Recent news of massive Distributed Denial of Service (DDoS) attacks being carried out using thousands of Internet of Things (IoT) devices transformed into attack bots are nothing else than a wake-up call for all the actors having a role on the IoT stage. The need to define and establish, as quickly as possible, viable security standards able to cope with the heterogeneous requirements arising from the IoT world is urgent, now more than ever. Maybe even before that, the dissemination of basic knowledge connected with the culture of IT security seems to play a major role in the overall security balance for IoT. Since it is more likely that systems using lightweight devices can be more vulnerable to security attacks, in this paper we start with analyzing MQTT, a message-based communication protocol explicitly designed having low-end devices in mind. After that, we move on to describe some of the security solutions and improvements typically suggested and implemented in real-life deploym ents of MQTT. Finally, we conclude this paper with a concise, though not exhaustive, survey on some of the most promising research topics in the IoT security area.

The Day After Mirai: A Survey on MQTT Security Solutions After the Largest Cyber-attack Carried Out through an Army of IoT Devices

PECORI, RICCARDO;
2017-01-01

Abstract

Recent news of massive Distributed Denial of Service (DDoS) attacks being carried out using thousands of Internet of Things (IoT) devices transformed into attack bots are nothing else than a wake-up call for all the actors having a role on the IoT stage. The need to define and establish, as quickly as possible, viable security standards able to cope with the heterogeneous requirements arising from the IoT world is urgent, now more than ever. Maybe even before that, the dissemination of basic knowledge connected with the culture of IT security seems to play a major role in the overall security balance for IoT. Since it is more likely that systems using lightweight devices can be more vulnerable to security attacks, in this paper we start with analyzing MQTT, a message-based communication protocol explicitly designed having low-end devices in mind. After that, we move on to describe some of the security solutions and improvements typically suggested and implemented in real-life deploym ents of MQTT. Finally, we conclude this paper with a concise, though not exhaustive, survey on some of the most promising research topics in the IoT security area.
2017
978-989-758-245-5
Internet of Things, Security, Access Control, Publish-subscribe, Open Source MQTT Broker
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12070/43838
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 63
  • ???jsp.display-item.citation.isi??? ND
social impact