A. The IoT Reference Model

Despite the differences between IoT deployment approaches, producing data which occurs at various rates is achieved by the physical layer to which IoT devices connect to a network (i.e. wired or wireless). Given that IoT devices at this layer may have limited power, the rate at which data generates requires special consideration to the amount of power consumed by these devices. That is, reducing the velocity or the rate at which data generates on the edge of the network translates into longer battery life of IoT devices while reducing bandwidth.

A plethora of standards, specifications and technologies at this layer exist including Ethernet 802.3, Wi-Fi 802.11 a/b/g/n, Low Power Wide Area Network (LWPAN), Long Range Radio (e.g. LoRa, Sigfox, Narrowband IoT – NB-IoT), Zigbee, Cellular (2G, 3G, 4G, LTE, 5G), 802.15.4, among many others. Figure 1 presents a Communication-centric Internet of Things (CIoT) reference model.

FIGURE 1.

A communication-centric IoT reference model (CIoT).

Show All

In the following sections, we describe the main functionality supported by the layers presented in Figure 1 and briefly discuss the relevant protocols, specifications or standards that exist at each layer.

B. Physical and Data Link Layers

At the lowest level of the IoT reference model presented in Figure 1 is the physical layer which contains the electronic circuitry for transmissions. The data link layer is responsible for data transfers between network entities. There are a large number of technologies that exist at the data link layer each of which has been designed to target specific applications or connectivity strategy. For example, Z-Wave enables IoT devices to be controlled via the Internet and is very common among smart home systems.

On the other hand, the Weightless technology uses a set of Low-Power Wide-Area Network (LPWAN) standards for data exchanges primarily between a base station and thousands of IoT nodes. There are three types of Weightless protocols including: (a) Weightless-N, Weightless-W and Weightless-P. Each of these Weightless protocols is designed for specific use cases. Weightless-W, for example, operates in the TV White Space (TVWS) spectrum and takes advantage of the ultra-high frequency (UHF). Weightless-N uses an ultra-narrowband which is ideal for sensor-based networks and metering systems, among others. Weightless-P offers bi-directional support and operates in both licensed and unlicensed ISM radio bands. Common applications using Weightless-P include industrial machine monitoring and health equipment monitoring, among others.

Sigfox is another data link layer technology which offers subscription-based connectivity services over a dedicated LPWAN networks and can be used in smart alarm systems and metering systems, among others. LoRaWAN provides a low-cost and secure bi-directional long-range transmissions supporting very large networks that consist of hundreds, thousands or millions of nodes. Ideal applications of LoRaWAN include smart cities, smart street lighting and smart waste management, among many others.

ZigBee, a technology developed by the ZigBee Alliance, is based on the IEEE 802.15.4 standard and operates in unlicensed radio bands while it supports a number of topologies including the star, cluster tree and mesh topologies. ZigBee can support up to 65,000 nodes over a network and has low data rates. Table 1 provides a feature comparison for a subset of the existing data link layer technologies sorted by the transmission range in an ascending order.

TABLE 1 Some of the Data Link Layer Protocols Comparison

C. Network and Transport Layers

Above the data link layer as can be seen in Figure 1 is the network layer. This layer is responsible for the logical addressing and delivery of packets between source and destination, which generally requires routing. Hence, a lightweight routing process is essential for IoT devices particularly constrained devices while maintaining a high level of scalability. Because some IoT devices may operate using low-power radio communication, IPv6 Low Power Wireless Personal Area Network (6LoWPAN) provides an optimal method for transmitting IPv6 packets for low-power or constrained devices.

The transport layer is mainly responsible for the end-to-end communication via a network and provides many services such as data-stream support, reliability, multiplexing and security, among others. For connection-oriented transmissions, Transmission Control Protocol (TCP) is used for messaging transmissions. Although TCP is considered one of the most widely used protocols over the Internet, TCP may not be ideal for all types of IoT systems. An IoT system that uses a large number of constrained devices disseminated across multiple geographical areas may benefit significantly from using a connectionless service protocol such as User Datagram Protocol (UDP) for messaging transmissions versus TCP.

D. Application Layer

The application layer is an abstraction layer that identifies a variety of protocols and interfacing methods [8]. There exists several application layer protocols that address a wide range of application requirements. Each of these protocols provide various features that vary in terms of reliability, quality of service, performance, functionality and scalability, among other factors.

Some of the protocols that exist at the application layer include: (a) HyperText Transfer Protocol (HTTP), (b) Secure HTTP (HTTPS), (c) Message Queueing Telemetry Transport (MQTT), (d) Advanced Message Queuing Protocol (AMQP), (e) Extensible Messaging and Presence Protocol (XMPP) and (f) Constrained Application Protocol (CoAP), among many others. In addition, a number of industry-specific protocols used primarily in IoT environments (mainly industrial) also exist such as Modbus, Distributed Network Protocol (DNP3), OLE for Process Control (OPC), Manufacturing Message Specification (MMS), among many others. A software developer, system designer or network administrator needs to consider not only an application protocol but also relevant protocols employed at other layers in the OSI model by an IoT system. In Section IV, we discuss in details each of the IoT messaging protocols that exist at the application layer.

E. IoT Application Range Requirements

Because of the diversity of IoT devices, there exists no single communication technology that is capable of supporting heterogeneous environments. To have a more thorough understanding of the transmission requirement ranges for the various IoT application domains, we present in Table 2 a list of some of the common IoT application domains with corresponding ranges based on data we collected from existing research work [2]–​[7], [120]–​[123], [130]–​[140].

TABLE 2 IoT Application Range Requirements [120]–[123], [130]–[140]

F. Specifications, Standards and Alliances

Over the past few years, there have been a significant increase in the number of standards’ governing bodies and alliances that have been formed for enhancing communication technologies for the IoT landscape. Identifying the scope and goals of these initiatives is beyond the scope of this paper. However, we would like to provide the reader an overview of some of these initiatives that we believe would be relevant to this study. In Figure 2, we present a subset of the organizations and alliances that have been playing an increasingly important role in solving challenges that exist in the IoT paradigm in recent years.

FIGURE 2.

Standards governing bodies and alliances in the IoT Landscape.

Show All

The initiatives, specifications and standards presented by the various organizations and alliances shown in Figure 2 have different focuses and target specific stakeholders or markets. For example, some of these initiatives offer solutions that aim to solve challenges for Business to Consumer (B2C) or Business to Business (B2B) applications. Other initiatives were developed to accommodate specific vertical or horizontal domains in the IoT landscape. Consider, for example, organizations or alliances such as the IEEE, ZigBee Alliance, ISO, CEN and ULE. All of these organizations or alliances have proposed standards or specifications for a vertical domain which primarily focus on solving a very specific area such as home and building automation.

Other organizations such as the IEC, ISO, oneM2M, OPC and OpenIndustry 4.0 Alliance provide specifications or recommendations that are domain-specific or solve problems within the manufacturing and industrial automation vertical domain. Furthermore, organizations such as the W3C, ITU, OASIS, OMG, IETF and HyperCat [163] provide standards, specifications and recommendations that provide broader support for a number of IoT applications while encompassing many different domains (e.g. industrial, home automation, healthcare, energy, oil and gas, among many others.

G. Choosing Messaging Protocols

Although there exists a significant number of initiatives or standards that attempt to solve IoT challenges across different domains, they vary considerably in terms of the following factors: (a) architecture, (b) communication, (c) security and privacy, (d) interoperability, (e) integration, (f) device types and sensor technology, (g) deployment models (h) services’ provisioning and (i) application and device management. Some of these features are also supported by a number of protocols that exist across the link and application layers. Examining similarities and differences among existing data link layer’s specifications, standards or initiatives is beyond the scope of this paper. However, due to the fact that exchanging data through messages is fundamental for the development and deployment of IoT applications, we focus primarily in this paper on investigating messaging protocols that support IoT data exchange.

As a first step into identifying the protocols to be part of this research paper, we conducted a review of the existing research studies that have examined protocols for IoT applications [7], [118], [121]–​[138]. As part of our selection strategy, we also considered the following factors:

• What are the system requirements and challenges that may influence choosing an application protocol for IoT development?

• What is the extent of the coverage of these challenges in existing literature?

• Which communication types are covered by existing application layer protocols?

• What factors were used or applied in conducting prior research studies?

• What is the depth of the examined literature in terms of coverage, comprehensibility and technical knowledge?

• What is the adoption rate of the existing protocols used for IoT applications?

For considering the communication scope, we reviewed the current state-of-art literature to identify the IoT communication types based on environments running IoT applications. The authors in [124] identified four classical communication types for IoT environments. We summarize these communication types below.

• Device-to-Device (D2D) where communication is provided between two nodes or devices directly.

• Device-to-Application (D2A) where communication is performed between devices and an IoT application.

• Device-to-Gateway (D2G) where communication is provided through a gateway that resides in close proximity to the edge of the network while interacting with IoT devices.

• Device-to-Cloud (D2C) where communication is achieved directly between IoT devices and cloud service providers.

We use these communication types to identify existing application layer protocols that provide support for D2D, D2A, D2G and D2C. Not all protocols support all of the identified communication types. For example, MQTT functions in the communication type D2C whereas CoAP only supports D2D. In addition, supporting the communication scope depends on a number of factors such as device capabilities. For an IoT device to send data streams to an IoT cloud platform directly (e.g. Azure IoT Hub), the device must be equipped with networking technology (e.g. WiFi or Ethernet) to send data to the cloud. However, if the device does not support direct connectivity to the cloud (e.g. an RFID tag), performing a D2C communication is not possible. Hence, a gateway may be used to collect data streams from the IoT device and then forward the stream to the cloud. As part of our comprehensive analysis and review of IoT application protocols, we take into consideration these variations and compare these protocols based on the scope of the communication type they support.

