{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:11:49Z","timestamp":1760728309915,"version":"build-2065373602"},"reference-count":43,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2021,7,21]],"date-time":"2021-07-21T00:00:00Z","timestamp":1626825600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Lero\u2014The Irish Software Research Centre and European Regional Development Fund through the Southern &amp; Eastern Regional Operational Programme","award":["13\/RC\/2094"],"award-info":[{"award-number":["13\/RC\/2094"]}]},{"DOI":"10.13039\/501100001602","name":"Science Foundation Ireland","doi-asserted-by":"publisher","award":["16\/RC\/3918"],"award-info":[{"award-number":["16\/RC\/3918"]}],"id":[{"id":"10.13039\/501100001602","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>With the growing availability and prevalence of internet-capable devices, the complexity of networks and associated connection management increases. Depending on the use case, different approaches in handling connectivity have emerged over the years, tackling diverse challenges in each distinct area. Exposing centralized web-services facilitates reachability; distributing information in a peer-to-peer fashion offers availability; and segregating virtual private sub-networks promotes confidentiality. A common challenge herein lies in connection establishment, particularly in discovering, and securely connecting to peers. However, unifying different aspects, including the usability, scalability, and security of this process in a single framework, remains a challenge. In this paper, we present the Stream Exchange Protocol (SEP) collection, which provides a set of building blocks for secure, lightweight, and decentralized connection establishment. These building blocks use unique identities that enable both the identification and authentication of single communication partners. By utilizing federated directories as decentralized databases, peers are able to reliably share authentic data, such as current network locations and available endpoints. Overall, this collection of building blocks is universally applicable, easy to use, and protected by state-of-the-art security mechanisms by design. We demonstrate the capabilities and versatility of the SEP collection by providing three tools that utilize our building blocks: a decentralized file sharing application, a point-to-point network tunnel using the SEP trust model, and an application that utilizes our decentralized discovery mechanism for authentic and asynchronous data distribution.<\/jats:p>","DOI":"10.3390\/s21154969","type":"journal-article","created":{"date-parts":[[2021,7,22]],"date-time":"2021-07-22T22:37:14Z","timestamp":1626993434000},"page":"4969","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["The Stream Exchange Protocol: A Secure and Lightweight Tool for Decentralized Connection Establishment"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2288-9010","authenticated-orcid":false,"given":"Stefan","family":"Tatschner","sequence":"first","affiliation":[{"name":"Fraunhofer Institute AISEC, 85748 Garching bei M\u00fcnchen, Germany"},{"name":"Department of Electronic and Computer Engineering, University of Limerick, V94 T9PX Limerick, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ferdinand","family":"Jarisch","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute AISEC, 85748 Garching bei M\u00fcnchen, Germany"},{"name":"Department of Informatics, Technical University of Munich, 85748 Garching bei M\u00fcnchen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7648-3895","authenticated-orcid":false,"given":"Alexander","family":"Giehl","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute AISEC, 85748 Garching bei M\u00fcnchen, Germany"},{"name":"Department of Informatics, Technical University of Munich, 85748 Garching bei M\u00fcnchen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1658-1140","authenticated-orcid":false,"given":"Sven","family":"Plaga","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute AISEC, 85748 Garching bei M\u00fcnchen, Germany"},{"name":"Department of Electronic and Computer Engineering, University of Limerick, V94 T9PX Limerick, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3375-8200","authenticated-orcid":false,"given":"Thomas","family":"Newe","sequence":"additional","affiliation":[{"name":"Department of Electronic and Computer Engineering, University of Limerick, V94 T9PX Limerick, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,7,21]]},"reference":[{"key":"ref_1","unstructured":"Ford, B., Srisuresh, P., and Kegel, D. (2005, January 10\u201315). Peer-to-Peer Communication Across Network Address Translators. Proceedings of the USENIX Annual Technical Conference, General Track, Anaheim, CA, USA."