Secure and Dynamic Publish/Subscribe: LCMsec: Conclusion

10 Jul 2024


(1) Moritz Jasper, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany (;

(2) Stefan Kopsell, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany (

Abstract and Introduction

Related Work

Description of LCM

Attacker Model and Security Goals

LCMSec: The Proposed Protocol

Implementation and Evaluation


Appendix and References


In this work, we presented LCMsec, a new secure brokerless Publish/Subscribe protocol based on UDP multicast. We have

Fig. 9. Performing the group discovery and key agreement protocol with |P| = 0, varying |J| and emulated network delays

added confidentiality, integrity and authenticity to the existing LCM protocol while minimising both overhead and computational complexity. LCMsec can be used in most environments in which LCM is currently used, e.g., IoT, automotive and robotics applications. This has been achieved by using a different threat model than previous work in the domain of multicast authentication. We make no distinction between subscribers and publishers, each subscriber is also allowed to publish messages. However, an attribute-based access control mechanism is available through the use X.509 certificates that grants access only to specific LCMdomains.

LCMsec is decentralised in the sense that there is no need for a central server to broker messages, facilitate key exchanges or discover peers. A discovery mechanism is instead built-in, which facilitates ease-of-use and flexibility. Despite the shared symmetric key, it should be noted that the protocol is scalable in dynamic situations: Through use of the DuttaBarua group key agreement, the number of network interactions when a publisher or subscriber joins a topic is minimised.

This paper is available on arxiv under CC BY 4.0 DEED license.