Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. This paper discusses several reasons on why there are many IoT system that does not implement adequate security mechanism. Next, it also demonstrates and analyzes how we can attack this protocol easily using several attack scenarios. Finally, after the vulnerabilities of this protocol have been examined, we can improve our security awareness especially in MQTT protocol and then implement security mechanism in our MQTT system to prevent such attack. Keywords-attack; MQTT; protocol; scenario I. INTRODUCTION Internet of Things (IoT) or inter-machine communication (M2M) over the internet is a concept that allows communication between devices over the Internet. The number of IoT devices is growing rapidly where Cisco IBSG predicts the number of IoT devices will reach 50 billion by 2020 [1]. Moreover, Gartner predicts, by 2020, the internet of things devices will be made up of 20.4 billion units [2]. IoT plays a major role in smart city implementation like smart home, smart transportation, and smart parking. Nowadays, many protocols are used as a communication protocol in the IoT devices. Five of the most prominent protocols used for IoT is Hypertext Transfer Protocol (HTTP), Constrained Application Protocol (CoAP), Extensible Messaging and Presence Protocol (XMPP), Advanced Message Queuing Protocol (AMQP), and MQ Telemetry Protocol (MQTT) [3]. Some considerations that must be taken into account when we choose the protocol are energy efficiency (total consumed energy for the given execution time), performance (total transmission time it takes to send messages and receive their acknowledgments), resource usage (CPU, RAM, and ROM usage), and reliability (ability to avoid packet loss, i.e. QoS) [4]. Moreover, when advanced functionalities (e.g. message persistence, wills, and exactly once delivery), reliability, and ability to secure multicast message are highly considered, MQTT protocol is one of the best options [5].
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.