SRG | Security Research Group

MARAS: Mutual Authentication and Role-based Authorization Scheme for Lightweight Internet of Things Applications

MARAS

Supplementary – Fig. 1:

Supplementary – Fig. 2:

Supplementary – Fig. 3:

Supplementary – Fig. 4:

    Supplementary Table 1
    Implementation details

Unit Dependencies Version
WSO2IS 5.3 Oracle Java SE Development Kit JDK1.8.0_144
Apache ActiveMQ 5.15.3
Apache Ant 1.10.1
Apache Maven 3.5.0
OAuth 2.0 Configure Playground2 Web Application -
Tomcat 7.0.82
Sample of Identity Server -
MongoDB 3.6 Mongo-c-driver 1.10.0
Libbson -
Mosquitto_pyauth app. Python 2.7
MQTT Broker Mosquitto (Linux device) 1.4.8
MQTT 3.1.1 Client library Eclipse_paho -
MQTT Client Tool Mosquitto_pub/mosquitto_sub -

    Supplementary Table 2
    Code information

Code # Request access token and response from authorization server
1

curl --user mfsEQkwtfKINk0npCSWRb66l6jIa: 1xlZwKPW6OHlGTYg1bw4lM0QfQwa -k -d "grant type=password&username=admin&password= admin&scope= W3sicnciOiJydyIsInRvcGljIjoiL3RlbXBlcmF0dXJlLyJ9XQ==" -H "Content-Type:application/x-www-form-url encoded” https://localhost:9443/oauth2/token

2

{‘status’:’200’, ‘content-length’: ’205’, ‘x-xss-protection’: ‘1; mode= block’, ‘x-content-type-options’: ‘nosniff’, ‘server’: ‘WSO2 Carbon Server’, ‘date’:’ Thu, 28 Jun 2018 21:22:22 GMT’, ‘x-frame-options’:’DENY’, ‘content-type’:’application/json’} {u’username’:’u’admin@carbon.super’, u’exp’:1530230749, u’token_type’: ’Bearer’, u’client_id’: u’ mfsEQkwtfKINk0npCSWRb66l6jIa ’, u’iat’:1530219949,, u’ active’:True , u’scope’: u’ W3sicnciOiJyd yIsInRvcGljIjoiL3RlbXBlcmF0dXJlLyJ9XQ==} >
3

{‘status’:’200’, ‘content-length’: ’205’, ‘x-xss-protection’: ‘1; mode=block’, ‘x-content-type-options’: ‘nosniff’, ‘server’: ‘WSO2 Carbon Server’, ‘date’:’ Thu, 28 Jun2018 21:22:22 GMT’, ‘x-frame-options’:’DENY’, ‘content-type’:’application/json’} { u’active’:False }.
4

{u’username’:’u’admin@carbon.super’, u’exp’:1530230749, u’token_type’: ’Bearer’, u’ client_id’: u’ mfsEQkwtfKINk0npCSWRb66l6jIa’, u’iat’:1530219949,, u’active’:True, u’scope’: u’ W3sicnciOiJydyIsInRvcGljIjoiL3RlbXBlcmF0d XJlLyJ9XQ== ([{"rw":"rw","topic":"/temperature/"}]:W3sicnciOiJydyIsInRvcGljIjoiL3RlbXBlcmF0d XJlLyJ9XQ== )



    Supplementary Table 3
    Generated HOTP value on the broker

Consecutively generated HOTP values on the broker HOTP Value Status Code
HOTP0=HOTP((mfsEQkwtfKINk0npCSWRb66l6jIa,3) 064619 0
HOTP1=(HOTP(HOTP0,3) 042439 0
HOTP2=HOTP(HOTP1 (HOTP0,3),3) 459020 0
HOTP3=(HOTP(HOTP2(HOTP1(HOTP0,3),3),3) 273755 0
HOTP4=(HOTP(HOTP3(HOTP2(HOTP1(HOTP0,3),3),3),3) 237502 0
HOTP5=(HOTP(HOTP4 (HOTP3 (HOTP2(HOTP1 (HOTP0,3),3),3),3),3) 335460 0
HOTP6=(HOTP(HOTP5 (HOTP4 (HOTP3(HOTP2(HOTP1(HOTP0,3),3),3),3),3),3) 991565 2


