Application Layer Protocol Research Articles

Application layer security for Internet communications: A comprehensive review, challenges, and future trends

The security of Internet communications has traditionally been delegated to controls at lower layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) architecture. However, the increasing complexity and severity of current Internet threats have rendered this approach insufficient, necessitating enhanced security measures at higher levels. This paper presents a comprehensive review of Application layer security for Internet communications, utilizing a novel classification scheme of existing literature based on standards and frameworks. Unlike previous studies, our proposed classification scheme encompasses all current approaches to security provision, security goals, types of attacks, and types of controls at the Application layer. Moreover, it analyzes security solutions for both standardized and proposed protocols. Our review is domain-agnostic and considers all existing contributions without age restrictions, allowing us to analyze the complete landscape beyond the conventional use of browsers for accessing Internet services and to understand the evolution of Application layer security from the Internet’s inception. Our thorough review also identifies gaps, challenges, and forecasts future trends, serving as a baseline for future research. We conclude that the primary driver to secure the Application layer for Internet communications is the technological adaptation of standardized Application layer protocols to meet new requirements over time, which has given rise to new and dangerous threats, rendering controls at lower layers insufficient.

Deep Learning for Smart Grid Intrusion Detection: A Hybrid CNN-LSTM-Based Model

As digital technology becomes more deeply embedded in power systems, protecting the communication networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3) represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities. Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network (CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to train and test our model. The results of our experiments show that our CNN-LSTM method is much better at finding smart grid intrusions than other deep learning algorithms used for classification. In addition, our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection accuracy rate of 99.50%.

IoT based Efficient and Secure Building Architecture with Constrained Application Protocol (CoAP)

The Internet of Things (IoT), one of the newest technologies, has great potential for many industry businesses. Smart building technology is one of the biggest IoT industries. IoT is used on a regular basis in many different industries. It is used in a variety of contexts, including physical defense, e-health, smart buildings, grids, cities, homes, asset management, and transportation management. IoT-level, networked smart buildings offer affordable assistance. Comfort, accessibility, security, and energy management are necessary for commercial space. Naturally, IoT-based solutions can satisfy these requirements. With the depletion of the energy supply and the increase in demand for energy, there has been a growing focus on energy usage and building maintenance. This paper uses emerging IoT technology to demonstrate a smart building design that is both safe and energy-efficient. Constrained Application Protocol (CoAP) is a crucial internet transmission protocol that assigns a unique address to every device. Data is transferred using this application layer protocol outside of secure channels. While there are several recommended techniques to protect sensitive data transfer, one likely way to improve the security aspect of CoAP for authentication and end-to-end security is through the use of Datagram Transport Layer Protection (DTLS).This paper propose a smart building design in which the Internet of Things is used to control the operation of all technological components. The simulation results show that compared to the situation of employing Message Queuing Telemetry Transport (MQTT), adopting CoAP in a smart building saves energy use by around 34.86%. In order to increase security in a smart building, this article also explains how to include the DTLS protocol inside of CoAPutilising enhancements from the Certificate Authority (CA).Finally, using the ContikiCooja (CC) simulator to simulate system performance and data collecting in terms of latency, throughput, and resource consumption, CoAP is utilized to modify orderer and peer nodes for performance research in smart building.

PrioMQTT: A prioritized version of the MQTT protocol

MQTT is an application layer protocol that, thanks to its simplicity and low overhead, is widely used in the Internet of Things (IoT) devices typically found in home automation and consumer applications. The MQTT properties make it an interesting option also for Industrial IoT (IIoT) applications. However, MQTT is not specifically devised for IIoT applications requiring low-latency and the support for time-constrained transmissions. For this reason, this paper proposes an IIoT-enabled version of MQTT called a Prioritized MQTT (PrioMQTT) that is able to provide low latencies to time-critical messages. Unlike the standard MQTT, PrioMQTT adopts the UDP/IP stack, which is more suitable than TCP/IP for low-latency communications. Moreover, PrioMQTT introduces a mechanism to prioritize the time-critical messages over the non-time-critical ones. The combination of the UDP/IP stack and priority support in the PrioMQTT protocol is achieved while maintaining the compliance with the MQTT standard message format. As a result, PrioMQTT can be implemented on commercial-off-the-shelves (COTS) devices without hardware modifications. The paper describes the PrioMQTT protocol and investigates its performance through an assessment in a realistic industrial scenario and in comparison with the standard MQTT protocol.

