RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of study in the paper is the analysis of technologies, architectures, vulnerabilities and cyberattacks, communication patterns of smart objects, messaging models, and Internet of Things (IoT) / Web of Things (WoT) protocols for solving applied problems of critical and non-critical systems. The goal is to develop a method for selecting messaging models and application-level protocols in non-critical and critical multi-level IoT/WoT systems, provided that the type of access to intelligent objects is initially determined by the initial data, as well as analysis of vulnerabilities and attacks using these protocols. Objectives: to formalize the procedure for choosing communication protocols for IoT/WoT systems; analyze possible vulnerabilities of communication protocols; develop a method for selecting communication protocols for given initial data, depending on the selected type of communication template for smart objects; check practically the proposed method. The methods of research are methods of system analysis. The following results were obtained. The analysis of the features of communication protocols is conducted by comparing the main interrelated characteristics of IoT/WoT, the results of which are presented in the form of a table. A method has been developed for selecting communication protocols, depending on the selected type of communication template. The analysis of possible vulnerabilities of communication protocols and possible attacks using these protocols is conducted. The author has tested the method using the example of a corporate system (Smart House) based on the WoT concept. Findings. The scientific novelty of the results obtained is as follows: the analysis conducted in the paper shows that currently there is no unified approach to the choice of a messaging model and application-level protocols for building IoT/WoT, depending on the selected type of communication template for smart objects. The method for selecting communication protocols for the given conditions (for each IoT system its interaction pattern will correspond, depending on which components interact with each other), improved by the authors of the paper, makes it possible to simplify the task of using separate protocols for given IoT systems, considering vulnerabilities of protocols.

Internet of Things; cyberattacks; models of messaging; communication templates; application layer protocols

Al-Sarawi, S., Anbar, M., Alieyan, K., Alzubaidi, M. Internet of Things (IoT) communication protocols: Review. Proceeding of the 2017 8th International Conference on Information Technology (ICIT), Amman, Jordan, 2017, pp. 685-690. DOI: 10.1109/ ICITECH.2017.8079928.

Çorak, B. H., Okay, F. Y. Güzel, M., Murt, Ş., Ozdemir, S. Comparative Analysis of IoT Communication Protocols. Proceeding of the 2018 International Symposium on Networks, Computers and Communications (ISNCC), Rome, Italy, 2018, pp. 1-6. DOI: 10.1109/ISNCC.2018.8530963.

Gloria, A., Cercas, F., Souto, N. Comparison of communication protocols for low cost Internet of Things devices. Proceeding of the 2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), Kastoria, Greece, 2017, pp. 1-6, DOI: 10.23919/SEEDA-CECNSM.2017.8088226.

Irons-Mclean, R., Sabella, A., Yannuzzi, M. IoT and Security Standards and Best Practices. Sample Chapter is provided courtesy of Cisco Press. Date: Jan 14, 2019. Available at: https://www.ciscopress.com/articles/article.asp?p=2923211. (accessed 12.12.2020).

Moraes, T., Nogueira, B., Lira, V., Tavares, E. Performance Comparison of IoT Communication Protocols. Proceeding of the 2019 IEEE International Conference on Systems, Man and Cybernetics (SMC), Bari, Italy, 2019, pp. 3249-3254. DOI: 10.1109/SMC.2019.8914552.

Srinivasa, A. H, Dr. Siddaraju. A comprehensive study of architecture, protocols and enabling applications in Internet of Things (IoT). International journal of scientific & technology research, 2019, vol. 8, iss. 11, pp.1767-1779. Available at: http://www.ijstr.org/final-print/nov2019/A-Comprehensive-Study-Of-Architecture-Protocols-And-Enabling-Applications-In-Internet-Of-Things-iot-.pdf. (accessed 12.12.2020).

Kassem, I., Sleit, A. Elapsed Time of IoT Application Protocol for ECG: A Comparative Study Between CoAP and MQTT. Proceeding of the 2020 International Conference on Electrical, Communi¬cation, and Computer Engineering (ICECCE), Istanbul, Turkey, 2020, pp. 1-6, DOI: 10.1109/ICECCE49384. 2020.9179435.

Liu, Z., Xi, B., Yuan, Y. Analysis on IoT communication protocol. Proceeding of the 2012 IEEE International Conference on Information and Automation, Shenyang, China, 2012, pp. 126-130, DOI: 10.1109/ICInfA.2012.6246795.

Nikolov, N. Research of MQTT, CoAP, HTTP and XMPP IoT Communication protocols for Embedded Systems. Proceeding of the 2020 XXIX International Scientific Conference Electronics (ET), Sozopol, Bulgaria, 2020, pp. 1-4, DOI: 10.1109/ET50336.2020.9238208.