},{"key":"ref_2","unstructured":"Arab, G. (2021, May 30). WireHub. Available online: https:\/\/github.com\/Gawen\/WireHub."},{"key":"ref_3","unstructured":"Borg, J., Frei, S., and Butkevicius, A. (2021, May 30). Syncthing. Available online: https:\/\/syncthing.net."},{"key":"ref_4","unstructured":"Resilio Inc. (2021, May 30). Resilio Connect. Available online: https:\/\/www.resilio.com\/connect."},{"key":"ref_5","unstructured":"Warner, B. (2021, May 30). Magic Wormhole. Technical Report, PyCon. Available online: https:\/\/us.pycon.org\/2016\/schedule\/presentation\/1838\/."},{"key":"ref_6","unstructured":"Protocol Labs (2021, May 30). libp2p. Available online: https:\/\/libp2p.io."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"596","DOI":"10.1016\/j.future.2018.11.008","article-title":"Securing future decentralised industrial IoT infrastructures: Challenges and free open source solutions","volume":"93","author":"Plaga","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Schanzenbach, M., Bramm, G., and Sch\u00fctte, J. (2018, January 1\u20133). reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption. Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00134"},{"key":"ref_9","unstructured":"Zhang, B., Mor, N., Kolb, J., Chan, D.S., Lutz, K., Allman, E., Wawrzynek, J., Lee, E., and Kubiatowicz, J. (2015, January 6\u20137). The Cloud is Not Enough: Saving IoT from the Cloud. Proceedings of the 7th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 15), Santa Clara, CA, USA."},{"key":"ref_10","unstructured":"Hernandez, G., Arias, O., Buentello, D., and Jin, Y. (2014, January 2\u20137). Smart nest thermostat: A smart spy in your home. Proceedings of the Black Hat USA, Las Vegas, NV, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Obermaier, J., and Hutle, M. (2016, January 30). Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems. Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS@ASIA-CCS \u201916, Xi\u2019an, China.","DOI":"10.1145\/2899007.2899008"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Brauchli, A., and Li, D. (2015, January 5\u20137). A solution based analysis of attack vectors on smart home systems. Proceedings of the 2015 IEEE International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China.","DOI":"10.1109\/SSIC.2015.7245682"},{"key":"ref_13","unstructured":"Garrett, M. (2021, May 30). Everything You Never Wanted to Know about Smart Lightbulbs. Available online: https:\/\/media.ccc.de\/v\/emf2018-131-everything-you-never-wanted-to-know-about-smart-lightbulbs."},{"key":"ref_14","unstructured":"Garrett, M. (2021, May 30). mjg59. Available online: https:\/\/mjg59.dreamwidth.org."},{"key":"ref_15","unstructured":"Ullrich, F., Classen, J., Eger, J., and Hollick, M. (2019, January 12\u201313). Vacuums in the Cloud: Analyzing Security in a Hardened IoT Ecosystem. Proceedings of the 13th USENIX Workshop on Offensive Technologies (WOOT 19), Santa Clara, CA, USA."},{"key":"ref_16","unstructured":"Kumar, D., Shen, K., Case, B., Garg, D., Alperovich, G., Kuznetsov, D., Gupta, R., and Durumeric, Z. (2019, January 14\u201316). All Things Considered: An Analysis of IoT Devices on Home Networks. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_17","unstructured":"Zhou, W., Jia, Y., Yao, Y., Zhu, L., Guan, L., Mao, Y., Liu, P., and Zhang, Y. (2019, January 14\u201316). Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_18","unstructured":"Azad, B.A., Laperdrix, P., and Nikiforakis, N. (2019, January 14\u201316). Less is More: Quantifying the Security Benefits of Debloating Web Applications. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_19","unstructured":"Lipner, S. (2019). Lessons Learned about Building Secure Software: It\u2019s about the Developers!, USENIX Association."},{"key":"ref_20","unstructured":"Borg, J. (2021, May 30). Syncthing: Use Decentralized Discovery (DHT). Available online: https:\/\/github.com\/syncthing\/syncthing\/issues\/3388."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Menezes, A. (2005). Simple password-based encrypted key exchange protocols. Topics in Cryptology\u2013CT-RSA 2005, Springer. CT-RSA 2005. Lecture Notes in Computer Science.","DOI":"10.1007\/b105222"},{"key":"ref_22","unstructured":"(2021, May 30). Libsodium. Available online: https:\/\/libsodium.org."},{"key":"ref_23","unstructured":"Protocol Labs (2021, May 30). IPFS. Available online: https:\/\/ipfs.io."},{"key":"ref_24","unstructured":"Cohen, B. (2021, May 30). The BitTorrent Protocol Specification. Available online: http:\/\/www.bittorrent.org\/beps\/bep_0003.html."