000070261 001__ 70261 000070261 005__ 20200117221655.0 000070261 0247_ $$2doi$$a10.1155/2018/8261746 000070261 0248_ $$2sideral$$a105357 000070261 037__ $$aART-2018-105357 000070261 041__ $$aeng 000070261 100__ $$aHernández Ramos, S. 000070261 245__ $$aMQTT Security: A Novel Fuzzing Approach 000070261 260__ $$c2018 000070261 5060_ $$aAccess copy available to the general public$$fUnrestricted 000070261 5203_ $$aThe Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities. 000070261 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttp://creativecommons.org/licenses/by/3.0/es/ 000070261 590__ $$a1.396$$b2018 000070261 591__ $$aCOMPUTER SCIENCE, INFORMATION SYSTEMS$$b113 / 155 = 0.729$$c2018$$dQ3$$eT3 000070261 591__ $$aENGINEERING, ELECTRICAL & ELECTRONIC$$b186 / 265 = 0.702$$c2018$$dQ3$$eT3 000070261 591__ $$aTELECOMMUNICATIONS$$b67 / 88 = 0.761$$c2018$$dQ4$$eT3 000070261 592__ $$a0.246$$b2018 000070261 593__ $$aComputer Networks and Communications$$c2018$$dQ3 000070261 593__ $$aInformation Systems$$c2018$$dQ3 000070261 593__ $$aElectrical and Electronic Engineering$$c2018$$dQ3 000070261 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion 000070261 700__ $$aVillalba, M.T. 000070261 700__ $$0(orcid)0000-0002-4773-4904$$aLacuesta, R.$$uUniversidad de Zaragoza 000070261 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf. 000070261 773__ $$g2018 (2018), 8261746 [11 pp]$$pWirel. Commun. Mob. Comput.$$tWIRELESS COMMUNICATIONS & MOBILE COMPUTING$$x1530-8669 000070261 8564_ $$s1608475$$uhttps://zaguan.unizar.es/record/70261/files/texto_completo.pdf$$yVersión publicada 000070261 8564_ $$s18355$$uhttps://zaguan.unizar.es/record/70261/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada 000070261 909CO $$ooai:zaguan.unizar.es:70261$$particulos$$pdriver 000070261 951__ $$a2020-01-17-22:11:01 000070261 980__ $$aARTICLE