In addition, we considered published literature for identifying the adoption rate of the plurality of messaging protocols that exist today. To this extent, we reviewed existing surveys conducted across the IoT developers’ community. We make use of the results from surveys conducted by the Eclipse Foundation between 2015 and 2019 that received significant feedback from the IoT developers’ community [155]. We collected statistical data about the adoption rate published by Eclipse Foundation through these surveys and used it to identify protocols that we should consider as part of our study.

Combining the data we collected from our literature review and the results of the surveys published by the Eclipse Foundation, we identify the following messaging protocols as part of our comprehensive review: (a) HTTP(S), (b) CoAP, (c) MQTT, (d) AMQP, (e) XMPP and (f) DDS. We believe that by thoroughly investigating these protocols while having general understanding of the existing data link layer protocols, it is then possible to determine how each of these protocols can address system requirements or challenges that exist across the IoT communication landscape while also identifying suitable IoT cloud service providers for deploying crucial IoT services.

H. Support for IoT Messaging Protocols on the Cloud

Apart from examining adoption rates for IoT messaging protocols, it would be desirable to identify any patterns or trends for protocols that are supported by existing IoT cloud platforms. To this extent, we conducted a literature review examining support levels of messaging protocols across the plurality of existing IoT cloud platforms [166]–​[175]. Table 3 presents a detailed list of supported protocols that we gathered for ten of the major players or the plurality of IoT cloud platforms that exist today.

TABLE 3 List of Protocols/Technologies Supported by Existing IoT Platform Providers for Data Transmission

As can be seen in Table 3, all of the IoT cloud platforms support HTTP(S) and MQTT across all ten cloud platforms, followed by AMQP supported by six platforms, then CoAP supported by four IoT platforms. These results align with those of the Eclipse Foundation survey noting that HTTP and MQTT constituted the top two messaging protocols used by developers according to the survey results [155]. We discuss the results of the survey in Section VI.I. Unfortunately, none of the existing IoT cloud platforms provide support for DDS although it is being used by IoT developers based on the results gathered from the survey conducted by the Eclipse Foundation (Section VI.I).

We summarize the distribution of the support by cloud platform providers in Figure 3. Figure 4 presents a comparison of the messaging protocol support across cloud platforms examined in Table 3. As can be seen in Figure 4, Oracle IoT and Siemens MindSphere provide support for all of the five protocols, followed by Eclipse Hono.

FIGURE 3.

IoT platform support distribution.

Show All

FIGURE 4.

Comparison of messaging protocol support by IoT platforms.

Show All

In addition to supporting IoT messaging protocols, some IoT service providers also provide support for proprietary protocols or protocols that are specific at the IoT device level. For example, Siemens’ MindSphere supports Modbus, Lightweight M2M (LwM2M), LoRaWAN and OPC UA technologies which are commonly used in industrial automation, manufacturing or home automation. Although Alibaba IoT provides support for two of the protocols that we are investigating, it also supports IoT device mobility through dedicated transmission channels on its IoT platform providing support for a number of cellular network types including 2G, 3G, 4G and NB-IoT.

Apart from the complexities in choosing an appropriate messaging protocol for IoT applications, results from Figures 3 and 4 show that considering the IoT deployment platform is also important. In cases where an IoT application has high levels of heterogeneity, choosing an IoT platform that supports diverse IoT messaging protocols would be a good choice. However, there are also other factors that may influence the choice of IoT cloud platforms such as cost, bandwidth, reliability, security, service provisioning, interoperability, resiliency and composability, among others.

In addition, the degree of the services offered by existing IoT cloud service providers varies depending on the technologies used or applied. For example, IBM offers hosting services for its SoftLayer data centers [141] which support a large magnitude of data streams (i.e. in billions) from connected IoT devices. Deploying an IoT application on GCP, for example, can take advantage of Google’s fiber optics network [142] which can significantly support low-latency IoT application deployments. Microsoft Azure offers a number of services through the Azure Suite running applications such as Salesforce, SAP, Oracle database and Microsoft Dynamics. AWS enables messages to be routed to AWS endpoints through the Rules Engine to AWS’s Lambda, Kinesis, machine learning and Elasticsearch service, among many others. In the following sections, we describe the various messaging protocols that exist at the application layer that can be used for developing and deploying IoT applications.

A. Hypertext Transfer Protocol (HTTP)

HTTP is an application-level, generic, stateless protocol [9] that is used generally for data communication over the World Wide Web. One of the key features of HTTP is content negotiation of data representation. This enables different heterogeneous devices built independently of the data to be shared [8]. HTTP is a request-response protocol in which a client (e.g. a browser) sends a request message and a host (e.g. a server) generates a response message. HTTP version 3.0 or H3 is the latest (draft) version of HTTP introduced in 2018 [10]. However, the common HTTP version used today is HTTP 1.1. Figure 5.0 presents variations among HTTP versions 1.0, 1.1 and 2.0. In this paper, we focus primarily on the common HTTP version used in IoT applications or HTTP 1.1.

FIGURE 5.

HTTP message control flow (left: HTTP 1.0, middle: HTTP 1.1, right: HTTP 2.0.

Show All

B. Constrained Application Protocol (CoAP)

Constrained Application Protocol (CoAP) is a web transfer protocol that is intended for devices running on constrained (e.g., low-power, lossy) networks [11]. Constrained devices generally have 8-bit microcontrollers with small amounts of memory. The CoAP standard was designed for Machine-to-Machine (M2M) applications (e.g. factory automation, smart energy). Similar to HTTP, CoAP is a request-response interaction model and uses major concepts from the web such as Uniform Resource Identifiers (URIs) and Internet media types [11]. CoAP aims to bridge HTTP and RESTful services through simple interfacing. This protocol is used over the UDP transport protocol using the coap scheme and over DTLS using the coaps scheme [11]. An abstract layer of a DTLS-Secured CoAP is shown in Figure 6.

FIGURE 6.

Layers of DTLS-Secured CoAP [11].

Show All

A request URI can be split into multiple parts: (a) Uri-Host, (b) Uri-Port, (c) Uri-Path and Uri-Query Options. These features provide easy and intuitive way to communicate using this protocol with RESTful services. CoAP supports CRUD operations through HTTP methods as shown in Table 4 and provides status codes that are very similar to those in HTTP.

TABLE 4 CoAP Methods

CoAP also provides support for discovering services and resources. In addition, when a message is published in a URI, notifications are sent to clients who can access the resource. An example of a CoAP message format is shown in Figure 7. The version specifies the CoAP version number and the type indicates the type of message. CoAP uses a simple binary-base header format and the smallest size is 4 bytes.

FIGURE 7.

CoAP message structure.

Show All

Table 5 outlines the four different message types that CoAP support. The message types provide a certain guarantee to the delivery of messages and hence increases the level of quality overall. For example, when a server processes a response identified by a given code (in the code field) matching the request, an 8-bit response code identifies the class of the response: (2) success, (4) client error and (5) server error.

TABLE 5 CoAP Message Types

A confirmable message (CON) represents reliable message delivery since this type of message is retransmitted one or more times until the server ultimately receives the message. The ACK message will contain the same message id of the confirmable message (CON). An example of a confirmable message with an acknowledge response message is shown in Figure 8.

FIGURE 8.

CoAP message control flow.

Show All

Through the message types and HTTP-like status codes, CoAP becomes an easy to use protocol for integrating into the existing web. IoTivity, an open source software framework that enables device-to-device communication, uses CoAP as its application layer [18]. In addition, CoAP offers extensions such as the Observe Option which helps in observing the changes in the state of resources giving it a RESTful architecture support.

C. Message Queuing Telemetry Transport (MQTT)

Although HTTP and CoAP can be used as a request/response protocols used by IoT systems or devices, there is a need for a lightweight protocol that is designed to handle situations in cases of unreliable networks or intermittent connectivity. MQTT, an OASIS standard, is a publish-subscribe lightweight messaging protocol designed for constrained devices [12] and is well-suited for these types of scenarios while enabling the exchange of data with the cloud in a real-time manner.

As outlined in Table 3, nearly all of the existing IoT cloud platform providers including IBM Watson IoT Platform [13], Microsoft Azure IoT Hub [14], Google Cloud IoT Core [15], Bosch IoT Hub [16] and AWS IoT [17], among many others provide support for an IoT application to send data using the MQTT protocol. MQTT, an application layer protocol designed for Machine-to-Machine (M2M) communication, uses a publish-subscribe model and runs on top of the Transmission Control Protocol/Internet Protocol (TCP/IP) as shown in Figure 9.

FIGURE 9.

MQTT protocol based on TCP/IP stack.

Show All

MQTT is considered lighter than HTTP 1.1 and supports a near real-time message exchange using the publish-subscribe model. In addition to being a protocol of choice for many IoT and M2M applications, MQTT is also used in various applications where data exchange is necessary such as asset management, automotive telematics, traffic monitoring, home automation and supervisory control and data acquisition (SCADA), among others.

This publish-subscribe model is composed of a broker (i.e. a server) and clients establish a connection with the broker at any time. In this model, clients send messages through the broker which is known as the publisher. Then, the broker filters these incoming messages and distributes them to clients who are interested in receiving these messages. To this extent, a client that registers with the broker to receive these messages must first subscribe to specific topics. Clients receive the payload (or message data) when a new device publishes a message. A subscriber can receive a published message later. That is, the subscribers can receive published messages at different times. Figure 10 presents a high-level overview of the MQTT brokering model that shows all of the entities involved in this architecture including: (a) centralized broker, (b) publishers and (c) subscribers.

FIGURE 10.

MQTT centralized broker model.

Show All

In this publish-subscribe model, a publisher can send messages to a number of subscribers with one single publish operation to the broker. The broker handles the “broadcasting” or sending messages to all subscribers subscribed to topic of the message as shown in Figure 10. There are a number of MQTT model implementations including Mosquitto, eMQTT, HiveMQ, Moquette, among many others. Figure 11 presents the MQTT protocol message format. Figure 12 depicts an example of an instance of a message flow in the MQTT protocol.

