MQTT Security: A Novel Fuzzing Approach
Hernández Ramos, S. ; Villalba, M.T. ; Lacuesta, R. (Universidad de Zaragoza)
Resumen: The Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities.
Idioma: Inglés
DOI: 10.1155/2018/8261746
Año: 2018
Publicado en: WIRELESS COMMUNICATIONS & MOBILE COMPUTING 2018 (2018), 8261746 [11 pp]
ISSN: 1530-8669
Factor impacto JCR: 1.396 (2018)
Categ. JCR: COMPUTER SCIENCE, INFORMATION SYSTEMS rank: 113 / 155 = 0.729 (2018) - Q3 - T3
Categ. JCR: ENGINEERING, ELECTRICAL & ELECTRONIC rank: 186 / 265 = 0.702 (2018) - Q3 - T3
Categ. JCR: TELECOMMUNICATIONS rank: 67 / 88 = 0.761 (2018) - Q4 - T3
Factor impacto SCIMAGO: 0.246 - Computer Networks and Communications (Q3) - Information Systems (Q3) - Electrical and Electronic Engineering (Q3)
Tipo y forma: Article (Published version)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)
You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
Exportado de SIDERAL (2020-01-17-22:11:01)
Visitas y descargas
Idioma: Inglés
DOI: 10.1155/2018/8261746
Año: 2018
Publicado en: WIRELESS COMMUNICATIONS & MOBILE COMPUTING 2018 (2018), 8261746 [11 pp]
ISSN: 1530-8669
Factor impacto JCR: 1.396 (2018)
Categ. JCR: COMPUTER SCIENCE, INFORMATION SYSTEMS rank: 113 / 155 = 0.729 (2018) - Q3 - T3
Categ. JCR: ENGINEERING, ELECTRICAL & ELECTRONIC rank: 186 / 265 = 0.702 (2018) - Q3 - T3
Categ. JCR: TELECOMMUNICATIONS rank: 67 / 88 = 0.761 (2018) - Q4 - T3
Factor impacto SCIMAGO: 0.246 - Computer Networks and Communications (Q3) - Information Systems (Q3) - Electrical and Electronic Engineering (Q3)
Tipo y forma: Article (Published version)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)
You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. Exportado de SIDERAL (2020-01-17-22:11:01)
Permalink:
Visitas y descargas
Este artículo se encuentra en las siguientes colecciones:
Articles
Record created 2018-05-08, last modified 2020-01-17