D4GW: DTLS for gateway multiplexed application to secure MQTT(SN)-based pub/sub architecture

MQTT-SN a pub/sub application layer protocol is a well-established protocol in the Internet of Things (IoT) paradigm. MQTT-SN gateway application is available as an open-source contribution. Since the gateway receives unencrypted UDP traffic from sensor nodes and translates it to MQTT packets to be forwarded to the MQTT Broker, the first hop always remains vulnerable to potential cyber–physical attacks. This paper identifies potential threats to the current MQTT-SN gateway and provides security while remaining concurrent. We propose a secure gateway application, SecGW, that achieves concurrency while remaining as robust to vulnerabilities as a single BIOS. The performance of SecGW is evaluated by measuring system scalability, resilience, processing delay, and consumed power through the analysis of payload transactions and their types. The evaluation has been carried out on a low-powered IoT testbed. The results of the experimental setup show satisfactorily linear scalability of memory, fairly consistent delays, and an insignificant increase in security-attributable power consumption for an increasing number of connected clients. The packet-level analysis of traffic in an experimental setup demonstrates the resilience of SecGW through stage-wise identification and isolation of misbehaving clients.

A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT)

A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT)

Improvement of MQTT semantic to minimize data flow in IoT platforms based on distributed brokers

AbstractMessage queuing telemetry transport (MQTT) is an application layer protocol that enables effective device communication in the Internet of Things (IoT). MQTT operates according to a publish‐subscribe model, where a broker receives messages from the publishers and then forwards them to the subscribers. However, existing cloud‐based MQTT brokers lead to network bottlenecks due to the large number of devices that interact with them. Therefore, mist computing is involved, where the MQTT brokers are deployed closer to the IoT devices and the workload is distributed across multiple brokers. Nevertheless, the distributed mist‐based MQTT architecture introduces serious issues caused by the massive volume of flow exchanged by IoT devices. In this article, we introduce MQTT‐SD to address these issues. MQTT‐SD enhances MQTT protocol syntax with fusion semantic aggregation. It accomplishes MQTT topic fusion on the MQTT broker side with consideration of topics' distribution. We carried out extensive simulation and emulation to demonstrate MQTT‐SD efficacy. The results show that MQTT‐SD reduces MQTT flow and has the lowest traffic load compared to MQTT+ and MQTT‐MFA.

Unknown application layer protocol recognition method based on deep clustering

Unknown application layer protocol recognition method based on deep clustering

WiPoTS: An Application Layer Protocol With Network Protocol Stack Enhancements For Wireless Power Transfer Networks

Abstract Nowadays, a far-field wireless power transfer (WPT) system aims to deliver wireless power over a distance of a few meters. Communication among devices for the purpose of WPT in the far-field WPT system is unique as its purpose is to establish, maintain and monitor a WPT session among devices in the system. For proper functionality of a WPT system, a number of communication-, control- and management-related challenges need to be addressed. Hence, here an application layer protocol specifically designed for a WPT system is presented. The protocol provides essential control, management and communication functionalities to establish, maintain and monitor a WPT session. Some features of a WPT system require low-latency communication, hence enhancements for a networking protocol stack are also proposed. To validate the effectiveness of the presented application layer protocol along with the enhancements proposed for the networking protocol stack, a set of experiments was carried out over a real WPT system. The experimental results demonstrate that the proposed protocol possesses the features essential for a WPT system, and the proposed enhancements for the networking protocol stack provide low-latency communication along with lower control overhead compared with an existing state-of-the-art network protocol stack.

