Visible to the public Attack scenarios and security analysis of MQTT communication protocol in IoT system

TitleAttack scenarios and security analysis of MQTT communication protocol in IoT system
Publication TypeConference Paper
Year of Publication2017
AuthorsAndy, S., Rahardjo, B., Hanindhito, B.
Conference Name2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI)
Keywordsadequate security mechanism, Attack, authentication, communication protocols, computer network security, cryptography, data privacy, Internet of Things, IoT developers, IoT device, IoT system, ISO, MQTT, MQTT communication protocol, MQTT implementation, MQTT protocol, MQTT system, Payloads, Ports (Computers), protocol, Protocols, pubcrawl, Resiliency, Scalability, scenario, security analysis, Security by Default, telecommunication security, Things devices
AbstractVarious communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. This paper discusses several reasons on why there are many IoT system that does not implement adequate security mechanism. Next, it also demonstrates and analyzes how we can attack this protocol easily using several attack scenarios. Finally, after the vulnerabilities of this protocol have been examined, we can improve our security awareness especially in MQTT protocol and then implement security mechanism in our MQTT system to prevent such attack.
Citation Keyandy_attack_2017