A Survey On Application Layer Protocols For The Internet of Things Transaction On IoT and Cloud Computing
A Survey On Application Layer Protocols For The Internet of Things Transaction On IoT and Cloud Computing
A Survey On Application Layer Protocols For The Internet of Things Transaction On IoT and Cloud Computing
ABSTRACT
It has been more than fifteen years since the term Internet of Things (IoT) was introduced. However, despite
the efforts of research groups and innovative corporations, still today it is not possible to say that the IoT is
upon us. This is mainly due to the fact that a unified IoT architecture has not yet been clearly defined and
there is no common agreement in defining communication protocols and standards for all the IoT parts. The
framework that current IoT platforms use consists mostly in technologies that partially fulfill the IoT
requirements. While developers employ existing technologies to build the IoT, research groups are working
on adapting protocols to the IoT in order to optimize communications. In this paper, we present and compare
existing IoT application layer protocols as well as protocols that are utilized to connect the “things” but also
end-user applications to the Internet. We highlight IETF’s CoAP, IBM’s MQTT, HTML 5’s Websocket
among others, and we argue their suitability for the IoT by considering reliability, security, and energy
consumption aspects. Finally, we provide our conclusions for the IoT application layer communications based
on the study that we have conducted.
Keywords: Internet of Things (IoT), Application Layer Protocols, Request/Response, Publish/Subscribe.
1
Our paper focuses on the protocols that handle 3. COAP
the communication between the gateways, the
public Internet, and the final applications (Figure The Constrained Application Protocol (CoAP)
1). They are application layer protocols that are [5] is a synchronous request/response application-
used to update online servers with the latest end- layer protocol that was designed by the Internet
device values but also to carry commands from Engineering Task Force (IETF) to target
applications to the end-device actuators. constrained-recourse devices. It was designed by
using a subset of the HTTP methods making it
The rest of the paper is organized as follows. interoperable with HTTP [3].
Section 2 describes our research motivation,
whereas each of the other sections is dedicated to a CoAP runs over UDP to keep the overall
specific application layer protocol. At the first part implementation lightweight. It uses the HTTP
of each section, we introduce an application layer commands GET, POST, PUT, and DELETE to
protocol, we present its usage, we discuss its provide resource-oriented interactions in a client-
reliability and security features, and we then server architecture. CoAP is a request/response
compare its suitability for the IoT with other protocol that utilizes both synchronous and
application layer protocols. Finally, in Section 9, we asynchronous responses. The reason for designing a
present overall conclusions based on the previous UDP-based application layer protocol to manage
sections and we provide further research areas. the resources is to remove the TCP overhead and
reduce bandwidth requirements [4]. Additionally,
2. RESEARCH MOTIVATION CoAP supports unicast as well as multicast, as
opposed to TCP, which is by its nature not
The IoT is a term used for a huge wave of
multicast-oriented.
innovation originated in industries, but currently
heading to urban centers, in-home environments, Running on the unreliable UDP, CoAP
and individuals. integrated its own mechanisms for achieving
reliability. Two bits in the header of each packet
Our main motivation was to create an IoT
state the type of message and the required Quality
testbed in which we could test communications
of Service (QoS) level. There are 4 message types:
protocols and also innovative applications that
could be applied to a gamut of scenarios. While 1. Confirmable: A request message that requires
searching for the appropriate application layer an acknowledgement (ACK). The response
protocols to use, we found out that while can be sent either synchronously (within the
comparisons can be found between two protocols, ACK) or if it needs more computational time,
there is no paper overviewing all the possible it can be sent asynchronously with a separate
alternatives with pros and cons. message.
The main motivation of this paper is to fill this 2. Non-Confirmable: A message that does not
gap and to provide a brief yet accurate description need to be acknowledged.
of the key protocols that are being used today to
3. Acknowledgment: It confirms the reception of
implement the IoT. More specifically, we will
a confirmable message.
discuss the following list of protocols being used
alternatively or jointly to solve different needs of 4. Reset: It confirms the reception of a message
the communication between machines: that could not be processed.
1) CoAP: Constrained Application Protocol. There is also a simple Stop-and-Wait
retransmission mechanism for confirmable
2) MQTT: Message Queue Telemetry Transport.
messages and a 16-bit header field in each CoAP
3) XMPP: Extensible Messaging and Presence packet called Message ID which is unique and used
Protocol. for detecting duplicates.