A High-interaction Physics-aware ICS Honeypot for Industrial Environments

Industrial Control Systems (ICSs) are control systems that automate and control industrial processes. ICSs have a high-security risk since most of them are connected to the Internet for remote monitoring and controlling purposes. Compromising ICS can disrupt critical infrastructure supplies, such as water supply, power supply, transportation systems, and manufacturing systems. Programmable Logic Controllers (PLCs) are special computers used in ICSs. Many PLCs do not have built-in security systems. Many ICS application layer protocols are not designed with security in mind. Therefore, external security systems are needed to protect ICSs from cyber-attacks. Identifying the vulnerabilities, malware, and attacking patterns is useful in designing defense-in-depth security systems for ICSs. Honeypots can be used for research purposes as a way of collecting data and can also be used to protect the systems from attackers. In this paper, we present a high-interaction physics-aware ICS research honeypot that has been extended to a production honeypot using Software Defined Networking.

IoT Protocol-Enabled IDS based on Machine Learning

During the last decade, Internet of Things (IoT) devices have become widely used in smart homes, smart cities, factories, and many other areas to facilitate daily activities. As IoT devices are vulnerable to many attacks, especially if they are not frequently updated, Intrusion Detection Systems (IDSs) must be used to defend them. Many existing IDSs focus on specific types of IoT application layer protocols, such as MQTT, CoAP, and HTTP. Additionally, many existing IDSs based on machine learning are inefficient in detecting attacks in IoT applications because they use non-IoT-dedicated datasets. Therefore, there is no comprehensive IDS that can detect intrusions that specifically target IoT devices and their various application layer protocols. This paper proposes a new comprehensive IDS for IoT applications called IP-IDS, which can equivalently detect MQTT, HTTP, and CoAP-directed intrusions with high accuracy. Three different datasets were used to train the model: Bot-IoT, MQTT-IoT-IDS2020, and CoAP-DDoS. The obtained results showed that the proposed model outperformed the existing models trained on the same datasets. Additionally, the proposed DT and LSTM models reached an accuracy of 99.9%.

Congestion Aware WSN-IoT-Application Layer Protocols for Healthcare Services

In the healthcare industry, WSN-IoT networks can be used to gather patient data for statistical purposes. IoT-based application-level protocols do not take into account these facts while forwarding the data to the gateway or server, which may degrade the network performance if the data was collected from a patient with ordinary/critical health issues and the route was busy or congested. In this paper, we'll look at the performance of two application layer protocols (i.e. CoAP and MQTT) within the constraints of a scalable network by integrating a congestion-aware scheme with them.

Application-Layer DDoS Attack Detection Using Explicit Duration Recurrent Network-Based Application-Layer Protocol Communication Models

Existing application-layer distributed denial of service (AL-DDoS) attack detection methods are mainly targeted at specific attacks and cannot effectively detect other types of AL-DDoS attacks. This study presents an application-layer protocol communication model for AL-DDoS attack detection, based on the explicit duration recurrent network (EDRN). The proposed method includes model training and AL-DDoS attack detection. In the AL-DDoS attack detection phase, the output of each observation sequence is updated in real time. The observation sequences are based on application-layer protocol keywords and time intervals between adjacent protocol keywords. Protocol keywords are extracted based on their identification using regular expressions. Experiments are conducted using datasets collected from a real campus network and the CICDDoS2019 dataset. The results of the experiments show that EDRN is superior to several popular recurrent neural networks in accuracy, F1, recall, and loss values. The proposed model achieves an accuracy of 0.996, F1 of 0.992, recall of 0.993, and loss of 0.041 in detecting HTTP DDoS attacks on the CICDDoS2019 dataset. The results further show that our model can effectively detect multiple types of AL-DDoS attacks. In a comparison test, the proposed method outperforms several state-of-the-art approaches.