Tandale, U., Momin, B., Seetharam, D. P. An empirical study of application layer protocols for IoT. Proceeding of the 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), Chennai, India, 2017, pp. 2447-2451. DOI: 10.1109/ICECDS.2017.8389890.

Stusek, M., Zeman, K., Masek, P., Sedova, J., Hosek, J. IoT Protocols for Low-power Massive IoT: A Communication Perspective. Proceeding of the 2019 11th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), Dublin, Ireland, 2019, pp. 1-7, DOI: 10.1109/ICUMT48472.2019.8970868.

Internet of Things for Telecom Engineers. A Report on Current State and Future Technologies. Based on research compiled from content in the IEEE Xplore Digital Library. 53 р. Available at: http://forms1. ieee.org/rs/682-UPB-550/images/IEEE-IOT-White-Paper.pdf. (accessed 12.12.2020).

Guinard, D., Trifa, V. Building the Web of Things. Manning Publications, United States, 2016. Available at: https://livebook.manning.com/book/building-the-web-of-things/chapter-1?origin=product-toc. (accessed 12.12.2020).

Wan, J., Chen, M., Xia, F., Li, D., Zhou, K. From Machine-to-Machine Communications towards Cyber-Physical Systems. Computer Science and Information Systems, 2013, vol. 10, iss. 3, pp. 1105-1128. DOI: 10.2298/CSIS120326018W.

Francis, B. Building the Web of Things. Mozilla hacks, Jun. 2017. Available at: https://hacks.mozilla.org/2017/06/building-the-web-of-things. (accessed 12.12.2020).

Tschofenig, H., Arkko, J., Thaler, D., McPherson, D. Architectural Considerations in Smart Object Networking. Available at: https://tools.ietf. org/pdf/rfc7452.pdf. (accessed 12.12.2020).

Rose, K., Eldridge, S., Chapin, L. The internet of things: an overview. Understanding the issues and challenges of a more connected world. Available at: https://www.internetsociety.org/wp-content/uploads/2017/08/ISOC-IoT-Overview-20151221-en.pdf. (accessed 12.12.2020).

Choose the Right Communication Pattern for Your IoT Project. IoT Developer Program, Intel, 2016. Available at: https://software.intel.com/en-us/articles/communication-patterns-for-the-internet-of-things. (accessed 12.12.2020).

Kang, Z., An, K., Gokhale, A., Pazandak, P. Evaluating Performance of OMG DDS in Kubernetes Container Deployment (Industry Track). Middleware ’20, 2020. Available at: http://www.dre. vanderbilt.edu/~gokhale/WWW/papers/Middleware2020.pdf. (accessed 12.12.2020).

Femia, J. Request-response vs. publish-subscribe, part 1: What's the diff? Feb. 2018. Available at: http://blog.opto22.com/optoblog/request-response-vs-pub-sub-part-1?utm_campaign=Blogging&utm_source=hs_email&utm_medium=email&utm_content=60620785&_hsenc=p2ANqtz-8yzGtVUol-jgp6AdSD2TyKzTIiQ6ZeTNlraUFE1YUHAgwgiAtSQRAOWBDtXAsTTApsxyZ-rl-physH5216fXBiKxs Txw&_hsmi=60620785. (accessed 12.12.2020).

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M. Internet of Things: A Survey on Enabling Technologies, Protocols and Applications. IEEE Communications Surveys & Tutorials, 2015, vol. 17(4), pp. 2347-2376. DOI: 10.1109/COMST.2015. 2444095.

Tkachenko, V., Goriushkina, A., Kolisnyk, M. Communication Messaging Models in IoT/WoT: Survey and Application. Proceeding of the 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkiv, Ukraine, 2018, pp. 417-422, DOI: 10.1109/INFOCOMMST.2018.8632063.

Joshi, R., Didier, P., Jimenez, J., Carey, T. The Industrial Internet of Things. Volume G5: Connectivity Framework. Industrial Internet Consortium Publ., 2018. 129 p. Available at: https://www.iiconsortium.org/pdf/IIC_PUB_G5_V1.01_PB_20180228.pdf. (accessed 12.12.2020).

Kovatsch, Matthias., Matsukura, Ryuichi., Lagally, Michael., Kawaguchi, Toru., Toumura, Kunihiko., Kajimoto, Kazuo. Web of Things (WoT) Architecture. W3C Recommendation, 9 April 2020. Available at: https://www.w3.org/TR/wot-architecture /#sec-interaction-model. (accessed 12.12.2020).

What is DDS? The proven data connectivity standard for the Industrial Internet of Things. Available at: https://www.dds-foundation.org/what-is-dds-3/. (accessed 12.12.2020).

Napoli, G. DDS Connector: The Industrial Internet of Things Platform in Node.js. Silicon Valley Code Camp 2015. 71 p. Available at: https://info.rti.com/hubfs/RTI%20Labs/connector/RTI%20Connector%20for%20Connect%20DDS%20-%20the%20IIoT%20Platform%20in%20Node.js.pdf?t=1534532873718. (accessed 12.12.2020).