FIGURE 11.

MQTT message structure.

Show All

FIGURE 12.

An example of a MQTT message control flow.

Show All

In the message control flow shown in Figure 12, client 1 wishes to connect to the broker (CONNECT) where the broker accepts the request (CONNACK). Client 1 then subscribes to topic “temp” (SUBSCRIBE) and the broker responds with an acknowledgement for this subscription (SUBACK). Client 2 publishes to the broker message on the topic “temp” for which the broker then will publish it to Client 1 (PUBLISH) who is already subscribed to the “temp” topic. The message contains the data or payload. Client 1 then acknowledges the receipt of the published message (PUBCREC).

Message reliability is imperative in this publish-subscribe brokering model. That is, an IoT system may require that messages be delivered in a reliable manner where all clients acknowledge the receipt of these messages. MQTT supports a Quality of Service (QoS) level when messages are published through the Connect Flags of the Fixed Header using the Will QoS parameter (bits 4 and 3). These bits specify the QoS level applied when a broker publishes a message to one or more clients. MQTT supports three levels of QoS as presented in Table 6.

TABLE 6 MQTT Message Reliability and QOS Levels

As shown in Table 6, as the QoS level increases, the reliability of messages’ delivery also increases. However, this also increases the overhead associated with ensuring that all clients receive the intended messages. The more clients are subscribed to receive a message with QoS 2, for example, will increase the overhead on the message broker while ensuring the delivery of the message without duplication or retransmission.

Nearly all of the existing cloud platform providers support both HTTP(S) and MQTT. Table 7 provides a feature summary of the Quality of Service (QoS) levels supported by some of the popular IoT cloud platforms. Because MQTT is widely used across a number of M2M applications including home appliances, smart utility management, waste control and logistics, among many others, attackers may exploit vulnerabilities within the protocol to carry out targeted attacks (e.g. denial-of-service (DoS) attacks) or collect proprietary data tunneled through unsecure MQTT transmission channels.

TABLE 7 MQTT QOS Support by Some IoT Cloud Service Providers

The MQTT handling of disallowed Unicode code points provides a client or server the option to decide on the validation of these code points (e.g. UTF-8 encoded strings). As a result, an endpoint does not necessarily need to validate UTF-8 encoded strings (e.g. topic name or property). As such, a client could potentially use this as a vulnerability and causes a subscribed client to close the network connection using a topic that contains an invalid Unicode code point. A malicious client can then use this as a security exploit for possibly causing a Denial of Service (DoS) attack. Therefore, enabling UTF-8 encoded strings, for example, can allow these security exploits to occur in cases they are used as control characters or in control packets (see the first byte in Figure 11). Hence, all clients will remain offline and not acknowledge to the MQTT broker if a malicious client sets the QoS level at 2 while retaining the message.

D. Advanced Message Queuing Protocol (AMQP)

AMQP, both an OASIS and ISO standard, is another lightweight but an extensible messaging protocol designed for M2M messaging [19], [44], [45]. AMQP is used generally in corporate environments and focuses on interoperability [20]. AMQP is a binary, application layer protocol that supports a wide range of messaging applications and communication patterns. In addressing interoperability issues when using Message-Oriented Middleware (MOM), AMQP supports both request-response and publish-subscribe models. Similar to MQTT, it supports a topic-based publish-subscribe messaging. In addition, AMQP provides support for flexible routing and business transactions. Figure 13 presents an AMQP message structure which includes header, message and delivery annotations.

FIGURE 13.

AMQP message structure.

Show All

AMQP provides two message interaction modes: (a) browse mode and (b) consume mode. In the browser mode, a client can lookup stored messages in a specified queue whereas in the consume mode, a client can consume messages within a queue. These consumed messages are then deleted from the queue. AMQP’s message distribution is composed of three components: (a) exchange, (b) binding and (c) queues.

Figure 14 illustrates the message distribution model for AMQP. Through this model, AMQP provides multiple levels for exchanging and delivering messages. An exchange is represented by a routing agent that runs on a virtual host residing on a broker’s server. This routing agent accepts messages and then routes them internally or forwards them to appropriate message queues along with a routing key. An exchange type applies a specific matching criterion and a corresponding algorithm.

FIGURE 14.

AMQP message distribution model.

Show All

A message queue is a named FIFO buffer that stores messages on behalf of applications temporarily. Such applications can, for example, create, share, use or delete messages depending on the granted authorizations. Bindings represent relationships between message exchanges and message queues. In specific, bindings route messages between exchanges to the appropriate queues depending on the message exchange type. Exchanges can be classified as either durable or transient. Durable message exchanges are persistent and continue their operations in case a broker needs to restart while transient exchanges are temporary. Restarting transient exchanges is required after a broker has restarted. Generally, there are four main message exchange types: (a) direct, (b) topic (c) fanout and (d) header. We describe each exchange type in the following sub-sections.

1. Direct Exchange Type

   Using the direct exchange type, an exchange instance forwards incoming messages to queues based on the routing key associated with each message. Each binding contains a binding key. When a publisher sends a message to the direct exchange, it must provide a routing key. If the binding key from the message queue is identical to that of the publisher’s message routing key (i.e. exact matching), the message then passes through a message queue.

   To illustrate the direct exchange type, consider, for example, a publisher that sends a message using direct exchange. In this case, the message published by the publisher will be routed to the queue that is directly bound to this exchange. This example is represented in Figure 14 between Publisher 1 and Subscriber 1 exhibiting a direct exchange type. Direct exchange type is often used to represent cases for point-to-point messaging. In cases the binding key is associated with more than one queue, this exchange type can be used for multicasting operations.

2. Topic Exchange Type

   The topic exchange type is similar to that of direct exchange except that the routing key is considered as a routing pattern (i.e. a topic). Unlike direct exchange, the routing key is fixed whereas the routing pattern in the topic exchange allows the use of wildcards. That is, it is possible to identify a binding key pattern to be matched against a routing key. The routing keys can be matched for one or more keywords. Pattern matching characters include * and #.

   The * is used to match a single keyword whereas the # is used to match zero or more keywords. Each keyword is delimited by a “.” (or a period). Using topic exchange type, when a publisher sends a message to the topic exchange, it provides a routing key. The message then passes to the message queue if the routing pattern matches that of the routing key. An example of topic exchange is represented in Figure 14 between Publisher 1 and Subscribers 2 and 3 since the routing key is matched by some binding key pattern. The topic exchange type is typically used to represent a publish/subscribe messaging pattern.

3. Fanout Exchange Type

   The fanout exchange type does not require routing keys for binding messages to queues. That is, it “broadcasts” messages to all subscribers unconditionally. Using the fanout exchange type, when a publisher sends a message to the fanout exchange instance, the exchange will simply forward the messages to all of the queues that are bound to it unconditionally without the need of any topic mapping (i.e. a pattern) or subscribed access (i.e. routing key). An example of topic exchange is represented in Figure 14 between Publisher 1 and Subscribers 4 and 5 where the exchange forwards the message to all subscribers without any verifications or matching conditions. The fanout exchange type is generally used when a broker needs to asynchronously broadcasts event notifications to all endpoints.

4. Header Exchange Type

   In this exchange type, routing keys and patterns are ignored. An exchange binds to a message queue based on a list of arguments or properties specified in the header of a message. A message is routed to a queue when header properties agree with a “x-match-expression”. The “x-match” supports logical both AND and OR matching based on defined list of header properties. Using this exchange type, a publisher sends a message to the exchange matching the properties in the header based on a collection of name/value pairs. A message is then routed based on the header property matching the arguments for binding. The header exchange type is very similar to service binding that occurs in HTTP request/response paradigm.

In addition to the exchange types, AMQP also provides a flow-controlled communication in routing messages with message-delivery guarantees including: (a) at most once where a message is delivered once or not at all, (b) at least once where a message is indeed delivered once but may be received multiple times and (c) exactly once where a message will be guaranteed to be delivered only once without loss or redundancies. Furthermore, AMQP supports message QoS using two modes: (a) unsettled (not reliable) and (b) settled (reliable). In terms of security, AMQP supports authentication and/or encryption based on SASL and/or TLS and uses TCP as the underlying transport layer protocol [20].

In terms of interoperability, AMQP can run with other transport protocols such as Stream Control Transmission Protocol (SCTP). This interoperability is exhibited by the Apache Qpid which aims to provide an AMQP stack implementation in multiple languages including C, Java and C++. In addition, Microsoft provides an AMQP.NET lite library for supporting AMQP messaging queues in the. NET framework. Both the Microsoft Azure Service Bus and the Azure IoT Hub support communication using AMQP. IBM also provides support for AMQP through its MQLight, a lightweight messaging API. Amazon provides support for message queuing through the Amazon Simple Queue Service (SQS).

E. Data Distribution Service (DDS)

The Data Distribution Service (DDS) is a middleware protocol and an API standard that was developed by the Object Management Group (OMG). It is a publish-subscribe model [21] but follows a data-centric approach for data sharing through what is known as a global data space. DDS’s brokerless architecture makes it very suitable for M2M communication. The messaging model in DDS consists of two interface layers: (a) Data-Centric, Publish-Subscribe (DCPS) and (b) Data Local, Reconstruction Layer (DLRL).

The DCPS layer is primarily responsible for binding the values of data objects within an application during the publish/subscribe process. That is, it enables a publishing application to associate data objects with values that require publishing. Furthermore, it enables subscribing applications to identify data objects of interest and ways for accessing their values. Similar to other messaging protocols such as MQTT and AMQP, DDS provides a way to define topics of interest. Additionally, through the DCPS interface layer, DDS enables publishers and subscribers to associate Quality of Service (QoS) policies with publisher and subscriber entities [46]. The DLRL, an optional layer in DDS, acts as a connector for integrating DDS at the application level for interfacing with other external entities (e.g. other protocols, applications, among others).

