This FIS will evaluate the different message protocols to give an accurate assessment of system security. Protocols that will be compared are designed for M2M communications. The major problem here is that some of them are text based when the other are binary. FIS system will help to compare them while ignore this and other difference between protocols. The main idea of evaluation the protocol is to change used one if the network connection is unstable and not reliable. This will give the users trust in the system and they will be sure that their connection is secured and no data will be lost.
5.2.1 Design the inputs
To compare the message protocols four different variables are select. The first input is latency which can deviate between 3s for some emergency medical applications, 30sec for home automation and 3min for ships monitoring systems. The second input is bandwidth which will determine how lightweight actually the protocol is it. For example MQTT protocol is good for low-bandwidth communications. Third variable is scalability.
5.2.2 Membership functions
The first membership function is the latency. The security of the system may depend on the latency of the system and that may cause some errors. The ranges for the inputs are shown in Table Table .
Table . Range of inputs for Latency
Level of latency
|
Range
|
Low
|
0 – 0.3
|
Medium
|
0.3 – 0.7
|
High
|
0.7 – 1
|
The membership function for the input fuzzy set is presented in Figure .
Figure . Membership function of latency level
The bandwidth is also important parameter. If the system must operate over low bandwidth network that will cause use of optimize for that protocol with fix sized headers and payloads. The ranges for the inputs are shown in Table .
Table . Range of inputs for bandwidth
Level of bandwidth
|
Range
|
Low
|
0 – 0.3
|
Medium
|
0.3 – 0.7
|
High
|
0.7 – 1
|
The membership function for the input fuzzy set is presented in Figure .
Figure . Membership function of bandwidth level
The scalability is defined in the same range, so the final decision will be easy comparable. Membership function is shown in Figure Error: Reference source not found.
Figure . Membership function of scalability level
The example for scalability input of the protocol can be the decentralized approach or support unicast and multicast messages. If there is some discovery mechanism in the protocols this will also considered like scalability of growing networks. The fuzzy sets that represent the output security level are: low (L), medium (M) and high (H).
Once the input and output fuzzy sets are defined, next step is to write the rules. The rules are made of combination from the inputs and the output. The levels latency, bandwidth, QoS and scalability are used in the antecedent of rules and the level of security risk as the consequent of rules. Some of the rules in this fuzzy system are present in Figure .
Figure . Fuzzy rules for message protocols security
The evaluation of message protocols is more interesting in use case with the machine to machine communication. That’s why here the treadmills will be selected for evaluation. The latency of treadmill#11 is low based on the measurements of the network and this is because it used MQTT message protocol. For the scenario the other treadmill#12 has medium latency because it used AMQP protocol. The bandwidth for both treadmills has high score because they use fast wireless connection. The scalability is also scored with high values because the both message protocols can handle multiple connections from the users and also from the coach without problem. The final evaluation of protocols has score 0.6843 for treadmill#11 and 0.4729 for treadmill#12. Both scores are between 0.3 and 0.7, where is the area of medium security level. The usage of this protocols require broker to handle the messages. This is the reason that it should be FIS system and for the brokers. Evaluation of the protocols will be used like input for the FIS system of the brokers.
5.3 Fuzzy system for the brokers evaluation
The different type of M2M protocols need message broker. To support the new developed protocols many projects appears last few years. Some of the projects build the message broker from the scratch and another just extend the previous versions and try to include the new protocol. With all this diversity it is really hard to select the right broker and also to trust it like secure solution.
5.3.1 Design the inputs
To determine the security level and trust in the broker must be defined the inputs of FIS. The performance of one broker depends of the latency, bandwidth and QoS. Another major characteristic is the supported protocols and also language of the APIs (C, C++, Objective C, .NET, Java, Erlang, Perl, Python, PHP, Ruby and etc.). Each of this inputs have its own security aspects and after evaluate them with FIS system the common grade of security will be reached.
5.3.2 Membership functions
The performance of the broker is the critical membership function when we talk about M2M communications and millions of requests. Defined are three level of performance: low, medium and high. The ranges for the inputs are shown in Table .
Table . Range of inputs for performance
Another membership function is security level of protocols shown in Table .
Table . Range of inputs for security
Level of Security (Protocols)
|
Range
|
Low
|
0 – 0.3
|
Medium
|
0.3 – 0.7
|
High
|
0.7 – 1
|
The last membership function is the interoperability of the broker and his APIs. Again the inputs are defined in three levels low, medium and high (Table ).
Table . Range of inputs for interoperability
Level of Interoperability (APIs)
|
Range
|
Low
|
0 – 0.3
|
Medium
|
0.3 – 0.7
|
High
|
0.7 – 1
| 5.3.3 Rules of the fuzzy system
Different output levels of the FIS are based on the rules that are applied on the membership functions. Some of the rules in this fuzzy system are as follow:
If (Performance is low) and (ProtocolsSecurity is low) then (SecurityLevel is Low)(1)
If (Performance is high) and (ProtocolsSecurity is low) then (SecurityLevel is Low)(1)
If (Performance is low) and (Interoperability is high) then (SecurityLevel is Medium)(1)
If (Performance is medium) and (Interoperability is high) and (ProtocolsSecurity is medium) then (SecurityLevel is Medium)(1)
If (Performance is high) and (Interoperability is high) and (ProtocolsSecurity is high) then (SecurityLevel is High)(1)
5.3.4 FIS Evaluation
The used brokers in the scenario are Mosquitto and ActiveMQ. The performance on both brokers is high, but the protocol security on MQTT is low while the AMQP has high security. The interoperability on ActiveMQ is also high because support both protocols from the scenario and has more APIs. After the evaluation Mosquitto has score 0.284. This means that is has low security level because even it has high performance it communicate with low security protocol MQTT and didn’t support AMQP and other APIs. The ActiveMQ broker has score 0.837 and that is in range between 0.7 and 1 where is the area of high level security. From this evaluation we can conclude that is better two improve the system and use ActiveMQ broker for both protocols.
The final step is access control and policies that are applied for authorization. The algorithm, described in chapter 4 is used to separate the H2M and M2M flow. The idea of is to have fast and scalable access control that can handle billions of connections. It will give also an opportunity to have finer grade policies.
Share with your friends: |