MQTT Security: A Novel Fuzzing Approach
Resumen: The Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities.
Idioma: Inglés
DOI: 10.1155/2018/8261746
Año: 2018
Publicado en: WIRELESS COMMUNICATIONS & MOBILE COMPUTING 2018 (2018), 8261746 [11 pp]
ISSN: 1530-8669

Tipo y forma: Artículo (Versión definitiva)
Área (Departamento): Lenguajes y Sistemas Informáticos (Departamento de Informática e Ingeniería de Sistemas)

Creative Commons Debe reconocer adecuadamente la autoría, proporcionar un enlace a la licencia e indicar si se han realizado cambios. Puede hacerlo de cualquier manera razonable, pero no de una manera que sugiera que tiene el apoyo del licenciador o lo recibe por el uso que hace.

Exportado de SIDERAL (2018-05-08-14:10:16)

Este artículo se encuentra en las siguientes colecciones:
Artículos > Artículos por área > Lenguajes y Sistemas Informáticos

 Registro creado el 2018-05-08, última modificación el 2018-05-08

Versión publicada:
Valore este documento:

Rate this document:
(Sin ninguna reseña)