We focus primarily on describing the core layer of DDS, the DCPS. There are two main constructs in DCPS: (a) publisher with DataWriter and (b) subscriber with DataReader. A publisher uses the DataWriter to bind values of data objects per a defined data type. A publisher is responsible for the data distribution while adhering to a list of predefined QoS policies, if any. When an application needs to write data associated with data objects, the DataWriter describes the data that requires publishing.

A subscriber receives published data while making it available, based on a predefined set of QoS policies, to an application. To retrieve data from a subscriber, an application needs to use a DataReader attached to a subscriber. An application subscribes to data described by a DataReader that is supplied by a known subscriber. The relation in which the process of publishing and subscribing to data objects is achieved through topics.

A topic is associated with a (a) name, (b) data-type and (c) (optionally) one or more QoS policies related to the data [46]. The QoS policies are often used to control how data should be distributed in this messaging model. DDS provides twenty-three different QoS levels dealing with various features such as security, priority, durability and reliability, among many others. Figure 15 presents a high-level overview of the communication model of the DCPS layer in DDS.

FIGURE 15.

DDS data-centric model.

Show All

Through this communication model, DCPS entities are associated with DomainParticipants enabling applications to participate in one or more defined domains. Subscribers and publishers are linked through this communication plane such that ones that are joined in the same domain can interact. Through this approach, publishers and clients are time-decoupled which helps reduce the overall latency, bandwidth and processing power consumption. In addition, it enables publishers and subscribers to have their own networks of communication and hence enabling real-time interactions between these entities (i.e. D2D).

The data model of DDS stems from the relational data model. In the DDS middleware protocol, it treats data similar to a relational database managing both the: (a) structure (or schema) and (b) queries and filters on content when data is requested. DDS allows publishers and subscribers to dynamically discover each other without servers thus directly controlling data flows between DDS entities. In addition, DDS supports a number of trigger patterns for maintaining updates on subscribed content.

Furthermore, DDS supports interoperability among various vendor implementations through the Real-Time Publish Subscribe (RTPS) wired protocol [22], [46], [47]. A Security Model extends the security capabilities of DDS which is enforced by the Service Plugin Interfaces (SPIs). Through SPIs, DDS provides a wide-range of support for out-of-the-box security plugins and connectors that enable the communication between multiple DDS applications [48]. DDS’s support for interconnectivity among applications makes this middleware protocol an excellent choice for heterogeneous IoT applications that require communication in real-time.

F. Extensible Messaging & Presence Protocol (XMPP)

The Extensible Messaging and Presence Protocol (XMPP) is an open standard protocol used for building real-time applications and uses a wide-range of service communication technologies such as instant messaging, multi-party chat, voice and video calls, collaboration, lightweight middleware and generalized routing of XML data [23]. Originally named as Jabber, this client/server architecture was initially designed to enable applications to provide instant messaging capabilities.

XMPP uses XML as the underlying data exchange format and runs over TCP/IP. XMPP provides a set of essential services called XMPP Core Services and extensible services called XMPP Extension Protocols (XEPs) which aim to extend XMPP’s core services. Some examples of XEPs includes the Bidirectional-streams Over Synchronous HTTP (BOSH), which offers HTTP binding for XMPP traffic. Currently, over 350 IETF-governed specifications that extend the core of XMPP are part of the XEP Series [23]. One of the key XMPP extension protocols is the PubSub XEP which enables XMPP to support the publish-subscribe model. Through PubSub XEP, it is then possible to use XMPP as a messaging protocol for IoT systems.

The PubSub is a protocol extension of the core XMPP that allows XMPP entities to create topics (nodes) and publish information at those nodes. Subscribed entities will then receive notifications either with or without payload. XMPP entities are associated with JIDs (Jabber IDs) when running over a network. A JID is in the form of an email address with a fully qualified domain name and/or a valid resource (e.g. xmpp_user@xmpp_server/resource) where xmpp_user is the client’s username, xmpp_server is a fully qualified domain name and resource is an identifier used to identify the client’s device on the network. A bare JID is an address that is without the resource whereas a JID that includes a resource identifier is referred to as full JID. Multiple resources (e.g. full JIDs) can be associated with one username indicating different devices used or associated with the same “account” or user.

XMPP provides point-to-point encryption (TLS) that is built-in within the core specification. In addition, given that XMPP uses XML, which is text-based, this translates into higher network overhead compared to the binary encoding protocols such as CoAP, MQTT, AMQP and DDS. Furthermore, XMPP uses open-ended XML streams via TCP and supports relatively small-sized XML data units called XML stanzas. Table 8 presents the steps involved when sending XML stanzas between nodes using XMPP [23].

TABLE 8 Process of XML Stanzas Exchange in XMPP

Clients in XMPP send stanzas to exchange messages and it follows a fire-and-forget mechanism (e.g. no guarantee a receiver receives the stanza). A stanza advertises its status (or network availability) to other XMPP entities. This is based on a subscription model in which entities A and B, for example, subscribe to a presence stanza of entity C. When entity C is present online (via the presence stanza), the XMPP server will update all other subscribed entities (in this case A and B) with the presence status of entity C.

Unlike CoAP, AMQP and DDS, XMPP does not allow device-to-device communication. However, XMPP servers can form a federation where each server acknowledges the existence of other servers over the same network. This can be used for dynamic resource discovery in IoT systems. In addition, XMPP supports clustering in which multiple servers within a single domain can form a cluster. Clustering can support interoperability between various systems running XMPP. Figure 16 presents an illustrative example of using XMPP for building an IoT smart home system. Each IoT device (e.g. room light) is associated with a full JID.

FIGURE 16.

An illustrative example of a XMPP-based IoT smart home system architecture.

Show All

A. Interoperability

There are basic similarities among the several messaging protocols that exist today. However, given the fact that IoT systems are heterogeneous, interoperability becomes a major challenge. As Table 9 illustrates, protocols vary in the degree to which they offer features that support device communication. For example, devices that are developed by different manufacturers which are used in an IoT system may vary in the support of the communication pattern (e.g. one-to-one, many-to-one, etc.). Therefore, it becomes a challenging task to enable all of these IoT devices to communicate using a unified pattern. That is, an IoT device may not be equipped or does not support a protocol that provides a communication feature that is needed for another device to communicate properly. This is an example of a communication pattern interoperability.

There are also other interoperability issues that may arise in case of having heterogeneous devices in an IoT system. Syntactic interoperability exists when multiple IoT devices exchange data in a non-uniform payload format or structure. Data formats or structure vary depending on the communication protocol employed. For example, CoAP supports JavaScript Object Notation (JSON), a popular syntax for storing and exchanging data. XMPP on the other hand supports Extensible Markup Language (XML) for data exchange.

Furthermore, there are a number of IoT applications across different sectors that use application specific data formats or structures. The American National Standard for Utility Industry End Device Data Tables (ANSI C12.9) is a common standard that defines a data structure for transferring data between end user devices (e.g. smart grid utility device) [42]. In [43], researchers have devised a prototype that acts as a proxy for using the ANSI C12.19 implementation over DDS. The authors use an interface definition language (IDL) that utilizes two topics: (a) an electric element IDL definition and (b) a utility element IDL definition [43]. However, this approach is limited to smart grid applications. Support for a wider range of data formats or payloads spanning across heterogeneous IoT systems becomes inevitable.

To illustrate the importance of interoperability among data formats, consider an IoT system that uses devices which support CoAP over 6LoWPAN network that may need to communicate with other devices that support XMPP (i.e. these devices do not support CoAP). That is, an IoT device that supports CoAP, for example, may need to send a message whose content is serialized over a network channel in JSON format. Another IoT device in the same system that uses XMPP as a communication protocol will not properly retrieve the message since the syntactic rules used in serializing the message are different (e.g. JSON versus XML). Therefore, exchanging data in different formats or structures across heterogeneous IoT devices raises important syntactic interoperability issues that need to be addressed.

In addition, multiple IoT cloud platforms provide support for proprietary protocols other than HTTP, MQTT and AMQP. For example, Azure IoT Edge Runtime can act as a protocol translator where devices that do not have support for HTTP, MQTT or AMQP would use the gateway for sending data on their behalf [143]. The gateway in this case understands the protocol of the device generating the data and creates a message in a format that is understood by the Azure IoT Hub (e.g. HTTP, MQTT or AMQP). Figure 17 presents an illustrative example of a predictive maintenance IoT system architecture that can be used for industrial automation using Azure IoT Edge.

FIGURE 17.

A predictive maintenance IoT system architecture using the Azure IoT Edge which acts a middleware for allowing devices to send their IoT data in proprietary formats.

Show All

Through the support of custom or proprietary protocols (e.g. BLE, RJ485) on part of the Azure IoT Edge as shown in Figure 17, it is then possible to support the interoperability among heterogeneous IoT devices that need to connect to the cloud. That is, the protocol translation would allow the coexistence of IoT nodes that have different protocols. In addition, the edge gateway can act as a middleware that can perform edge analytics for running deep learning or artificial intelligence high-performance workloads or tasks. Hence, intelligence can then be built at the edge of the network and insights can be discovered locally rather than on the cloud. The architecture shown in Figure 17 would be ideal, for example, for low-latency IoT applications that require support for the communication among devices that require exchanging data in proprietary formats.

Interoperability is not limited to protocol mapping but also extends to architecture, workflow, services and data access [144]. Consider an IoT system that is composed of a number of heterogeneous data sources each of which has a different data model. Figure 18 presents an example of an IoT system that consists of a number of heterogeneous data sources with different data models.

FIGURE 18.

An illustrative example of an IoT system architecture composed of heterogeneous data sources (A, B, C and D).

