Advanced search
Publication Cover
IETE Journal of Research Volume 69, 2023 - Issue 6
Submit an article Journal homepage
1,850
Views
16
CrossRef citations to date
0
Altmetric
Review Article

MQTT Vulnerabilities, Attack Vectors and Solutions in the Internet of Things (IoT)

Ahmed J. Hintaw1 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Penang, Malaysia;2 Department of Computer Techniques Engineering, Alsafwa University College, Kerbala, IraqView further author information
,
Selvakumar Manickam1 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Penang, MalaysiaCorrespondence[email protected]
View further author information
,
Mohammed Faiz Aboalmaaly2 Department of Computer Techniques Engineering, Alsafwa University College, Kerbala, IraqView further author information
&
Shankar Karuppayah1 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Penang, MalaysiaView further author information
Pages 3368-3397 | Published online: 04 May 2021

REFERENCES

  • K. Rose, S. Eldridge, and C. Lyman, “The internet of things: an overview,” Internet Soc., no. October, p. 53, 2015.
  • I. I. Initiative, et al., “Towards a definition of the internet of things,” IEEE IoT Initiat. white Pap., 2015.
  • Ericsson, “Ericsson mobility report,” 2016. [Online]. Available: http://www.ericsson.com/res/docs/2016/ericssonmobility-report-2016.pdf. Accessed Sept. 2, 2018.
  • S. M. R. Islam, D. Kwak, H. Kabir, M. Hossain, and K.-S. Kwak, “The internet of things for health care: a comprehensive survey,” IEEE. Access., Vol. 3, pp. 678–708, 2015.
  • M. Miller. The Internet of Things: How Smart TVs, Smart Cars, Smart Homes, and Smart Cities are Changing the World. Indiana, USA: Que Publishing Incorporation, 2015.
  • M. Dunn, “The next generation of smart fridges,” 2017, [Online]. Available: http://www.news.com.au/technology/gadgets/the-next-generationof-smart-fridges/news-story/7b75572b8cfbe90432754c8b76abc017. Accessed Sept. 2, 2018.
  • A. Rajput, “Smart cctv and the internet of things: 2016 trends and predictions,” 2016. [Online]. Available: https://www.ifsecglobal.com/smartcctv-and-the-internet-of-things-2016-trends-and-predications/. Accessed Sept. 2, 2018.
  • T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the IP-based Internet of things,” Wirel. Pers. Commun, Vol. 61, no. 3, pp. 527–542, 2011.
  • S. Li, L. Da Xu, and S. Zhao, “The internet of things: a survey,” Inf. Syst. Front, Vol. 17, no. 2, pp. 243–259, 2015.
  • A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of 52nd Annual Design Automation Conference – DAC ‘15, 2015, pp. 1–6.
  • J. T. J. Penttinen. Wireless Communications Security: Solutions for the Internet of Things. Chichester, UK.: Wiley, 2016.
  • securityaffairs, “Bashlite botnets peaked 1 million internet of thing devices,” 2016. [Online]. Available: http://securityaffairs.co/wordpress/50824/iot/bashlite-botnets.html. Accessed Sept. 2, 2018.
  • B. Krebs, “Krebsonsecurity hit with record ddos,” 2016. [Online]. Available: https://krebsonsecurity.com/2016/09/krebsonsecurityhit-with-record-ddos/. Accessed Sept. 2, 2018.
  • FPAnalyst, “Attack of things!,” 2016. [Online]. Available: https://www.flashpoint-intel.com/attack-of-things/. Accessed Sept. 2, 2018.
  • kerneronsec, “Remote code execution in cctv-dvr affecting over 70 different vendors,” 2016. [Online]. Available: http://www.kerneronsec.com/2016/02/remote-code-execution-incctv-dvrs-of.html. Accessed Sept. 2, 2018.
  • ProofPoint, “More than 750,000 phishing and spam emails launched from ‘thingbots’ including televisions, fridge,” 2014. [Online]. Available http://investors.proofpoint.com/releasedetail.cfm?releaseid=819799. Accessed Sept. 2, 2018.
  • M. Charlie, and C. Valasek, “A survey of remote automotive attack surfaces,” 2014. [Online]. Available http://www.ioactive.com/pdfs/IOActive Remote Attack Surfaces.pdf. Accessed Sept. 2, 2018.
  • Cisco, “Securing the internet of things: a proposed framework,” 2012 [Online]. Available: http://www.cisco.com/c/en/us/about/securitycenter/Secur. Accessed Sept. 2, 2018.
  • A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, & M. Ayyash (2015), “Internet of things: A survey on enabling technologies, protocols, and applications,” IEEE communications surveys & tutorials, Vol. 17, no. 4, pp. 2347–2376.
