Securing publish-subscribe communication’s confidentiality, integrity and authenticity
Kaarenpää, Henriikka (2025)
2025
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2025-06-06
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202505266147
https://urn.fi/URN:NBN:fi:tuni-202505266147
Tiivistelmä
The importance of information security is constantly highlighted in today’s society. Fast, safe and large scale communication systems are increasingly necessary. Publish-subscribe model aims to full fill these requirements. Its advantages are scalability, decentralization and real-time communication. In addition to these advantages new challenges arise. The importance of security is high in communication systems, since safe data sharing is in the middle of almost each system. This thesis’ goal is to research on how to secure publish-subscribe communication. The context for this research is IoT field. Especially the focus is on confidentiality, integrity and authenticity of the data. To reach these goals, research questions were defined. The first question is how to secure confidentiality, integrity and authenticity of a publish-subscribe communication. The goal for the second question was to determine how OPC UA PubSub could benefit from blockchain technology. To achieve these goals a literature review and experimental research was conducted.
Guaranteeing data confidentiality, integrity and authenticity in a publish-subscribe communication is not easy. Each system is a different entity and requires contextual knowledge. In this research few basic system features occurred frequently. Correct encryption scheme with signature options and dynamic access control are highlighted in safe system development. How these features are implemented are system specific and depend on resources on hand. Promising solutions are found for instance in outsourced calculation and blockchain based solutions.
As an experimental research in this thesis, OPC UA PubSub was implemented. It was modified by changing standard defined security services with blockchain. The idea was to observe how it benefits the system. The main advantage of blockchain is based on decentralized structure which decreases the dependency on single authority. This improves the system security. Notable challenges are related to blockchains disadvantages and required work in both design and implementation.
From this thesis’ results it can be concluded that information secure publish-subscribe communication requires knowledge in both system and its risks. There are existing research on this topic but how they can be utilized depends on the situation. Blockchain was often described as future solutions and their security properties are indisputable. Challenges related to that are still lacking solutions. Especially resource usage affects the choice of system design. Results are affected by what kinds of compromises are done. Usually improving security takes resources from other functionalities. For that reason the choices should be based on the situation on hand.
Guaranteeing data confidentiality, integrity and authenticity in a publish-subscribe communication is not easy. Each system is a different entity and requires contextual knowledge. In this research few basic system features occurred frequently. Correct encryption scheme with signature options and dynamic access control are highlighted in safe system development. How these features are implemented are system specific and depend on resources on hand. Promising solutions are found for instance in outsourced calculation and blockchain based solutions.
As an experimental research in this thesis, OPC UA PubSub was implemented. It was modified by changing standard defined security services with blockchain. The idea was to observe how it benefits the system. The main advantage of blockchain is based on decentralized structure which decreases the dependency on single authority. This improves the system security. Notable challenges are related to blockchains disadvantages and required work in both design and implementation.
From this thesis’ results it can be concluded that information secure publish-subscribe communication requires knowledge in both system and its risks. There are existing research on this topic but how they can be utilized depends on the situation. Blockchain was often described as future solutions and their security properties are indisputable. Challenges related to that are still lacking solutions. Especially resource usage affects the choice of system design. Results are affected by what kinds of compromises are done. Usually improving security takes resources from other functionalities. For that reason the choices should be based on the situation on hand.