4) RESTFUL Services: Representational State CoAP–HTTP Mapping enables CoAP clients to
Transfer. access resources on HTTP servers through a reverse
proxy that translates the HTTP Status codes to the
5) AMQP: Advanced Message Queuing Protocol
Response codes of CoAP [5].
6) Websockets.
Even though CoAP was created for the IoT and
for M2M communications, it does not include any
built-in security features. The protocol that is
2
proposed to secure CoAP transactions is the Even though MQTT runs on TCP, it is designed
Datagram Transport Layer Security (DTLS). DTLS to have low overhead compared to other TCP-based
runs on top of UDP and is the analogous of TLS for application layer protocols [10]. Moreover, the
the TCP. It provides authentication, data integrity, publish/subscribe architecture that it used, is more
confidentiality, automatic key management, and suitable for the IoT than request/response of CoAP,
cryptographic algorithms [6]. Even though DTLS for example, because messages do need to be
secures UDP transfers, it was not designed for the responded. This means lower network bandwidth
IoT, thus its suitability can be argued. To begin and less message processing that actually extends
with, DTLS does not support multicast [6], which is the lifetime of battery-run devices.
a prime advantage of CoAP compared to other
To ensure security, MQTT brokers may require
application layer protocols. DTLS handshakes [7]
username/password authentication which is handled
require additional packets that increase the network
by TLS/SSL (Secure Sockets Layer), i.e., the same
traffic, occupy additional computational resources,
security protocols that ensure privacy for HTTP
and shorten the lifespan of mobile devices that run
transactions all over the Internet.
on batteries, an essential part of the IoT. Being
designed for the IoT, CoAP is HTTP-compatible, By comparing MQTT with the aforementioned
but CoAP over DTLS might create additional CoAP, it is possible to see that the UDP-based
confusion to the HTTP servers due to its diverse CoAP has lower overhead than the TCP-based
packet structure. Other protocols (IPsec, Lithe) for MQTT. However, due to the lack of TCP’s
securing CoAP can be found in the literature retransmission mechanisms, packet loss is more
including approaches that are still being under likely to happen when using CoAP. According to a
research [6]-[7]. recent research study [10], MQTT experiences
lower delays that CoAP for low packet losses, but
4. MQTT CoAP generates less extra traffic for ensuring
Message Queue Telemetry Transport (MQTT) reliability. However, results can vary depending on
[8] was released by Andy Stanford-Clark of IBM, the network conditions. Additionally packet loss
and Arlen Nipper of Arcom and targets lightweight and delays depend on the QoS of the messages. In
M2M communications. It is an asynchronous both protocols, packet loss degrades and delays
publish/subscribe protocol that runs on top of the increase when the QoS level is higher.
TCP stack. Publish/subscribe protocols meet better
the IoT requirements than request/response since
5. XMPP
clients do not have to request updates thus, the The Extensible Messaging and Presence Protocol
network bandwidth is decreasing and the need for (XMPP) was designed for chatting and message
using computational resources is dropping. exchanging. It was standardized by the IETF over a
decade ago, thus being a well-proven protocol that
In MQTT there is a broker (server) [8] that
has been used widely all over the Internet.
contains topics. Each client can be a publisher that
However, being an old protocol, it falls short to
sends information to the broker at a specific topic
provide the required services for some of the new
or/and a subscriber that receives automatic
arising data applications. For this reason, last year,
messages every time there is a new update in a
Google stopped supporting the XMPP standard due
topic he is subscribed. The MQTT protocol is
to the lack of worldwide support [11]. However,
designed to use bandwidth and battery usage
lately XMPP has re-gained a lot of attention as a
sparingly, which is why, for example, it is currently
communication protocol suitable for the IoT.
used by Facebook Messenger [9].
XMPP runs over TCP and provides
MQTT ensures reliability by providing the option
publish/subscribe (asynchronous) and also
of three QoS levels:
request/response (synchronous) messaging systems.
1. Fire and forget: A message is sent once and It is designed for near real-time communications
no acknowledgement is required. and thus, it supports small message footprint and
low latency message exchange [12]. As the name
2. Delivered at least once: A message is sent at
explicitly states, XMPP is extensible and allows the
least once and an acknowledgement is
specification of XMPP Extension Protocols (XEP)
required.
that increase its functionality.