  • A. Niruntasukrat, C. Issariyapat, P. Pongpaibool, K. Meesublak, P. Aiumsupucgul, and A. Panya, “Authorization mechanism for mqtt-based internet of things,” in 2016 IEEE International Conference on Communications Workshops (ICC), 2016, pp. 290–295.
  • B. Dorsemaine, J. P. Gaulier, J. P. Wary, N. Kheir, and P. Urien, “A new approach to investigate IoT threats based on a four layer model,” in 13th International Conference on New Technologies for Distributed Systems NOTERE 2016 – Proceedings, no. Notere, 2016.
  • G. Perrone, M. Vecchio, R. Pecori, and R. Giaffreda, “The day after mirai: a survey on MQTT security solutions after the largest cyber-attack carried out through an army of IoT devices,” in IoTBDS 2017 – Proceedigs of 2nd International Conference on Internet Things, Big Data Security, no. January, 2017, pp. 246–253.
  • S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks,” IEEE Commun. Surv. Tutorials, Vol. 15, no. 4, pp. 2046–2069, 2013.
  • S. Andy, B. Rahardjo, and B. Hanindhito, “Attack scenarios and security analysis of MQTT communication protocol in IoT system,” in International Conference on Electrical Engineering, Computer Science and Informatics, Vol. 2017-Decem, no. September, 2017, pp. 19–21.
  • G. Perrone, M. Vecchio, R. Pecori, and R. Giaffreda, “The day after mirai: a survey on MQTT security solutions after the largest cyber-attack carried out through an army of IoT devices,” in IoTBDS 2017 – Proceedings of the 2nd International Conference Internet Things, Big Data Security, no. IoTBDS, 2017, pp. 246–253.
  • M. B. Yassein, M. Q. Shatnawi, S. Aljwarneh, and R. Al-Hatmi, “Internet of things: survey and open issues of MQTT protocol,” in Proceedings – 2017 International Conference on Engineering MIS, ICEMIS 2017, vol. 2018-January, 2018, pp. 1–6.
  • M. S. Harsha, B. M. Bhavani, and K. R. Kundhavai, “Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs,” in 2018 International Conference on Advances in Computing, Communications And Informatics, ICACCI 2018, 2018, pp. 2244–2250.
  • G. Potrino, F. De Rango, and A. F. Santamaria, “Modeling and evaluation of a new IoT security system for mitigating DoS attacks to the MQTT broker,” IEEE Wirel. Commun. Netw. Conf. WCNC, Vol. 2019-April, pp. 1–6, 2019.
  • D. Dinculeană, and X. Cheng, “Vulnerabilities and limitations of MQTT protocol used between IoT devices,” Appl. Sci, Vol. 9, no. 5, p. 848, 2019.
  • A. Lakshmanan, “Literature Review on the latest security & the vulnerability of the Internet of Things (IoT) & a Proposal to Overcome,” no. April, 2020.
  • R. Da Paz, A. Sehovic, D. M. Cook, and L. Armstrong, “A novel approach to resource Starvation attacks on message queuing telemetry transport brokers,” pp. 150–154, 2020.
  • T. Borgohain, U. Kumar, and S. Sanyal, “Survey of security and privacy issues of internet of things,” arXiv Prepr. arXiv1501.02211, p. 7, 2015.
  • H. Zhou. The Internet of Things in the Cloud: A Middleware Perspective, 1st ed. Boca Raton, FL: CRC Press, 2012.
  • M. Hossain, M. Fotouhi, and R. Hasan, “Towards an analysis of security issues, challenges, and open problems in the Internet of things,” in 2015 IEEE World Congress on Services, 2015, pp. 1–8.
  • S. Singh, and N. Singh, “Internet of things (IoT): security challenges, business opportunities & reference architecture for E-commerce,” in 2015 International Conference on Green Computing and Internet Things (ICGCIoT), 2015, pp. 1577–1581.
  • P. P. Ray, “A survey on Internet of Things architectures,” J. King Saud Univ. – Comput. Inf. Sci., Vol. 30, no. 3, pp. 291–319, 2018.
  • G. Enabler, “Market pulse report, internet of things (IOT). Discover key trends and insights on disruptive technologies in IOT innovations.” 2017.
  • M. S. Report, “Industrial IoT (IIoT) Market Size & Forecast to 2026.” 2019.
  • Q. Gou, L. Yan, Y. Liu, and Y. Li, “Construction and strategies in IoT security system,” in Proceedings of the 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing. GreenCom-IThings-CPSCom 2013, 2013, pp. 1129–1132.
  • Y. Wang, and X. Zhang. Internet of things: international workshop, IOT 2012, Changsha, China, August 17–19, 2012. Proceedings, Vol. 312. Springer, 2012.