Design Scheme of Distributed Energy Resources Interconnection Oriented the VPP System

At present, the virtual power plant is still in the stage of theoretical research and early pilot development. It has not yet formed a systematic and comprehensive Distributed Energy Resource (DER) modeling, market participation mechanism, operational risk management, operational optimization decision-making method, and systematic operating platform. Given the massive DERs interconnection requirements of the virtual power plant system, this paper proposes a design scheme for the DER interconnection protocol, which solves the problems of the existing application layer protocol, such as high overhead, poor security, and low efficiency of massive interconnection, and supports the safe and stable operation of power grid enterprises and virtual power plant systems.

An event‐driven fusion framework with auto‐scaling of edge intelligence for resilient smart applications in developing countries

AbstractInternet of Things has been a popular technology in recent years for deploying a large‐scale, smart environment monitoring application across the country, using fog computing and the cloud. However, most locations of the developing countries suffer from power outages and limited network connectivity. Moreover, varied population in different locations, may lead to either frequent or rare changes in the state of the monitored environment. Due to these stochastic conditions, there may be substantial increase in service time of the application with unnecessary battery and resource consumption of the fog node. For efficient utilization of fog node resources in dynamic environment conditions, an event‐driven information fusion framework is proposed using docker containerization technology and MQTT (Message Queuing Telemetry Transport) as application layer protocol. The proposed framework provides resilience to the application in the presence of stochastic conditions and auto‐scales edge intelligence with minimum scaling operations. The performance of the framework is validated on a smart sanitation system use‐case application, proposed for autonomous monitoring of restrooms deployed in Indian rural and semi‐urban environment, and the experimental result show deviation of 2.8% in average response time of the application with average accuracy of 98.9%.

Secure Data Distribution Architecture in IoT Using MQTT

Message Queuing Telemetry Transport (MQTT) is one of the standard application layer protocols for the Internet of Things. It uses a publish/subscribe mechanism which organizes a set of clients around a server called the broker, which delivers published data to its intended recipients. This article proposes an architecture that allows MQTT brokers to cooperate and share their data with other interested MQTT brokers. It is a service-oriented architecture that wraps an MQTT broker with a well defined WebSockets-based interface which allows it to offer its topic space and published data to other MQTT brokers. The wrapped MQTT broker is called a broker service, and it discovers other broker services through a discovery service. Each broker service only connects to services that have data its clients are interested. Furthermore, these services are authenticated by obtaining tokens from an authentication service that registers and issues JSON Web Tokens for them. These tokens contain the identity and claims of their owners and they can be verified without contacting the authentication service. The proposed architecture simplifies data sharing and improves the security in scenarios with multiple MQTT brokers where clients can move between them. In these scenarios, the MQTT brokers need to obtain data based on their clients interests, which are constantly changing. It does so by isolating MQTT brokers into services that can be discovered and consumed over well-defined interfaces. The architecture was implemented in javascript using MQTT 3.1.1 standard complaint library. We demonstrate the performance characteristics of our architecture using our implementation through three scenarios, which are designed to compare the delay from publisher to subscriber when they operate within the same MQTT broker and different MQTT brokers. The results show that the overhead of our architecture is around 50% in two synthetic scenarios (performed on a single machine) and around 27% in a third scenario performed on the cloud with multiple virtual machines hosting the broker services and simulated clients.