3. Delivered exactly once: A four-way
XMPP has TLS/SSL security built in the core of
handshake mechanism is used to ensure the
the specification. However, it does not provide QoS
message is delivered exactly one time.
3
options that make it impractical for M2M Given the current tendency for applications
communications. Only the inherited mechanisms of running on smartphones, tablets and pads, the
TCP ensure reliability. additional overhead associated to request/response
protocols affect battery usage, as it also does the
XMPP supports the publish/subscribe
continuous polling or long polling for values
architecture that is more suitable for the IoT in
especially when there are no new updates and the
contrast to CoAP’s request/response approach.
overhead becomes useless. Issues that can be
Furthermore, it is an already established protocol
avoided if a publish/subscribe protocol is used such
that is supported all over the Internet as a plus with
as MQTT or XMPP. CoAP on the other hand,
regard to the relatively new MQTT [13]. However,
which is the lightweight version of REST, bears the
XMPP uses XML messages (eXtensible Markup
same disadvantages of the request/response
Language) that create additional overhead due to
architecture. However it is designed to run over
unnecessary tags and require XML parsing that
UDP making it capable of being used by
needs additional computational ability which
constrained resource devices, counter to REST.
increases power consumption.
7. AMQP
6. RESTFUL SERVICES
The Advanced Message Queuing Protocol
The Representational State Transfer (REST) is
(AMQP) is a protocol that arose from the financial
not really a protocol but an architectural style. It
industry. It can utilize different transport protocols
was first introduced by Roy Fielding in 2000 [14],
but it assumes an underlying reliable transport
and it is being widely used ever since.
protocol such as TCP [16].
REST uses the HTTP methods GET, POST,
AMQP provides asynchronous publish/subscribe
PUT, and DELETE to provide a resource-oriented
communication with messaging. Its main advantage
messaging system where all actions can be
is its store-and-forward feature that ensures
performed simply by using the synchronous
reliability even after network disruptions [17]. It
request/response HTTP commands. It uses the
ensures reliability with the following message-
built-in accept header of HTTP to indicate the
delivery guarantees [16]:
format of the data that it contains. The content type
can be XML or JSON (JavaScript Object Notation) 1. At most once: means that a message is sent
and depends on the HTTP server and its once either if it is delivered or not.
configuration. REST is already an important part of
2. At least once: means that a message will be
the IoT because it is supported by all the
definitely delivered one time, possibly more.
commercial M2M cloud platforms. Moreover it can
be implemented in smartphone and tablet 3. Exactly once: means that a message will be
applications easily because it only requires an delivered only one time.
HTTP library which is available for all the
Operating Systems (OS) distributions. The features Security is handled with the use of the TLS/SSL
of HTTP can be completely utilized in the REST protocols over TCP.
architecture including cashing, authentication, and Recent research has shown that AMQP has low
content type negotiation [15]. success rate at low bandwidths, but it increases as
RESTful services use the secure and reliable bandwidth increases [17]. Another study shows that
HTTP which is the proven worldwide Internet comparing AMQP with the aforementioned REST,
AMQP can send a larger amount of messages per
language. It can make use of TLS/SSL for security.
However, today most commercial M2M platforms second [18]. Additionally, it has been reported that
do not support HTTP requests. Instead, they an AMQP environment with 2,000 users spread
across five continents can process 300 million
provide unique authentication keys that need to be
in the header of each request to achieve some level messages per day [18]. Furthermore, JPMorgan
of security. which is an American banking and financial
services company uses AMQP to send 1 billion
Even though REST is already used widely in messages per day [19].