Show All

Data generated by data sources (A, B and C) in Figure 18 have different hardware and software components which causes technical interoperability such that these devices or nodes are not able to communicate directly (i.e. no direct D2D support). This type of interoperability can also apply to devices operating during service or runtime discovery (e.g. mDNS) where metadata about data exchanges is likely be different. In addition, syntactical interoperability exists when data formats generated by the sources is different (e.g. XML, JSON, among others). Semantic interoperability may also exist since the context or meaning of data generated by the three independent data sources in the example shown in Figure 18 can be interpreted differently by various components within the IoT system.

To overcome interoperability challenges, the authors in [144] proposed a number of solutions to solve this problem. Inspired by the Linked Open Data (LOD), the authors in [144] proposed an extension to LOD for the Internet of Things or LOD4IoT. In addition, the authors also introduced Linked Open Vocabulary of Internet of Things (LOV4IoT) where the primary focus is not only on data but also includes catalogs, ontologies, datasets and rules [144].

Furthermore, in attempt to combine Semantic Web Services for unifying services, the authors in [144] introduced the Semantic Web of Things (SWoT) which primarily focuses on the interoperability of data and ontologies [145]. SWoT combines concepts from both the Semantic Web and the Web of Things (WoT), a standard introduced by the W3C [146]. In addition, The Web of Things Working Group has recently introduced a recommendation called a Web of Things (WoT) Thing Description [147]. A WoT Thing Description document is used to describe metadata and interfaces of Things. Through the Thing Description, it is then possible to allow heterogeneous applications or services to interoperate [147]. The Things Description is encoded by default in a JSON format allowing JSON for Linked Data (JSON-LD) to be processed.

In addition to the efforts in solving semantic interoperability for IoT, the DDS middleware protocol supports a lightweight encoding scheme called the Concise Binary Object Representation (CBOR) [21], [148], [149]. CBOR is a binary serialization format whose data objects are associated with name-value pairs. What distinguishes CBOR from JSON is the small message sizes [149]. Additionally, the CBOR format is extensible where tags can be used to identify data objects of models other than the ones specified in predefined data model. This enhances the interoperability of IoT systems, for example, that involve different types of data models across a number of data sources as shown in Figure 18.

B. Service Provisioning

An IoT application is likely to integrate or consume one or more services to achieve specific functionalities (e.g. via SOAP or REST services). Interoperability for IoT service provisioning therefore becomes essential. In recent years, HTTP has become the de facto standard or protocol for consuming RESTful services. Unlike RESTful services, SOAP services communicate via the Simple Object Access Protocol (SOAP). The Device Profile for Web Services (DPWS), an OASIS standard, enables web service messaging, discovery and description on resource-constrained endpoints while supporting SOAP over UDP [29]. However, HTTP and SOAP may not be ideal for service-binding across all types of IoT systems.

CoAP provides support for low-powered IoT devices to interoperate via HTTP in order to communicate in a RESTful manner with services. Because SOAP, an XML-based protocol that works at the application layer, is often associated with very large message sizes, this makes the SOAP protocol inadequate for resource-constrained IoT devices that require service bindings while maintaining small message sizes. Hence, CoAP becomes an excellent choice for IoT devices that need to coexist or interoperate with HTTP for service provisioning. That is, CoAP becomes an ideal protocol for IoT systems that require constrained devices to perform real-time service bindings in a RESTful manner.

XMPP, a protocol that is often used for near real-time data packet exchanges, supports the XML format which makes it another suitable protocol choice for provisioning services in IoT systems. For example, assume an IoT system requires IoT devices to communicate via XMPP in order to resolve SOAP- and REST-based service endpoints via a firewall proxy. Running RESTful services over XMPP may not be an ideal choice, although they can be accomplished with proper protocol design considerations. Providing REST support in protocols can enable IoT systems to support the provisioning of services particularly on mobile devices, industrial automation and robot control, among many others.

The SOAP-over-XMPP is an XMPP binding (XEP-0072) which provides binding support for SOAP messages to XMPP [30], [31]. XMPP provides support for transporting XMPP datagrams using HTTP which enables XMPP’s support in languages such as JavaScript running in browsers [32]. In contrast, DDS does not support data distribution to operate via HTTP (e.g. access DDS via a web browser to provision services). However, a RESTful DDS was introduced for filling this gap where a RESTful service connects to a DDS backbone listening for any incoming HTTP requests [33]. As for the rest of the IoT messaging protocols, there are a number of tools or libraries that can be used for supporting RESTful interfacing such as RoboMQ over REST for AMQP [34], RabbitMQ message broker [35] and Eclipse Paho for supporting REST interfaces via MQTT [36], among many others.

Because web services are modular entities that communicate via the web, HTTP becomes the natural protocol for service provisioning. In fact, early web services used to communicate using XML standards (e.g. SOAP). Given the overhead associated with XML and popularity of miniaturized devices (e.g. mobile devices) and ubiquitous computing, an apparent shift to utilize protocols that are commonly used for web browsing is inevitable. Hence, RESTful services have become in recent years more popular due to the wide acceptance of HTTP. Whether RESTful HTTP remains the protocol of choice for service communication or not, the need for more efficient service protocols that can accommodate IoT application deployment is desirable.

C. Microservices and Distributed Tracing

In recent years, microservices have become fundamental building blocks for developing many IoT applications. Whether these microservices are deployed on edge-based networks or the cloud, they are loosely coupled and provide high level of modularity. As the level of intelligence increases on an IoT device (i.e. fog- or edge-based), the more likely that there exists a number of cooperating entities in the form of modular microservices that are capable of delivering multiple different functionalities. An IoT application in such scenarios may need to utilize distributed tracing for observing and monitoring the behavior of these microservices. To this extent, messaging protocols need to provide support for this new form of end-to-end observability of IoT applications.

Support for distributed tracing in non-HTTP protocols or beyond the use of HTTP headers has been inadequate or inexistent. For instance, HTTP currently provides extensive support for distributed tracing through a number of tools such as Zipkin, OpenTrace, Dapper and Jaeger, among many others. Through HTTP headers, it is then possible to trace data and service requests across a distributed IoT application. However, support of distributed tracing across non-HTTP protocols is very limited.

In recent years, a number of efforts or initiatives have been proposed for supporting distributed tracing in non-HTTP protocols such as MQTT and AMQP. These initiatives depend primarily on the use of the TraceContext acting as a proxy [39], [40]. However, the application of distributed tracing to publish-subscribe interaction pattern has been very rare or inexistent. Real-Time Innovations (RTI) provides a framework that enables the support for near real-time communication between microservices while maintaining some levels of QoS through Connext DDS Micro [41], [79]. However, this framework does not provide real-time observability or monitoring of IoT devices. As the dependency of IoT systems on using modular microservices to execute traditional tasks or workloads (e.g. data analysis, machine learning, artificial intelligence), the need for distributed tracing support in non-HTTP messaging protocols (e.g. MQTT or AMQP) becomes increasingly essential.

D. Scalability & Performance

Scalability is an integral software design property in which a system is capable of maintaining to deliver its functionality within an acceptable degree of quality as the number of users or workloads that needs to be accomplished increases. When dealing with IoT devices, for example, scaling system resources to accommodate an increasing magnitude of real-time data becomes an important design element of IoT systems.

To illustrate the importance of scalability, consider for example an IoT system that has a number of IoT devices that can capture images and videos attached around a multipurpose arena. These IoT devices have limited resources to perform image processing and artificial intelligence techniques. The frequency at which these IoT devices are programmed to capture images or videos depends primarily on the number of objects detected in a captured image. As more objects are detected (e.g. more faces or humans) in captured images, the frequency to capture images or videos increases. Assume the frequency is originally set to 30 seconds. When there is an increase in number of objects, the frequency of capturing images or videos is set to increase (i.e. time duration is shorter or 5 seconds). This enables the system to capture more images and therefore can provide real-time security and monitoring of events surrounding the arena. The IoT system in this case needs to scale up to the increasing demand of resources while maintaining an acceptable degree to which the system can respond (i.e. response time). Choosing a protocol that supports scalability in this case is essential to the functioning of this real-time detection system.

Furthermore, when choosing a message protocol such as MQTT, the number of message transmissions increases significantly as more clients subscribe to topics. In the multipurpose arena IoT system scenario, assume that the number of IoT devices is 100 each of which is subscribed to all of the existing topics. When an IoT device is triggered, it sends a message to the broker (one transmission). The broker would then notify all subscribers (in this case 99 transmissions). This is a total of 100 transmissions. If another device sends a message to the broker, the number of total message transmissions increases to 200. In the worst case scenario where all IoT devices are transmitting messages, the total number of messages to be transmitted is equivalent to the product of the number of messages per device (i.e. 100) and total number of subscribed clients (i.e. 100). Hence, this would yield $100\times100$ or 100².

Assuming that there is a set of clients defined as $C$ that communicate with the message broker such that C = {c₁, c₂, c₃,…, $\text{c}_{\mathrm {n}}$ } where $n$ represents the total number of clients and the average number of topics each client is subscribed to is topic_average. In order to calculate the total number of message transmissions required (or throughput), we define trans_msg as follows:\begin{equation*} trans\_{}msg=n\mathrm {\times }topic\_{}average\end{equation*} View Source\begin{equation*} trans\_{}msg=n\mathrm {\times }topic\_{}average\end{equation*} In the worst case scenario, the topic_average equals to the total number of clients. In this case, the total message transmissions is equivalent to $n^{2}$ . Assume the average time it takes to transmit a message is time_msg. Then, the total time for all possible message transmissions can be defined as follows:\begin{equation*} {trans}_{time}=trans_{msg}\times {time}_{msg}\end{equation*} View Source\begin{equation*} {trans}_{time}=trans_{msg}\times {time}_{msg}\end{equation*}

In the previous example, assuming that it takes on average 10ms to transmit a message and the average number of subscribed topics is equivalent to all clients subscribed to all topics. Also assume that there are 100 clients. Therefore, the total time for all possible message transmissions would be:\begin{equation*} {trans}_{time}\mathrm {=100 \times 100 \times 10}ms=1.67minutes.\end{equation*} View Source\begin{equation*} {trans}_{time}\mathrm {=100 \times 100 \times 10}ms=1.67minutes.\end{equation*} This example illustrates that as the number of messages increase, the total transmission time also increases. The case can become worse if the broker’s resources are maximized and hence a broker becomes a source for a Single Point of Failure (SPoF). Because MQTT is designed primarily for a Device-to-Cloud (D2C) communication scope, the problem of SPoF can be resolved by serverless computing which increases the agility of the deployed IoT application. Figure 19 provides an example of a serverless solution for an air quality fog-based IoT system that uses the AWS IoT Core platform.