  • B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, “Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology,” IoT, Vol. 11, p. 100227, 2020.
  • V. Casola, A. De Benedictis, A. Riccio, D. Rivera, W. Mallouli, and E. M. de Oca, “A security monitoring system for internet of things,” IoT, Vol. 7, p. 100080, 2019.
  • A. Al-Hasnawi, S. M. Carr, and A. Gupta, “Fog-based local and remote policy enforcement for preserving data privacy in the internet of things,” IoT, Vol. 7, p. 100069, 2019.
  • S. Siboni, V. Sachidananda, Y. Meidan, M. Bohadana, Y. Mathov, S. Bhairav, A. Shabtai, Y. Elovici, “Security testbed for internet-of-things devices,” IEEE Trans. Reliab., Vol. 68, no. 1, pp. 23–44, 2019.
  • K. C. Chen, and S. Y. Lien, “Machine-to-machine communications: technologies and challenges,” Ad. Hoc. Netw., Vol. 18, pp. 3–23, 2014.
  • R. Nawaratne, D. Alahakoon, D. De Silva, P. Chhetri, and N. Chilamkurti, “Self-evolving intelligent algorithms for facilitating data interoperability in IoT environments,” Futur. Gener. Comput. Syst, Vol. 86, no. 2018, pp. 421–432, 2018.
  • M. R. Hosenkhan, and B. K. Pattanayak, “Security issues in internet of things (IoT): a comprehensive review,” Adv. Intell. Syst. Comput., Vol. 1030, no. 4, pp. 359–369, 2020.
  • I. Butun, P. Osterberg, and M. Gidlund, “Preserving location privacy in Cyber-Physical systems,” in 2019 IEEE Conference on Communications and Network Security. CNS 2019, 2019, pp. 1–6.
  • I. Butun, and M. Gidlund, “Location privacy assured internet of things,” in ICISSP 2019 – Proceedings of the 5th International Conference Information Systems Security and Privacy, no. Icissp 2019, 2019, pp. 623–630.
  • K. Zhao, and L. Ge, “A survey on the internet of things security,” in Proceedings– of the 9th International Conference on Computational Intelligence and Security (CIS) 2013, 2013, pp. 663–667.
  • H. Upadhyay, H. B. Patel, and T. Sherasiya, “A survey: intrusion detection system for Internet of things,” Int. J. Comput. Sci. Eng., Vol. 5, no. 2, pp. 91–98, 2016.
  • T. Zhang, and X. Li, “Evaluating and analyzing the performance of RPL in contiki,” in Proceedings of the First International Workshop on Mobile Sensing, Computing and Communication – MSCC ‘14, 2014, pp. 19–24.
  • “Top IoT Vulnerabilities.” [Online]. Available: https://www.owasp.org/index.php/Top_%0AIoT_Vulnerabilities. Accessed Mar. 4, 2020.
  • C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer (Long. Beach. Calif.), Vol. 50, no. 7, pp. 80–84, 2017.
  • A. Mosenia, and N. K. Jha, “A comprehensive study of security of internet-of-things,” IEEE Trans. Emerg. Top. Comput., Vol. 5, no. 4, pp. 586–602, 2017.
  • Y. Cherdantseva, and J. Hilton, “A reference model of information assurance & security. availability, reliability and security (ARES),” in Proceeding of the 18th International Conference, 2013, pp. 1–11.
  • OASIS, “Devices profile for web services version 1. 1,” OASIS Mai, no. July, pp. 1–43, 2009.
  • R. Chinnici, J.-J. Moreau, A. Ryman, and S. Weerawarana, “Web services description language (wsdl) version 2.0 part 1: core language,” W3C Recomm., Vol. 26, no. 1, p. 19, 2007.
  • D. Box, et al., “Simple object access protocol (SOAP) 1.1,” 2000. [Online]. Available: https://www.w3.org/TR/2000/NOTE-SOAP-20000508/. Accessed Feb. 3, 2021.
  • T. Cucinotta, A. Mancina, G.F. Anastasi, G. Lipari, L. Mangeruca, R. Checcozzo, and F. Rusina, “A real-time service-oriented architecture for industrial automation,” IEEE Trans. Ind. Inform., Vol. 5, no. 3, pp. 267–277, 2009.
  • P. Spiess, et al., “Soa-based integration of the internet of things in enterprise services,” in 2009 IEEE International Conference on Web Services ICWS 2009, 2009, pp. 968–975.
  • P. Saint-Andre, “Extensible messaging and presence protocol (XMPP): Core,” 2011.
