existing method are calculated at the different payload and shown in the Fig.3. This shows that the proposed method has the low message loss compared to the existing method at the different level of message payload. The message loss has been much reduced by the proposed method compared to the existing method.

End to End delay

The end-to-end delay for the three QoS level [16] and weighted fuzzy system at different number of request are measured and plotted as graph in the Fig.4.

Figure 4: End to End delay vs number of request

The different number of request are made in the experiment and calculated the end-to-end delay. This shows the proposed method has the low delay compared to the existing method at different number of request. At the 300 request, the QoS level-2 has low delay compared to the proposed method. The delay of the proposed method is low for the different level of request. For the 400 request, the proposed method has the 407 s delay compared to the QoS level-2 at 638 s delay. The proposed weighted fuzzy method has the lower delay due to monitor and data integrity is based on the generated weighted value instead of the continuous monitor method used in existing method, which involves in more complex and time consuming method. The end-to-end delay is measured for the proposed method at different level of message payload and compared with existing method. The end-to-end delay for the different payload is plotted as graph in the Fig.5.

Figure 5: Delay vs message payload

The different level of payload is send through the system and measured the end-to-end delay. The weighted fuzzy system has the less delay compared to the existing method at different payload. For the 4000 bytes of payload, the proposed method has the end-to-end delay of 476 s compared to the QoS level-3 has the delay of 697 s. Therefore, this shows that the efficiency of the proposed method is high compared to the existing method due to the weighting method. Hence, the proposed method can be applicable to the real time system for effective performance.

6 CONCLUSION

AND

FUTURE

SCOPE

2004 applied to improve the security. Fuzzy is the testing techniques

for identifying vulnerabilities in the software applications. In this paper, weighting based fuzzy method is proposed to automatically analyze the network packets. The scapy method is used to automatically weight the network packets and this method is low-level treatment of network packets. The recalculation of length and other control fields are simple and easy. The proposed weighted fuzzy method monitors and analyze the data block in the network is less complex that avoids the problem of computation complexity and bottleneck problem. The MQTT are popular lightweight message transfer protocol and is used in this method for analysis. The proposed method is compared with the state-of-art method and this shows the proposed method has the higher efficiency. The proposed method has the lower delay and less message loss compared to the state-of-art method. The weighting based fuzzy techniques achieved 476 s delay while existing method has 498 s in the payload of 4000 bytes. The experimental result shows that proposed method has the higher efficiency in terms of message loss and delay than state-of-art method. The proposed method is applicable for the network monitoring technique and data integrity verification process. The possible future directions of this method involves in increases the security in IoT based on data encryption technique, lightweight technique can be applied to decrease latency, and Power consumption of the IoT devices is need to be optimized.

7

REFERENCES

[1] Mukherjee, B., Wang, S., Lu, W., Neupane, R.L., Dunn, D., Ren, Y., Su, Q. and Calyam, P., 2018. Flexible IoT security middleware for end-to-end cloud-fog communication. Future Generation Comp. Syst., 87, pp.688-703.

[2] Zhou, L., Li, X., Yeh, K.H., Su, C. and Chiu, W., 2019. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Generation Computer Systems, 91, pp.244-251.

[3] Matheu-García, S.N., Hernández-Ramos, J.L., Skarmeta, A.F. and Baldini, G., 2019. Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices. Computer Standards & Interfaces, 62, pp.64-83.

[4] Saadeh, M., Sleit, A., Sabri, K.E. and Almobaideen, W., 2018. Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities. Journal of Network and Computer Applications, 121, pp.1-19.

[5] Kuo, C.T., Chi, P.W., Chang, V. and Lei, C.L., 2018. SFaaS: Keeping an eye on IoT fusion environment with security fusion as a service. Future Generation Computer Systems.

[6] Randhawa, R.H., Hameed, A. and Mian, A.N., 2018. Energy efficient cross-layer approach for object security of CoAP for IoT devices. Ad Hoc Networks. [7] Shapsough, S., Takrouri, M., Dhaouadi, R. and

Zualkernan, I.A., 2018. Using IoT and smart monitoring devices to optimize the efficiency of large-scale distributed solar farms. Wireless Networks, pp.1-17. [8] Bhawiyuga, A., Data, M. and Warda, A., 2017,

October. Architectural design of token based authentication of MQTT protocol in constrained IoT device. In Telecommunication Systems Services and

Applications (TSSA), 2017 11th International Conference on (pp. 1-4). IEEE.

[9] Hwang, H.C., Park, J. and Shon, J.G., 2016. Design and implementation of a reliable message transmission system based on MQTT protocol in IoT. Wireless Personal Communications, 91(4), pp.1765-1777. [10]Alshehri, M.D. and Hussain, F.K., 2018. A fuzzy

security protocol for trust management in the internet of things (Fuzzy-IoT). Computing, pp.1-28.

[11]Gowtham P, Arunachalam V. P., Vijayakumar V. A., and Karthik S, An Efficient Monitoring of Real Time Traffic Clearance for an Emergency Service Vehicle Using IOT, International Journal of Parallel Programming, 1-27, 2018.

[12]Yeh K. H., A secure IoT-based healthcare system with body sensor networks. IEEE Access vol. 4, pp. 10288-10299, 2016.

[13]Diogo P., Lopes N. V., and Reis L. P., An ideal IoT solution for real-time web monitoring, Cluster Computing vol. 20, no. 3, pp. 2193-2209, 2017. [14]Jeon S., and Jung I., Experimental evaluation of

improved IoT middleware for flexible performance and efficient connectivity, Ad Hoc Networks vol. 70, pp. 61-72, 2018.

[15]Ciuffoletti A., OCCI-IOT: an API to deploy and operate an IoT infrastructure, IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1341-1348, 2017.

[16]Roy D.G., Mahato B., De D. and Buyya R., 2018. Application-aware end-to-end delay and message loss estimation in Internet of Things (IoT)—MQTT-SN protocols. Future Generation Computer Systems, 89, pp.300-316.

[17]Ramos S.H., de Benito M.T.V. and Lacuesta, R., 2017. MQTT security: A novel fuzzing Approach.

[18]Biyani A., Sharma G., Aghav J., Waradpande P., Savaji P. and Gautam M., 2011, November. Extension of SPIKE for encrypted protocol fuzzing. In 2011 Third International Conference on Multimedia Information Networking and Security (pp. 343-347). IEEE.

[19]“Python.org, Argparse,”

[20]https://docs.python.org/3.4/library/argparse.html. [21]“Scapy A Python Tool For Security Testing,” Journal of

Computer Science & Systems Biology, vol. 8, no. 3, 2015.

[22]Alan J., “Netflter and IPTables - A Structural Examination,” SANS Institute, 2004.

[23]“Netflter.org, Netflter,” https://www.netflter.org/.

[24]“University of Oulu, Radamsa,”