FIGURE 19.

A fog-based serverless air quality monitoring IoT system using AWS.

Show All

As can be seen in Figure 19, the device layer is composed of a number of IoT nodes represented by the ESP32 modules equipped with air quality sensors for measuring outdoor air quality. The fog-based system utilizes the multicast DNS (mDNS) which resolves host names to IP addresses within a small sized network [159]. The mDNS protocol operates on a local and not a global network which makes it ideal for the device layer of the IoT reference architecture (see Figure 1).

In addition, the DNS Service Discovery (DNS-SD) protocol [160] which complements that of the mDNS offers a zero-configuration networking (zeroconf) feature which makes the discovery of devices over the network automatic [161]. The CoAP, DDS and XMPP protocols support dynamic discovery of devices on a local network. Through mDNS, each node can act as a server and it supports multicast and unicast operations. Avahi is among the popular zeroconf network implementations that exist for Linux and BSDs [161]. Bonjour is also another zeroconf technology developed by Apple [162]. Bonjour is capable of identifying devices and services on a local network using mDNS service records.

Another service discovery approach is the W3C’s Web of Things (WoT) used to publish URIs representing things, devices or nodes [146]. There are a number of technologies that adopt the WoT approach including HyperCat [163], Physical Web [164] and Universal Plug and Play (UPnP) [165]. HyperCat is an open-source, lightweight JSON-based hypermedia catalog format whereas the Physical Web is a technology that is used to broadcast their URIs or localized data within web pages. UPnP provides a group of networking protocols which enable IoT nodes to discover one another within a local network. Unlike HyperCat and Physical Web, UPnP supports data sharing.

As illustrated in Figure 19, when IoT nodes are running, a local Raspberry Pi that acts as a fog-based gateway will forward the data on part of these air quality sensors. The gateway will send the data using MQTT to AWS IoT core which is used for telemetry. The geographical distance between IoT nodes and the cloud server deployment plays an increasingly important role when considering network latency. Because MQTT is D2C communication scope, the further these nodes are from the deployed serverless solution in terms of distance, the longer is the travel time of the MQTT messages and the higher the latency. The cloud layer in Figure 19 provides a serverless solution to maintain high levels of scalability for published MQTT messages

However, existing implementations of MQTT vary in terms of performance and scalability. In [111], the authors compared Mosquitto, HiveMQ and BevyWise MQTT broker deployed on the cloud. Using QOS level 1, the data rate is designed to be approximately one message per second for all of the three brokers (minor variations) using a single client subscribed to one topic. Using our analogy, if 10 concurrent clients are subscribed to all topics, the rate would be 1/10 or 0.1 msg/sec. Hence, as we increase the number of clients and subscribed topics, the rate at which messages are delivered significantly decreases which is a major scalability problem as the system scales up. As such, using MQTT as a messaging protocol for data transmission in IoT applications such as mission-critical IoT systems or IoT autonomous vehicles may not be ideal.

There are a number of studies that have examined the performance and scalability of communication protocols. Some studies have found that the throughput in MQTT drops significantly as the number of clients’ subscriptions increases [112], [113]. In [114], the authors compared the performance of DDS and MQTT. They have found that DDS delivers high performance whereas MQTT shows significant deterioration in sending round-trip time packages [114].

In [115], the authors have found that MQTT outperforms CoAP in terms of delay, the number of messages lost and the number of bytes used in messages. In [116], the authors evaluated the performance of CoAP and MQTT-SN and determined that MQTT-SN outperforms CoAP. In [118], the author compared the performance of AMQP and MQTT and have found that AMQP slightly outperforms the MQTT and CoAP protocols. Furthermore, the research study concludes that CoAP uses more computing resources compared to MQTT whereas AMQP’s use of resources is much higher when compared to both MQTT and CoAP protocols’ resource consumption.

The performance and scalability of messaging protocols vary. CoAP and HTTP have an additional overhead associated with transporting messages. CoAP and HTTP should be used in cases where low latency is not of critical importance. Hence, this makes these two protocols not very suitable for real-time IoT edge- or fog-based systems. MQTT follows a device-to-cloud data flow and therefore introduces network latency dependent on the cloud service performance.

Generally, message brokers may deliver 100 to 1000 messages per second per subscriber [20], [117]. However, these messaging brokers can vary significantly. For example, XMPP is generally used for client/server or instant messaging applications and is known to be unsuitable for low latency networks. On the other hand, DDS is generally deployed on a local area network (LAN) where publishers and subscribers can utilize the UDP’s multicast feature. Hence, DDS can scale to 1000 messages/second for every peer device on a network consisting of thousands of devices [20]. DDS is very suitable for low-latency IoT systems consisting of thousands of IoT nodes. Furthermore, due to the fact that DDS is deployed on a LAN, this makes the protocol suitable for edge- and fog-based IoT distributed systems’ deployments.

There are a number of research efforts that attempted to compare the performance of existing messaging protocols. In the subsequent sections, we provide a summary of the existing studies that published performance metrics when testing these protocols.

1) Performance Comparison on Latency

The authors in [151] conducted a performance analysis in terms of the latency for MQTT and HTTP. The study involved two testbeds: (a) a fog-based MQTT broker and (b) a cloud MQTT broker based on an existing IoT cloud service provider platform. Results from this study show that HTTP was associated with having higher response times of 12.1 and 4.76 when compared to that of MQTT fog and cloud based deployments, respectively. Additionally, the authors identified that MQTT with QoS Level 1 is associated with a packet loss of 6.2 times higher when compared to that of MQTT QoS Level 0 in a local, fog-based testing environment.

In another study conducted by authors in [152], a home automation testbed was used to compare MQTT and HTTP where results show that MQTT had a much lower latency compared to HTTP. In another study that involved CoAP, the authors in [4] compared the performance of MQTT and CoAP. Results from this study show that MQTT messages were associated with lower delays than that of CoAP messages at lower packet loss rates whereas MQTT has a higher delay than that of CoAP at higher packet loss rates. The authors in [153] also conducted experiments comparing MQTT and CoAP concluding that CoAP performs better in terms of bandwidth, usage and response time. This suggests that CoAP is more suitable for applications that require low latency and reduced resource consumption which makes it ideal for fog- and edge-based environments.

In comparing the performance of other protocols, the authors in [154] focused on the publish-subscribe messaging protocols including MQTT, AMQP, XMPP and DDS. Using a JavaScript client implementation, the authors recommend MQTT as a reliable protocol that fulfills IoT web application requirements. Results from this study show that MQTT had the lowest latency followed by AMQP. Both XMPP and DDS had higher latency and their results were very comparable. However, the difference among the latency performance is small due to the limited number of messages used in the comparison study.

In a more in-depth study, the author in [118] tested MQTT, CoAP, AMQP and DDS for small payload with 10 messages and 1000 messages. Results show that in the small payload, CoAP outperforms all of the other protocols followed by MQTT, AMQP and finally DDS. However, when the payload increases to 1000 messages, MQTT performs the worst. In this test, DDS outperforms all of the other protocols followed by CoAP, AMQP and finally MQTT. This suggests that DDS performs better as the number of messages increases. Because DDS and CoAP are decentralized approaches, this makes these protocols more reliable as the number of messages increases.

In addition, DDS and CoAP use UDP as the transport layer protocol which is associated with much lower overhead compared to that of TCP that is used in MQTT and AMQP. The study also examined increasing the payload size for 10 and 1000 message tests. Results from the 10 messages with message size greater than 50Kbytes reveal the ordering from low to high latency as CoAP, DDS, AMQP and MQTT. Running the same test for 1000 messages with message size greater than 50Kbytes show that DDS outperforms other protocols followed by CoAP, AMQP and MQTT. Figure 20 presents a summary of the results presented in the study in [118].

FIGURE 20.

Summary of the results from the performance tests conducted in the study in [118].

Show All

The summary in Figure 20 show that MQTT performs the worst when compared to all of the examined protocols particularly having larger message sizes and increasing the number of messages. Results from this study [118] coincide with our mathematical results in Section V.D which suggested that the performance of MQTT in terms of latency degrades significantly as the number of messages increases. It is worth noting that DDS performs well at higher message sizes and having large number of messages. For example, for a small message size with 10 messages, DDS performs worst. However, when increasing the number of messages and significantly increasing the size of the payload for smaller messages, DDS outperforms all of the other protocols. This suggests that DDS’s decentralized architecture as well as the use of the CBOR encoding scheme significantly enhance the protocol’s performance compared to CoAP, AMQP and MQTT. Furthermore, results also show that CoAP is a stable protocol across all tests conducted.

E. Reliability

Relying on User Datagram Protocol (UDP) at the transport level provides constrained IoT devices an optimal method for data transmission by removing the TCP overhead and thus reducing bandwidth [24]. However, UDP does not provide support for flow or error control nor retransmission. When choosing an IoT communication protocol, it is essential to identify the level of message reliability required for the system.