ISO/IEC 20922:2016. Information technology - Message Queuing Telemetry Transport (MQTT) v3.1.1. Jun. 2016. 73 p. Available at: https://www.iso. org/standard/ 69466.html. (accessed 12.12.2020).

Basics. XMPP-IoT. The basics in using XMPP for IoT. Nov. 2014. Available at: http://www.xmpp-iot.org/basics/. (accessed 12.12.2020).

ISO/IEC 19464:2014. Information technology - Advanced Message Queuing Protocol (AMQP) v1.0 specification. May 2014. Available at: https://www. iso.org/standard/64955.html. (accessed 12.12.2020).

Deakin, N. What's New in JMS 2.0, Part One: Ease of UseJMS. May 2013. Available at: http://www.oracle.com/technetwork/articles/java/jms20-1947669.html. (accessed 12.12.2020).

Shelby, Z., Hartke, K., Bormann, C. The Constrained Application Protocol (CoAP). Jun. 2014. 112 p. Available at: https://tools.ietf.org/pdf/rfc7252.pdf. (accessed 12.12.2020).

Richardson, L., Ruby, S., Amundsen, M. RESTful Web APIs: Services for a Changing World. O'Reilly Media Publ., 2013. 406 p.

What can DDS do for You? Learn how dynamic publish-subscribe messaging can improve the flexibility and scalability of your applications. Twin Oaks Computing, Practical middleware expertise, 2018. 16 p. Available at: https://www.omg.org/hot-topics/documents/dds/CoreDX_DDS_Why_Use_DDS.pdf. (accessed 12.12.2020).

About the Data Distribution Service Specification Version 1.4. The Object Management Group®, Mar. 2015. Available at: http://www.omg. org/spec/DDS/1.4. (accessed 12.12.2020).

DDS: An Open Standard for Real-Time Applications. Available at: https://www.rti.com/products/dds/omg-dds-standard. (accessed 12.12.2020).

Boyes, H., Hallaq, B., Cunningham, J., Watson T. The industrial internet of things (IIoT): An analysis framework. Computers in Industry, 2018, vol. 101, pp. 1-12. DOI: 10.1016/j.compind.2018.04.015.

Barnett, D. MQTT and DDS Comparison. Disentangling M2M Messaging Protocols for the IoT. May 2013. Available at: https://www.slideshare. net/RealTimeInnovations/comparison-of-mqtt-and-dds-as-m2m-protocols-for-the-internet-of-things. (accessed 12.12.2020).

Schneider, S. Understanding The Protocols Behind The Internet Of Things. Oct. 2013. Available at: https://www.electronicdesign.com/technologies/iot/article/21798493/understanding-the-protocols-behind-the-internet-of-things. (accessed 12.12.2020).

Information Technology Laboratory. National vulnerability database. CVE-2019-15135 Detail. Available at: https://nvd.nist.gov/vuln/detail/CVE-2019-15135. (accessed 12.12.2020).

Lysenko, S. M., Kharchenko, V. S., Bobrovnikova, K. Yu. Shchuka, R. V. Rezyl'yentnist' komp"yuternykh system v umovakh kiberzahroz: taksonomiya ta ontolohiya [Computer systems resilience in the presence of cyber threats: taxonomy and ontology]. Radioelektronni i komp'uterni sistemi – Radioelectronic and computer systems, 2020, no. 1(93), pp. 17-28. DOI: 10.32620/reks.2020.1.02.

Tetskiy, A. G. Primenenie derev'ev atak dlya otsenivaniya veroyatnosti uspeshnoy ataki na web-prilozheniya [Applying of attack trees for estimation the probability of a successful attack of the web-application]. Radioelektronni i komp'uterni sistemi – Radioelectronic and computer systems, 2018, no. 3 (87), pp. 74-79. DOI: 10.32620/reks.2018.3.08.

Security Bulletin: IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227). IBM Support, 2019. Available at: https://www.ibm.com/support/pages/security-bulletin-ibm-mq-amqp-listeners-are-vulnerable-session-fixation-attack-cve-2019-4227. (accessed 12.12.2020).

White, T., Johnstone, M. N., Peacock, M. An investigation into some security issues in the DDS messaging protocol. The Proceedings of 15th Australian Information Security Management Conference, 5-6 December 2017, Edith Cowan University, Perth, Western Australia, pp. 132-139. DOI: 10.4225/75/5a84fcff95b52.

Security Vulnerabilities. CVE Details. The ultimate security vulnerability datasource. Available at: https://www.cvedetails.com/vulnerability-list/vendor_id-10410/product_id-45945/Eclipse-Mosquitto.html. (accessed 12.12.2020).