},{"key":"ref_25","unstructured":"Donenfeld, J.A. (March, January 26). WireGuard: Next Generation Kernel Network Tunnel. Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"721","DOI":"10.1016\/j.comcom.2013.01.009","article-title":"Network of information (netinf)\u2014An information-centric networking architecture","volume":"36","author":"Dannewitz","year":"2013","journal-title":"Comput. Commun."},{"key":"ref_27","unstructured":"Farrell, S., Kutscher, D., Dannewitz, C., Ohlman, B., Keranen, A., and Hallam-Baker, P. (2021, July 18). Naming Things with Hashes. RFC 6920, Internet Engineering Task Force (IETF). Available online: https:\/\/datatracker.ietf.org\/doc\/html\/rfc6920."},{"key":"ref_28","unstructured":"Manger, J. (2021, May 30). Named Information Hash Algorithm Registry. Available online: https:\/\/www.iana.org\/assignments\/named-information\/named-information.xhtml."},{"key":"ref_29","unstructured":"International Telecommunication Union (2021, May 30). Information Technology\u2013ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). Available online: https:\/\/www.itu.int\/ITU-T\/studygroups\/com17\/languages\/X.690-0207.pdf."},{"key":"ref_30","unstructured":"Hain, T. (2021, July 18). Architectural Implications of NAT. RFC 2993, Internet Engineering Task Force (IETF). Available online: https:\/\/datatracker.ietf.org\/doc\/html\/rfc2993."},{"key":"ref_31","unstructured":"Meyer, C. (2014). 20 Years of SSL\/TLS Research an Analysis of the Internet\u2019s Security Foundation. [Ph.D. Thesis, Ruhr-University Bochum]."},{"key":"ref_32","unstructured":"de Ruiter, J., and Poll, E. (2015, January 12\u201314). Protocol State Fuzzing of TLS Implementations. Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, DC, USA."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1007\/s00165-012-0269-9","article-title":"Formal verification of security protocol implementations: A survey","volume":"Volume 26","author":"Avalle","year":"2014","journal-title":"Formal Aspects of Computing"},{"key":"ref_34","unstructured":"Chung, T., van Rijswijk-Deij, R., Chandrasekaran, B., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., and Wilson, C. (2017, January 14\u201315). A Longitudinal, End-to-End View of the DNSSEC Ecosystem. Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada."},{"key":"ref_35","unstructured":"O\u2019Neill, M., Heidbrink, S., Whitehead, J., Perdue, T., Dickinson, L., Collett, T., Bonner, N., Seamons, K., and Zappala, D. (2018, January 15\u201317). The Secure Socket API: TLS as an Operating System Service. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_36","unstructured":"Marlinspike, M., and Perrin, T. (2021, July 18). The Double Ratchet Algorithm. Available online: https:\/\/signal.org\/docs\/specifications\/doubleratchet\/doubleratchet.pdf."},{"key":"ref_37","unstructured":"Merget, R., Somorovsky, J., Aviram, N., Young, C., Fliegenschmidt, J., Schwenk, J., and Shavitt, Y. (2019, January 14\u201316). Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_38","unstructured":"B\u00f6ck, H., Somorovsky, J., and Young, C. (2018, January 15\u201317). Return Of Bleichenbacher\u2019s Oracle Threat (ROBOT). Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Jager, T., Schwenk, J., and Somorovsky, J. (2015, January 12\u201316). On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 V1.5 Encryption. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security CCS \u201915, Denver, CO, USA.","DOI":"10.1145\/2810103.2813657"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Ronen, E., Gillham, R., Genkin, D., Shamir, A., Wong, D., and Yarom, Y. (2019, January 20\u201322). The 9 Lives of Bleichenbacher\u2019s CAT: New Cache ATtacks on TLS Implementations. Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00062"},{"key":"ref_41","unstructured":"Perrin, T., and Marlinspike, M. (2021, May 30). Noise Protocol Framework. Available online: http:\/\/noiseprotocol.org."},{"key":"ref_42","unstructured":"Borg, J. (2021, July 19). Syncthing Usage Data. Available online: https:\/\/data.syncthing.net."},{"key":"ref_43","unstructured":"Tatschner, S. (2021, July 18). Public Source Code Repository of the Stream Exchange Protocol (SEP). Available online: https:\/\/rumpelsepp.org\/projects\/sep."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/15\/4969\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:33:01Z","timestamp":1760164381000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/15\/4969"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,21]]},"references-count":43,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2021,8]]}},"alternative-id":["s21154969"],"URL":"https:\/\/doi.org\/10.3390\/s21154969","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2021,7,21]]}}}