Majority of the IoT messaging protocols listed in Table 6 operate over TCP. CoAP operates over UDP and provides retransmission to overcome this limitation by having two bits in the header indicating the type of message (e.g. confirmable, non-confirmable, etc.). The problem, however, is that CoAP does not have a built-in mechanism to verify whether a message has been received in its entirety or decoded correctly. In addition, CoAP does not provide built-in security and uses Datagram Transport Layer Security (DTLS). Furthermore, DTLS does not support multicast and requires supplementary packets during handshakes [25]. As a result, more processing power is utilized to compensate for increasing network traffic during handshakes. Additionally, CoAP devices may not work properly due to resource discovery problems behind Network Address Translation (NAT) since devices’ IP addresses can be dynamically assigned over time [26].

To illustrate the limitations of dynamic resource discovery in CoAP, consider for example an edge-based IoT system that has a number of CoAP IoT devices each assigned an IP address. When a CoAP device moves across different networks, a new dynamic IP address is likely to be assigned to the CoAP device. In this case, the CoAP device may not be reachable by the edge-based IoT system. That is, the system would not be able to communicate with the CoAP device due to the fact that it is not aware of the new dynamically configured IP address when the IoT device is moving across various networks. Unfortunately, CoAP does not provide mobility management when CoAP IoT nodes move across networks [27]. When building IoT systems that require mobility, it is essential to consider messaging protocols that support dynamic discovery. Not all messaging protocols support dynamic discovery as presented in earlier Table 9.

XMPP’s baseline provides a very reliable stream transports. XMPP operates over a continuous TCP stream which means that every stanza arrives safely preventing the Two Generals Problem from occurring [37]. In addition, XMPP provides XEP-0198, an extension that enhances TCP’s reliability over a number of open sessions in order to provide reliable data transmissions via mobile networks [38]. DDS provides a reliability policy for indicating the level of reliability by a DataReader or DataWriter [21]. In addition, DDS provides redundancy (or retries) to provide guarantees of the continued delivery of operations in order to increase the resiliency and reliability of applications. However, with the increase of reliability comes the increase in the overhead associated with processing messages on part of the IoT devices.

F. Security

As the number of microservices consumed by an IoT system increases, so does the level of communication between them which augments the need for security. As outlined in Table 9, nearly all of the protocols examined are based on the transport layer security (TLS) cryptographic protocol. Hence, these Messaging Protocols are vulnerable to attacks that may occur or can be performed to the TLS protocol. Furthermore, IoT devices are generally used by humans which makes them vulnerable to intruders that attempt to gain unsolicited access or collect confidential personal data in a malicious manner. Since IoT devices are resource-constrained, they may not be equipped with the necessary processing power or computing resources required to execute or run complex security operations. As a result, these IoT devices become an easy target for attackers or intruders.

There are five possible sources that make IoT systems vulnerable to attackers including: (a) devices or things, (b) connectivity medium, (c) computing, (d) storage and (e) microservices. Furthermore, a security function for IoT systems can be built at the local level (i.e. edge-based) at the physical hardware or software levels. We identify three types of threats that may occur in IoT systems while examining security measures that exist across messaging protocols and mapping possible sources of vulnerabilities to common security practices including the CIA Triad (confidentiality, integrity and availability) and the IEEE AAA (authentication, authorization and accounting).

When software running on IoT devices is compromised, device integrity becomes an issue since data can be modified by individuals who are not authorized to make changes on the device. In terms of messaging protocols, device integrity can occur when an intruder or attacker subscribes to an existing publisher to collect data and use it maliciously. An IoT communication protocol needs to ensure that only authorized users regardless if they are publishers or subscribers. This feature is not provided at the TLS level since its main responsibility is for securing the communication via a computer network.

Furthermore, such vulnerabilities may occur when offering QoS level 2 which may explain why many IoT cloud providers not to provide support at this level as presented in Table 7. Currently, AMQP and DDS provide mechanisms for authorizing entities. AMQP uses SASL to perform this task while DDS offers authorization for both DataReaders and DataWriters through the DDS security model. In addition, the DDS security model offers extensions for implementing authentication (e.g. certificate management), cryptography and access control. ARM provides an open-source library called DDS Security library (libddssec) that supports security services for DDS implementations [108]. However, this library is limited to operations that use ARM’s TrustZone technology [108], [109].

In addition, DDS provides Extending the DDS through the Service Plugin Interfaces (SPIs) which enables applications to provide support for security functions such as authentication, access control, encryption, message authentication and digital signing, among many other features. For example, an authentication service plugin in DDS provides support for verifying application or user identity when invoking DDS operations (e.g. DataReader, DataWriter). Table 10 provides a list of the five SPIs defined in DDS Security Model.

TABLE 10 DDS Security Model Service Plugin Interfaces [49]

Additionally, XMPP provides an extension called Authorization Tokens for issuing authentication tokens to client applications [110]. During the process of stream negotiation between XMPP client and server, a client typically needs to provide a password when a connection is established. This means that a client needs to store this password and reuse it every time a connection is made to the XMPP server. The problem with this security function, however, is that this mechanism increases the risks associated with the security threats of storing an account password on the IoT device. To this extent, XMPP offers support for clients to obtain tokens in XML structure when a request is made to a XMPP server. When a client establishes a connection with a XMPP server, the server then responds with a list of supported protocols for authentication. The client then send the next element for authentication including: (a) user name and (b) the issued authorization token (usually in base64 encoding). Instead of applying authentication with a password using a plain method, a token is used to replace the password [110].

Although each protocol provides different levels of security measures, DDS provides the most comprehensive security levels for authentication, access control and cryptography among others. In addition, DDS provides a framework for extending the security by supporting a wide range of SPIs. XMPP also offers a robust authentication process using tokens (based on SASL) followed by AMQP.

G. Adaptability and Extensibility

As IoT systems increase in size and complexity, the need for preserving and extending existing software components is essential. In addition, software requirements of IoT systems may change as new use cases or features transpire and existing software components need replacements. To this extent, increasing the agility of IoT systems and adapting to changes in requirements becomes inevitable. That is, software systems need to be extensible such that organizations are able to make additions or modifications [98]. In order for IoT systems to offer good levels of extensibility, it is imperative that components which are integrated into these systems support extensibility. In particular, integrating a messaging protocol that supports or provides custom protocol extensibility will undoubtedly increase the overall level of extensibility of IoT systems while enabling them to interact across heterogeneous environments.

Among all of the examined protocols, XMPP provides the most protocol native support for extensibility. The XMPP messaging framework leverages XML as the basic communication format which translates into high levels of extensibility. For example, the XMPP core protocol provides support to over 300 extensions such as Malicious Stanzas (XEP-0076) [101], Service Discovery (XEP-0030) [102] and User Location (XEP-0080) [103].

The XMPP malicious stanzas extension provides support for determining if a packet was transferred over the network with a malicious intent [101]. It attempts to identify the evil bit in IPv4 and hence identify evil messages in message stanzas. The service discovery extension provides support for discovery information about XMPP entities including: (a) identity and capabilities of an entity and (b) items associated with an entity [102]. The user location extension, which is still in draft state at the time of writing this paper, aims to capture data with respect to the entity’s geographic location (geoloc) [103]. The geoloc information is determined based on a Global Positioning System (GPS) coordinates. Although this feature may be useful for IoT devices operating using cellular or wireless networks, IoT systems with constrained devices may not be able to have capabilities of identifying GPS coordinates. However, fog-based gateways in an autonomous vehicle systems can take advantage of this feature extensively.

DDS also provides some level of extensibility through a specification called Extensible and Dynamic Topic Types for DDS (DDS-XTypes) [104]. Using extensible types, one can extend the addition of new elements that can be associated during publish/subscribe process without impacting or making changes to applications or end devices. To illustrate this extensibility, consider a fog-based autonomous vehicle system where a fog-gateway uses the publish-subscribe model using a DDS bus for seamless connectivity between vehicles, sensors and cloud-based applications. Figure 21 presents a high-level overview of a device-to-gateway-to-cloud autonomous vehicle system.

FIGURE 21.

A fog-based autonomous vehicle system using DDS.

Show All

As shown in Figure 21, vehicle A is programmed to transmit via a DDS data bus localized data such as longitude and latitude information whereas vehicle C requires the transmission of geographic coordinates in addition to the number of passengers within the vehicle. In this scenario, autonomous vehicles that subscribe through the DDS-enabled fog-based gateway (e.g. cellular base station) to share only geographic data (e.g. longitude and latitude) will not interoperate with those vehicles that share geographic data in addition to number of passengers. However, through DDS-XTypes, it is then possible to extend the capability of this autonomous vehicle system by extending and evolving the data types without making changes to the programs or applications. That is, DDS provides support to extend data objects to have multiple data types. Therefore, both data types associated with vehicle A and vehicle C can coexist within the same IoT system. Volkswagen [106] and Audi [107] are among vehicle manufacturers that have recently adopted DDS for connectivity and testing of their smart cars.

AMQP implementations such as RabbitMQ offer a number of extensions to the native specification in an attempt to enhance the extensibility of AMQP. For example, a Per-Queue Message TTL provides support to determine the duration of an unconsumed message waiting in a queue prior to its deletion [105]. This enables an IoT system, for example, to identify the life of a message. This can also be used in supporting transactional processing in IoT systems and potentially identifying possible deadlocks (e.g. when a message never gets consumed). Other protocols such as HTTP, CoAP and MQTT have very limited support for extensibility which impacts the evolvability and interoperability levels of IoT systems using them.

H. Protocol Implementations

Messaging protocols examined throughout this paper vary in terms of the functionalities they support. However, they all offer common features that make them suitable for various communication types such as device-to-device (D2D), device-to-cloud (D2C) and cloud-to-cloud (C2C) interactions. While many of the existing protocols have been used in a number of platforms across many organizations, some protocols are released with adequate features published in their specifications or standards’ documentation while others are still evolving. Some of the proposed features in CoAP’s standard (RFC7252) [49], for example, are still under development. Nonetheless, additional language support or implementations for CoAP has been growing. Tables 11 presents a partial list of implementations that support CoAP.

