{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T04:22:58Z","timestamp":1772252578573,"version":"3.50.1"},"reference-count":33,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2017,9,30]],"date-time":"2017-09-30T00:00:00Z","timestamp":1506729600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>This paper builds on previous work introducing the Secure Remote Update Protocol (SRUP), a secure communications protocol for Command and Control applications in the Internet of Things, built on top of MQTT. This paper builds on the original protocol and introduces a number of additional message types: adding additional capabilities to the protocol. We also discuss the difficulty of proving that a physical device has an identity corresponding to a logical device on the network and propose a mechanism to overcome this within the protocol.<\/jats:p>","DOI":"10.3390\/fi9040059","type":"journal-article","created":{"date-parts":[[2017,10,2]],"date-time":"2017-10-02T13:10:05Z","timestamp":1506949805000},"page":"59","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Extensions and Enhancements to \u201cthe Secure Remote Update Protocol\u201d"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3438-3981","authenticated-orcid":false,"given":"Andrew","family":"Poulter","sequence":"first","affiliation":[{"name":"Faculty of Engineering and the Environment, University of Southampton, Burgess Road, Southampton, S016 7QF, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3864-7072","authenticated-orcid":false,"given":"Steven","family":"Johnson","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and the Environment, University of Southampton, Burgess Road, Southampton, S016 7QF, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon","family":"Cox","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and the Environment, University of Southampton, Burgess Road, Southampton, S016 7QF, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2017,9,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Poulter, A.J., Johnston, S.J., and Cox, S.J. (2016, January 12\u201314). SRUP: The secure remote update protocol. Proeceedings of the 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, USA.","DOI":"10.1109\/WF-IoT.2016.7845397"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MC.2017.62","article-title":"Botnets and Internet of Things Security","volume":"50","author":"Bertino","year":"2017","journal-title":"Computer"},{"key":"ref_4","unstructured":"Banks, A., and Gupta, R. (2014). MQTT Version 3.1.1, Organization for the Advancement of Structured Information Standards (OASIS). Technical Report."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Postel, J. (1981). Transmission Control Protocol, Internet Engineering Task Force. Technical Report RFC793.","DOI":"10.17487\/rfc0793"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dierks, T., and Rescorla, E. (2008). The Transport Layer Security (TLS) Protocol Version 1.2, Internet Engineering Task Force. Technical Report RFC5246.","DOI":"10.17487\/rfc5246"},{"key":"ref_7","unstructured":"Eclipse (2015, November 08). Mosquitto\u2014An Open Source MQTT v3.1\/v3.1.1 Broker. Available online: http:\/\/mosquitto.org."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Franks, J., Leach, P.J., Luotonen, A., Hallam-Baker, P.M., Lawrence, S.D., Hostetler, J.L., and Stewart, L.C. (1999). HTTP Authentication: Basic and Digest Access Authentication, Internet Engineering Task Force. Technical Report RFC2617.","DOI":"10.17487\/rfc2617"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Reschke, J. (2015). The \u2019Basic\u2019 HTTP Authentication Scheme, Internet Engineering Task Force. Technical Report RFC7617.","DOI":"10.17487\/RFC7617"},{"key":"ref_10","unstructured":"Steiner, J.G., Neuman, C., and Schiller, J.I. (1988, January 9\u201312). Kerberos: An Authentication Service for Open Network Systems. Proceedings of the Usenix Winter Confernce, Dallas, TX, USA."},{"key":"ref_11","unstructured":"Boost (2017, June 30). Boost UUID. Available online: http:\/\/www.boost.org\/doc\/libs\/1640\/libs\/uuid\/uuid.html."},{"key":"ref_12","unstructured":"Sornin, N., Luis, M., Elirich, T., Kramp, T., and Hersent, O. (2015). LoRaWAN\u2122 Specification, LoRa Alliance."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Polk, W., and Housley, R. (2008). Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Internet Engineering Task Force. Technical Report RFC5280.","DOI":"10.17487\/rfc5280"},{"key":"ref_14","unstructured":"Espressif Systems (Shanghai) Pte (2017, June 30). ESP32 Overview. Available online: https:\/\/www.espressif.com\/en\/products\/hardware\/esp32\/overview."},{"key":"ref_15","unstructured":"Ellis, J.H. (1970). The Possibility of Secure \u201cNon-Secret\u201d Digital Encryption, Technical Report 3006."},{"key":"ref_16","unstructured":"Cocks, C.C. (1973). A Note on \u2018Non-Secret Encryption\u2019, Technical Report."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","article-title":"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems","volume":"21","author":"Rivest","year":"1978","journal-title":"Commun. ACM"},{"key":"ref_18","first-page":"203","article-title":"Twenty Years of Attacks on the RSA Cryptosystem","volume":"46","author":"Boneh","year":"1999","journal-title":"Not. Am. Math. Soc."},{"key":"ref_19","unstructured":"United States Computer Emergency Readiness Team (US-CERT) (2017, February 23). SSL 3.0 Protocol Vulnerability and POODLE Attack, Available online: https:\/\/www.us-cert.gov\/ncas\/alerts\/TA14-290A."},{"key":"ref_20","unstructured":"Sch\u00e4ling, B. (2011). The Boost C++ Libraries, XML Press."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1145\/514183.514185","article-title":"Principled design of the modern Web architecture","volume":"2","author":"Fielding","year":"2002","journal-title":"ACM Trans. Internet Technol."},{"key":"ref_22","unstructured":"International Standards Organization (2000). Information Technology\u2014Automatic Identification and Data Capture Techniques\u2014Bar Code Symbology\u2014QR Code, International Standards Organization. Technical Report ISO\/IEC 18004."},{"key":"ref_23","unstructured":"ECMA International (2013). Near Field Communication\u2014Interface and Protocol (NFCIP-1), ECMA International. Technical Report ECMA-340 (ISO\/IEC 18092:2013)."},{"key":"ref_24","unstructured":"Bluetooth Special Interest Group (2014). Specification of the Bluetooth System, Bluetooth Special Interest Group."},{"key":"ref_25","unstructured":"Google (2016). Eddystone Protocol Specification, Google."},{"key":"ref_26","unstructured":"Henderson, C. (,  2017). IoT: End of Shorter Days. Presentation to RSA Conference 2017, San Francisco, CA, USA. Available online: https:\/\/www.rsaconference.com\/videos\/iot-end-of-shorter-days."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Johnston, S.J., Scott, M., and Cox, S.J. (2016, January 12\u201314). Recommendations for securing Internet of Things devices using commodity hardware. Proceedings of the 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, USA.","DOI":"10.1109\/WF-IoT.2016.7845410"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Leach, P., Mealling, M., and Salz, R. (2005). A Universally Unique IDentifier (UUID) URN Namespace, Internet Engineering Task Force. Technical Report RFC4122.","DOI":"10.17487\/rfc4122"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"McDonald, D.L. (1994). A Convention for Human-Readable 128-bit Keys, Internet Engineering Task Force. Technical Report RFC 1751.","DOI":"10.17487\/rfc1751"},{"key":"ref_30","unstructured":"Bonneau, J. (2016). Deep Dive: EFF\u2019s New Wordlists for Random Passphrases, Electronic Fronteer Foundation. Available online: https:\/\/www.eff.org\/deeplinks\/2016\/07\/new-wordlists-random-passphrases."},{"key":"ref_31","unstructured":"Slee, M., Argawal, A., and Kwiatkowski, M. (2007). Thrift: Scalable Cross-Language Services Implementation, Facebook. Technical Report."},{"key":"ref_32","unstructured":"Poulter, A.J. (2017, September 28). The Secure Remote Update Protocol (SRUP). Available online: https:\/\/youtu.be\/aKTODVEpI1w."},{"key":"ref_33","unstructured":"Poulter, A.J. (2017). The Secure Remote Update Protocol: A Specification University of Southampton."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/4\/59\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:46:24Z","timestamp":1760208384000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/4\/59"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,30]]},"references-count":33,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,12]]}},"alternative-id":["fi9040059"],"URL":"https:\/\/doi.org\/10.3390\/fi9040059","relation":{"has-preprint":[{"id-type":"doi","id":"10.20944\/preprints201709.0136.v1","asserted-by":"object"}]},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,9,30]]}}}