An approach to application-layer DoS detection

With the massive resources and strategies accessible to attackers, countering Denial of Service (DoS) attacks is getting increasingly difficult. One of these techniques is application-layer DoS. Due to these challenges, network security has become increasingly more challenging to ensure. Hypertext Transfer Protocol (HTTP), Domain Name Service (DNS), Simple Mail Transfer Protocol (SMTP), and other application protocols have had increased attacks over the past several years. It is common for application-layer attacks to concentrate on these protocols because attackers can exploit some weaknesses. Flood and “low and slow” attacks are examples of application-layer attacks. They target weaknesses in HTTP, the most extensively used application-layer protocol on the Internet. Our experiment proposes a generalized detection approach to identify features for application-layer DoS attacks that is not specific to a single slow DoS attack. We combine four application-layer DoS attack datasets: Slow Read, HTTP POST, Slowloris, and Apache Range Header. We perform a feature-scaling technique that applies a normalization filter to the combined dataset. We perform a feature extraction technique, Principal Component Analysis (PCA), on the combined dataset to reduce dimensionality. We examine ways to enhance machine learning techniques for detecting slow application-layer DoS attacks that employ these methodologies. The machine learners effectively identify multiple slow DoS attacks, according to our findings. The experiment shows that classifiers are good predictors when combined with our selected Netflow characteristics and feature selection techniques.

Research on the High Precision Synchronous Control Method of the Fieldbus Control System

The synchronization control performance of the Fieldbus control system (FCS) is an important guarantee for the completion of multi-axis collaborative machining tasks, and its synchronization control accuracy is one of the decisive factors for the machining quality. To improve the synchronization control accuracy of FCS, this paper first makes a comprehensive analysis of the factors affecting synchronization in FCS. Secondly, by analyzing the communication model of linear Ethernet, a distributed clock compensation method based on timestamps is proposed to solve the asynchronous problem of communication data transmission in the linear ethernet bus topology. Then, based on the CANopen application layer protocol, the FCS communication and device control task collaboration method is proposed to ensure the synchronous control of multiple devices by FCS. Finally, an experimental platform is built for functional verification and performance testing of the proposed synchronization method. The results show that the proposed synchronization method can achieve a communication synchronization accuracy of 50 ns and a device control synchronization accuracy of 150 ns.

GuardBox: A High-Performance Middlebox Providing Confidentiality and Integrity for Packets

The deepening of digital transformation has led to an increasing amount of data from industries being transmitted over the Internet. However, packets in plaintext originally designed for transmission in private networks suffer from significant security threats on the Internet. Unfortunately, existing encryption schemes, such as the representative TLS, are difficult to be applied to these industrial protocols due to their specific requirements and conditions such as low latency requirements and restricted operating environments. In this paper, we present a high-performance encryption/decryption middlebox called GuardBox to provide confidentiality and integrity for packets. GuardBox is expected to transparently encrypt/decrypt packets sent/received by protected industrial equipment with low latency and supports almost any application-layer protocol. To do that, we design a high-performance packet I/O framework and an optimized encryption/decryption scheme for GuardBox. More importantly, we use commodity trusted hardware, Intel SGX, to ensure the security of keys and the encryption/decryption process. Our extensive evaluation demonstrates that GuardBox can provide confidentiality and integrity for packets transmitted over the Internet with low latency and a near-native throughput.

A Comprehensive Characterization of Threats Targeting Low-Latency Services: The Case of L4S

New services with low-latency (LL) requirements are one of the major challenges for the envisioned Internet. Many optimizations targeting the latency reduction have been proposed, and among them, jointly re-architecting congestion control and active queue management (AQM) has been particularly considered. In this effort, the Low Latency, Low Loss and Scalable Throughput (L4S) proposal aims at allowing both Classic and LL traffic to cohabit within a single node architecture. Although this architecture sounds promising for latency improvement, it can be exploited by an attacker to perform malicious actions whose purposes are to defeat its LL feature and consequently make their supported applications unusable. In this paper, we exploit different vulnerabilities of L4S which are the root of possible attacks and we show that application-layer protocols such as QUIC can easily be hacked in order to exploit the over-sensitivity of those new services to network variations. By implementing such undesirable flows in a real testbed and characterizing how they impact the proper delivery of LL flows, we demonstrate their reality and give insights for research directions on their detection.