TABLE 11 CoAP Client-Server Implemetations

In Table 12, we present a partial list of the AMQP client implementations that are available across various languages. In addition, there are a wide range of AMQP broker implementations that exist across various platforms including, but not limited to, the following:

• Apache: Qpid [72], ActiveMQ [73],

• Azure: Event Hubs and Service Bus [74],

• Solace: PubSub+ [75],

• VMWare: RabbitMQ [76],

• Red Hat: Red Hat AMQ [78], Enterprise MRG [99],

• StormMQ [77],

• OpenMQ [100],

• IronMQ [94] and

• Amazon SQS [95] (no support of publish/subscribe).

TABLE 12 AMQP Client Implemetations

DDS language support is very limited compared to other protocols. RTI Connext provides extensive support for the DDS implementation in languages including C, C++,.NET and Java [79]. RTI also provides a RTI Connector for enabling scripting languages such as Python and JavaScript (Node.js) to access a DDS network via a WebSocket [80]. In addition, OpenDDS is an open source C++ implementation of DDS [81]. OpenDDS also provides support for Java through JNI bindings and JavaScript through IDL mapping.

As for XMPP, there are a number of client/server XMPP implementations available. Table 13 presents a list of libraries that provide support for XMPP offered in different languages. In addition, there is a number of XMPP server implementations that support a wide range of platforms including, but not limited to, the following:

• Apache Vysper [85],

• Openfire [89],

• Tigase XMPP Server [90],

• MongooseIM [91] and

• IoT Broker [92].

TABLE 13 XMPP Implemetations

It should be noted that the size of a protocol’s implementation may vary significantly from one protocol to the other. This also depends on the language to be used for implementation due to library or code interdependencies. For example, CoAP.NET is a.NET-based client-server CoAP implementation that requires over 10MB of disk space whereas a Windows-based DDS implementation from RTI requires over 640MB of disk space. CoAP-Lite, a lightweight implementation of CoAP, is a Linux-based client-server implementation which consumes approximately 14KB of disk space [97]. The size of this library would be ideal, for example, for low-power or constrained IoT devices particularly those that are running close to the edge of a network (i.e. edge- or fog-based IoT devices).

Considering the type of IoT devices and choosing a suitable protocol therefore becomes an important decision when designing and deploying IoT systems. For example, constrained edge-based IoT devices typically have limited storage. As a result, these devices may not be able to consume a client version of DDS whereas CoAP may be more appropriate to employ on such devices. Nonetheless, CoAP may not perform well when compared to other messaging protocols (e.g. MQTT, AMQP or XMPP) which makes it inacceptable to use for mission critical IoT systems. Therefore, determining an appropriate protocol to be employed in IoT systems is influenced by a number of factors that not only include physical device or operating system features such as storage capacity or preferred language of implementation but also factors that relate to performance, communication overhead, network latency, security, ease of use, reliability, popularity, dependability, supportability, interoperability and scalability, among many others.

I. Adoption Rate of Messaging Protocols

In previous sections, we presented feature comparison of the messaging protocols HTTP, CoAP, MQTT, AMQP, XMPP and DDS. Irrespective of the features that differentiate each protocol from one another, it would be worthwhile to determine any usage patterns or adoption rates for all of the protocols we examined in this research study. To this extent, we summarize the results from an annual survey conducted by the Eclipse Foundation and Eclipse IoT Working Group between 2015 and 2018 [155]. The survey contained a number of questions to developers and solution architects. We focus on the response from a question that we believe is relevant to our study which is “What messaging protocol(s) do you use for your IoT solution?” The response rate in answering this question for the surveys conducted between 2015 and 2018 is shown in Figure 22.

FIGURE 22.

The eclipse foundation IoT developer survey results showing the response rates for the messaging protocol question between the years 2015 and 2018.

Show All

Although HTTP remains to be among the top two protocols across all years, there is an apparent drop in its usage with approximately 9% decrease in 2018 as illustrated in Figure 22. On the contrary, MQTT has witnessed a significant increase in its usage from 2017 to 2018. The survey results from the 2019 Eclipse Foundation and Eclipse IoT Working Group is partial but report that HTTP and MQTT remain among the top three messaging protocols [156]. In addition, the AMQP protocol has been witnessing a gradual increase over the years in terms of its usage by developers who have completed the surveys and as illustrated in Figure 22. DDS remains steady at the same rate while CoAP has witnessed a slight decline between 2017 and 2018. In the results from the 2019 survey, the report show that CoAP has dropped below a 15% response rate.

The results provided by the Eclipse Foundation and Eclipse IoT Working Group provide a measure of the extent to which the messaging protocols examined in this research study are used in the development and deployment of IoT applications. However, there are a number of factors that need to be considered when analyzing these results. For example, the response rate is provided as a percentage while the number of participants vary from one year to another. The number of participants in the 2015 survey was 394 while in 2016 this rate increased to 528. In 2017, there was another increase in the number of participants reaching 713. However, the 2018 survey decreased by more than 30% having 502 participants. This is contrary, for example, to the number of participants in 2019 where they were 1717 participants [156]. However, the released survey results from the 2019 year does not provide comparable result presentation strategy as to those from previous years [156].

Furthermore, the results from the IoT Developer Survey [155] aligns with those that we investigated with respect to the current support of IoT messaging protocols across existing IoT cloud providers. Based on our findings as shown in Figures 3 and 4, HTTP and MQTT are the two top messaging protocols that are supported by all of the ten cloud platforms we investigated. This is followed by AMQP (ranked third) whereas CoAP is ranked fifth. This may be attributed to a number of factors or could be interpreted potentially as an evident decline in the adoption rate of the CoAP protocol in recent years whereas there exists an apparent growth to the adoption rate of the AMQP protocol. Moreover, XMPP is ranked fifth as can be seen in Figure 22 which also aligns with our results shown in Figure 3 whereas XMPP is also ranked fifth.

A. HTTP

Advantages:

• supports RESTful architecture with URI addressing

• supports distributed tracing to identify failures across a distributed system architecture

• can work behind closed firewalls

• uses a push approach which involves a persistent connection between client and server

Disadvantages:

• header size is large: this adds processing overhead for devices particularly constrained IoT devices

• high network latency: this makes the protocol not suitable for real-time or mission-critical IoT systems

• uses text not binary encoding

• protocol does not provide any QoS support

• protocol is not easily scalable

• computational overhead due to encrypting and decrypting (secure) messages

B. CoAP

Advantages:

• supports RESTful architecture with URI addressing

• protocol is very suitable for low-power or constrained IoT devices

• supports dynamic resource discovery

• protocol can be used for M2M communication

• reduced header size (4 byte): CoAP packets are much smaller than HTTP

• due to UDP, CoAP can be used over packet-based technologies (e.g. SMS) on mobile networks

Disadvantages:

• protocol has very limited quality of service levels

• protocol is not suitable for device-to-cloud communication (suitable for device-to-device only)

• protocol has limited level of encryption because of UDP (SSL and TLS are not available, only DTLS)

• device-to-device protocol: protocol has no support for broadcasting capabilities (only through extensions)

• protocol is not easily scalable or extensible

• protocol is vulnerable to spoofing and malicious attacks; an endpoint can freely read/write messages in a constrained network

C. MQTT

Advantages:

• has a transient data message transmission cycle

• good for cloud-based IoT applications (D2C)

• a lightweight protocol and works fairly well over constrained networks

• provides an adequate level of QoS support (0, 1, 2)

• protocol supports asynchronous messaging

• protocol is an event-driven which enables an IoT system to scale up (or down)

• protocol can be used for M2M communication

• supported by many IoT cloud providers (Table 3)

Disadvantages:

• does not support large payloads

• topic names are often long; inappropriate for low-rate wireless personal area networks (LR-WPANs)

• unsuitable for IoT devices that require sending multimedia content (e.g. audio, images or videos)

• protocol is not suitable for device-to-device communication (suitable for device-to-cloud only)

• lack of encryption; can use TLS/SSL for security and encryption, however, extra connection overhead

• no dynamic discovery (discovery based on topics) and broker can be a Single Point of Failure (SPoF)

• MQTT clients needs to support TCP; connections remain open with brokers (always on); limited sleep mode for constrained devices

D. AMQP

Advantages:

• event-driven protocol which enables some scaling up

• efficient workload distribution via queues (maximizes scalability)

• communication multiplexing: more than one session can be carried out in the same connection

• supports [distributed] transactions: messages can be published as transactions

• offline fetching: clients can fetch data when offline

• supports message header annotations

Disadvantages:

• reliability: only limited to what is provided by transport protocol

• discovery: offers no dynamic device discovery

• no multicast: messaging depends on connections between clients and brokers

• broker can be Single Point of Failure (SPoF)

• message flow can be slow and often complex

• standard does not provide mechanisms extensions with other protocols (e.g. majordomo protocol)

• standard was first developed in the finance sector, was not intended for M2M or IoT

E. XMPP

Advantages:

• designed to work in distributed client/server environments

• supports Simple Authentication and SASL

• based on XML which makes is extremely extensible

Disadvantages:

• does not offer end-to-end encryption

• no QoS support; no message delivery guarantees

• XML message format adds extra overhead in terms of IoT device processing and communication

• server can be Single Point of Failure (SPoF)

• computational overhead due to encrypting and decrypting messages

F. DDS

Advantages:

• scalability: can scale up to a large number of queues

• provides near real-time communication

• supports interoperable data formats

• supports multiple data types for data objects

• QoS support: offers a rich set of QoS policies

• efficiency: 1-to-1 latency as low as 30 microseconds

• comprehensive security mechanism through the DDS Security Model and SPIs

• no single point of failure (SPoF)

• end-to-end security and logging capabilities

• supports peer-to-peer (e.g. D2D), D2C, C2C

Disadvantages:

• implementation libraries are extremely large in size (sometimes over 2GB)

• complexity: can be quite difficult to implement

• not suitable for edge-based IoT devices with constrained processing and computing capabilities