commercial M2M platforms, it is unlikely that it
AMQP is already in use and its performance has
will become a dominant protocol due to not being
easily implementable. It uses HTTP which means been outstanding. Its main difference comparing it
no compatibility with constrained-communication to MQTT and CoAP is that AMQP targets
devices. This leaves its use for final applications. transactions and aims at being an efficient
messaging system, while CoAP and MQTT target
4
hardware devices and M2M networks. Nonetheless, QoS
Protocol Transport Architecture Security
implementing the IoT requires both messaging options
systems and lightweight protocols for the machines. CoAP UDP YES Request / Response DTLS
8. WEBSOCKET MQTT TCP YES Publish / Subscribe
TLS/
SSL
The Websocket protocol [20] was developed as
Request / Response TLS/
part of the HTML 5 initiative to facilitate XMPP TCP NO
Publish / Subscribe SSL
communications channels over TCP. Websocket is
neither a request/response nor a publish/subscribe REST HTTP NO Request / Response HTTPS
protocol. In Websocket, a client initializes a TLS/
AMQP TCP YES Publish / Subscribe
handshake with a server to establish a Websocket SSL
session. The handshake process is intended to be Web Client / Server TLS/
TCP NO
compatible with HTTP-based server-side software socket Publish / Subscribe SSL
so that a single port can be used by both HTTP and Table 1. Major differences among protocols
Websocket clients [20]. However, what comes after
the handshake does not comply with the HTTP comparison among each other and argue their
rules. In fact, during a session, the HTTP headers suitability for the future of the IoT. Among them,
are removed and clients and servers can exchange we have identified IETF’s CoAP as the only one
messages in an asynchronous full-duplex that runs over UDP, thus making it the most
connection. The session can be terminated when it lightweight, followed by HTML 5’s Websocket that
is no longer needed from either the server or the significantly reduces the communication’s overhead.
client side. Websocket was created to reduce the The computational and communication ability of
Internet communication overhead while providing the devices involved should also be taken into
real-time full-duplex communications. There is also consideration when choosing the most appropriate
a Websocket sub-protocol called Websocket protocol. If constrained communication and battery
Application Messaging Protocol (WAMP) that consumption is not an issue, RESTful services can
provides publish/subscribe messaging systems. be easily implemented and interact with the Internet
using the worldwide HTTP. This can be proved
Websocket runs over the reliable TCP and very useful in testbeds as it can work as proof of
implements no reliability mechanisms on its own. If concept for final applications. On the contrary,
needed, the sessions can be secured using the MQTT, which is used by Facebook Messenger, is
Websocket over TLS/SSL. not as widely used as HTTP but has proved to be
During the session, Websocket messages have more energy efficient for battery-operated devices.
only 2 bytes of overhead. As reported by relevant Additionally if the target applications require
studies [21], the HTTP polling (in REST) repeats massive updates of the same value,
header information when the data transmission rate publish/subscribe protocols (e.g. MQTT, XMPP,
increases, thus increasing latency. Websocket is AMQP) are more suitable.
estimated to provide a three-to-one reduction in To sum up, there are several factors that
latency against the half-duplex HTTP polling. influence the selection of an application layer
Websocket is not designed for resource constrained protocol. The most important factors are the
devices as the previous protocols and its computational and communication ability of the
client/server based architecture does not suit IoT end-devices, energy consumption and final
applications. However it is designed for real-time application in mind. For this reason, opinions differ.
communication, it is secure, it minimizes overhead An overview of major differences among the
and with the use of WAMP it can provide efficient aforementioned protocols can be found above
messaging systems. Thus, it can compete any other (Table 1).
protocol running over TCP.
Having seen this paper purely qualitatively,
9. CONCLUSIONS & FUTURE WORK future work will be aimed at implementing all these
In this paper, we have presented a common IoT protocols in order to obtain an experimental and
architecture by describing the parts where quantifiable comparison among them. Moreover,
application layer protocols are needed to handle we plan to explore the possibility of creating a
communication. We have presented the most server that supports multiple application layer
representative application layer protocols that have protocols and dynamically chooses the most
gained attention for IoT while providing a appropriate according to the network’s conditions.
5
Such an innovative approach not designed so far, [10] Dinesh Thangavel, Xiaoping Ma, Alvin Valera,
would optimize the overall performance of the IoT Hwee-Xian Tan, Colin Keng-Yan Tan,
in various application scenarios. “Performance Evaluation of MQTT and CoAP
via a Common Middleware”, IEEE Ninth
International Conference on Intelligent Sensors,
REFERENCES Sensor Networks and Information Processing
[1] Tasos Kaukalias and Periklis Chatzimisios, (ISSNIP), 21-24 April 2014, pp. 1 – 6.
“Internet of Things (IoT) – Enabling [11] http://www.zdnet.com/google-moves-away-
technologies, applications and open issues”, in from-the-xmpp-open-messaging-standard-
Encyclopedia of Information Science and 7000015918/, cited 28 Jul 2014.