    Supplementary Table 4
    Generated HOTP value on the client

A generated HOTP values on the client HOTP Value Status Code
HOTP7(client)=HOTP(HOTP6(HOTP5(HOTP4(HOTP3(HOTP2(HOTP1 (HOTP0,3),3),3),3),3),3),3) 322924 2

    Supplementary Table 5
    Installation Steps

Installation # The process of setting up Mosquitto on a Ubuntu machine and configuring it to develop security mechanisms can be outlined as follows:
For OpenSSL:


wget http://www.openssl.org/source/ openssl-1.1.1k.tar.gz

tar -zxf openssl-1.1.1k.tar.gz

cd openssl-1.1.1k

./config --prefix=/usr --openssldir=/usr/local/openssl shared

Make

(Fail is solved with apt install libcjson1 libcjson-dev)

make test

sudo make install

For Mosquitto:


yum -y install uuid uuid-deve libuuid-devel (Since there is no yum command on Raspberry Pi, the packages were installed separately.)

wget http://mosquitto.org/files/source/ mosquitto-2.0.9.tar.gz

tar xvzf mosquitto-2.0.9.tar.gz

cd mosquitto-2.0.9

make mosquitto

sudo make install

MQTT_py_auth_plugin:
Once Mosquitto is installed, we proceed with configuring it to enhance security. This involves modifying the Mosquitto configuration file, typically located at /etc/mosquitto/mosquitto.conf. Open the configuration file in a text editor and make the necessary changes. To enable authentication, we add python plugin that includes username and password with token based and HOTP with hash chain authentication, payload encryption with AES and Authorization with OAuth 2.0 in Mosquitto .

Download https://github.com/mbachry/mosquitto_pyauth
move mosquitto_pyauth under the mosquitto-2.0.9

cd mosquitto_pyauth

make USE_CARES=1

make MOSQUITTO_SRC=/path/to/mosquitto-src9

make PYTHON_VERSION=2.7 MOSQUITTO_SRC=/home/pi/mosquitto-2.0.9/

auth_plugin_pyauth.so file must be available current directory, if all is ok.

sudo cp /home/pi/mosquitto-2.0.9/testauth /usr/local/lib/python2.7/dist-package
Configure Mosquitto:

We change content of testauh with the enhanced authentication and authorization mechanizm. The plugin is known as mqtt-pyauth-oauth2-otp.py The source codes for the plugin can be found on the following page.
Edit mosquitto.conf in /etc/mosquitto:

sudo cp /home/pi/mosquitto-2.0.9/auth_plugin_pyauth.so /etc/mosquitto

auth_plugin /etc/mosquitto/auth_plugin_pyauth.so

#auth_plugin /usr/local/lib/mosquitto/auth_plugin_pyauth.so

auth_opt_pyauth_module mosquitto_auth

auth_opt_pyauth_module mqtt-pyauth-oauth2-otp

Running Mosquitto.conf file:

sudo PYTHONPATH=/usr/local/lib/python2.7/dist-packages /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

Install MongoDB:


wget https://github.com/mongodb/mongo-c-driver/releases/download/1.1.0/mongo-c-driver-1.1.0.tar.gz

tar xzf mongo-c-driver-1.1.0.tar.gz

cd mongo-c-driver-1.1.0

./configure

make

sudo make install

wget http://c-ares.haxx.se/download/c-ares-1.10.0.tar.gz

tar zxf c-ares-1.10.0.tar.gz

cd c-ares-1.10.0

./configure

make

sudo make install
Install WSO2IS:

Please follow the steps outlined in the provided https://docs.wso2.com/display/IS530/Installing+the+Product to ensure that all installation requirements are properly considered. By following these steps, you can ensure a smooth and successful installation process.



    Supplementary Broker Source Code
    Mqtt-pyauth-oauth2-otp.py

Top