Technology (3rd Ed.), IGI Global Press, 2014. [12] Sven Bendel, Thomas Springer, Daniel
[2] Periklis Chatzimisios, Industry Forum & Schuster, Alexander Schill, Ralf Ackermann,
Exhibition Panel on "Internet of Humans and Michael Ameling, “A Service Infrastructure for
Machines", IEEE Global Communications the Internet of Things based on XMPP”, IEEE
Conference (Globecom 2013), Atlanta, USA, International Conference on Pervasive
December 2013. Computing and Communications Workshops
[3] Angelo P. Castellani, Mattia Gheda, Nicola Bui, (PERCOM Workshops), 18-22 March 2013, pp.
Michele Rossi, Michele Zorzi, “Web Services 385 – 388.
for the Internet of Things through CoAP and [13] Michael Kirsche, Ronny Klauck, “Unify to
EXI”, IEEE International Conference on Bridge Gaps: Bringing XMPP into the Internet
Communications Workshops (ICC), 5-9 June of Things”, IEEE International Conference on
2011, pp. 1 – 6. Pervasive Computing and Communications
[4] Sye Loong Keoh, Sandeep S. Kumar, Hannes Workshops (PERCOM Workshops), 19-23
Tschofenig, “Securing the Internet of Things: A March 2012, pp. 455 - 458.
Standardization Perspective”, Internet of Things [14] Roy Thomas Fielding, "Architectural Styles and
Journal IEEE (Volume: 1, Issue: 3), June 2014, the Design of Network-based Software
pp. 265 – 275. Architectures", PhD thesis, University of
[5] Maria Rita Palattella, Nicola Accettura, Xavier California, Irvine, USA, 2000.
Vilajosana, Thomas Watteyne, Luigi Alfredo [15] Bipin Upadhyaya, Ying Zou, Hua Xiao, Joanna
Grieco, Gennaro Boggia, Mischa Dohler, Ng, Alex Lau, ”Migration of SOAP-based
“Standardized Protocol Stack for the Internet of Services to RESTful Services”, 13th IEEE
(Important) Things”, Communications Surveys International Symposium on Web Systems
& Tutorials IEEE (Volume:15 , Issue: 3 ), Evolution (WSE), 30 Sept. 2011, pp. 105 – 114.
2013, pp. 1389 – 1406. [16]http://en.wikipedia.org/wiki/Advanced_Message
[6] Thamer A. Alghamdi, Aboubaker Lasebae, _Queuing_Protocol, cited 28 Jul 2014.
Mahdi Aiash, “Security Analysis of the [17] Frank T. Johnsen, Trude H. Bloebaum, Morten
Constrained Application Protocol in the Internet Avlesen, Skage Spjelkavik, Bjørn Vik,
of Things”, Second International Conference on “Evaluation of Transport Protocols for Web
Future Generation Communication Technology Services”, Military Communications and
(FGCT), 12-14 Nov. 2013, pp. 163 – 168. Information Systems Conference (MCC), 7-9
[7] Shahid Raza, Hossein Shafagh, Kasun Hewage, Oct. 2013, pp. 1 – 6.
René Hummen, Thiemo Voigt, “Lithe: [18] Joel L. Fernandes, Ivo C. Lopes, Joel J. P.
Lightweight Secure CoAP for the Internet of C.Rodrigues, Sana Ullah, “Performance
Things”, Sensors Journal, IEEE (Volume: Evaluation of RESTful Web Services and
13, Issue: 10), Oct. 2013, pp. 3711 – 3720. AMQP Protocol”, Fifth International
[8] Shinho Lee, Hyeonwoo Kim, Dong-kweon Conference on Ubiquitous and Future Networks
Hong, Hongtaek Ju, “Correlation Analysis of (ICUFN), 2-5 July 2013, pp. 810 – 815.
MQTT Loss and Delay According to QoS [19] Notable AMQP users,
Level”, International Conference on http://www.amqp.org/about/examples, cited 28
Information Networking (ICOIN), 28-30 Jan. Jul 2014.
2013, pp. 714 – 717. [20] I.Fette, A.Melnikov, “The WebSocket
[9] http://mqtt.org/2011/08/mqtt-used-by-facebook- Protocol”, RFC 6455, Dec 2011.
messenger, cited 28 Jul 2014.
6
[21] Victoria Pimentel, Bradford G. Nickerson,
“Communicating and Displaying Real-Time
Data with WebSocket”, Internet Computing
IEEE (Volume: 16, Issue: 4), July-Aug. 2012,
pp. 45 – 53.