  • IETF, “DNS-based service discovery,” IETF, Internet-Draft, Des. 2011. [Online]. Available https://tools.ietf.org/html/draft-cheshire-dnsext-dns-sd-11. Accessed Sept. 2, 2018.
  • S. Cheshire, and M. Krochmal, “Multicast DNS,” IETF, Internet-Draft, Des. 2011. [Online]. Available https://tools.ietf.org/html/draft-cheshire-dnsext-multicastdns-15. Accessed Sept. 2, 2018.
  • Z. Shelby, K. Hartke, and C. Bormann, “The Constrained Application Protocol (CoAP),” pp. 1–112, 2014.
  • S. Raza, H. Shafagh, K. Hewage, R. Hummen, T. Voigt, “Lithe: lightweight secure CoAP for the internet of things,” IEEE Sens. J., Vol. 13, no. 10, pp. 3711–3720, 2013.
  • T. A. Alghamdi, A. Lasebae, and M. Aiash, “Security analysis of the Constrained Application Protocol in the Internet of things security analysis of the Constrained Application Protocol in the Internet of things,” in 2013 Second International Conference on Future Generation Communication Technology (FGCT), no. November, 2013, pp. 163–168.
  • IBM and Eurotech, “MQTT v3.1ProtocolSpecification,” 1999. [Online]. Available: http://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html. Accessed Sept. 2, 2018.
  • O. Standard, “MQTT version 3.1. 1,” URL http://docs. oasis-open. org/mqtt/mqtt/v3, vol. 1, 2014.
  • D. Chen, and P. K. Varshney, “QoS support in Wireless sensor networks: A survey,” in International Conference on Wireless Networks, (ICWN ‘04), Las Vegas, Vol. 13244, 2004, pp. 227–233.
  • M. HiveMQ Enterprise, “Broker, ‘MQTT security fundamentals: TLS/SSL,’” 2015. [Online]. Available: http://www.hivemq.com/blog/mqtt-security-fundamentalstls-ssl Accessed Sept. 2, 2018.
  • I. Skerrett, “IoT Developer Survey 2016,” Eclipse IoT Work. Group, IEEE IoT Agil. IoT, 2016.
  • ISO/IEC and 20922 2016, “MQTT v3.1.1,” 2016. [Online] Available: https://www.iso.org/standard/69466.html. Accessed Sept. 2, 2020.
  • V. Lampkin, et al. Building smarter planet solutions with MQTT and IBM websphere MQ telemetry. IBM Redbooks, 2012.
  • M. Singh, M. A. Rajan, V. L. Shivraj, and P. Balamuralidhar, “Secure MQTT for internet of things (iot),” in 2015 Fifth International Conference on Communication Systems and Network Technologies (CSNT), 2015, pp. 746–751.
  • V. Karagiannis, P. Chatzimisios, F. Vazquez-Gallego, and J. Alonso-Zarate, “A survey on application layer protocols for the internet of things,” Trans. IoT Cloud Comput., Vol. 3, no. 1, pp. 11–17, 2015.
  • N. De Caro, W. Colitti, K. Steenhaut, G. Mangino, and G. Reali, “Comparison of two lightweight protocols for smartphone-based sensing,” in IEEE SCVT 2013 – Proceedings of the 20th IEEE Symposium on Communications and Vehicular Technology in the BeNeLux, 2013, pp. 0–5.
  • K. Fysarakis, I. Askoxylakis, O. Soultatos, I. Papaefstathiou, C. Manifavas, and V. Katos, “Which IoT protocol?,” in 2016 IEEE Global Communications Conference, 2016.
  • D. Thangavel, X. Ma, A. Valera, H. X. Tan, and C. K. Y. Tan, “Performance evaluation of MQTT and CoAP via a common middleware,” in IEEE ISSNIP 2014 – 2014 IEEE 9th International Conference on Intelligent Sensors, Sensor Networks and Information Process, no. April, 2014, pp. 21–24.
  • L. Dürkop, B. Czybik, and J. Jasperneite, “Performance evaluation of M2M protocols over cellular networks in a lab environment.,” {Icin}, pp. 70–75, 2015.
  • M. Collina, G. E. Corazza, and A. Vanelli-Coralli, “Introducing the QEST broker: scaling the IoT by bridging MQTT and REST,” in IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), 2012, pp. 36–41.
  • S. M. Kim, H. S. Choi, and W. S. Rhee, “Iot home gateway for auto-configuration and management of MQTT devices,” in 2015 IEEE Conference on Wireless Sensors, ICWiSE 2015, 2016, pp. 12–17.
  • P. Papageorgas, D. Piromalis, T. Iliopoulou, K. Agavanakis, M. Barbarosou, K. Prekas, and K. Antonakoglou, “Wireless sensor networking architecture of polytropon: An open source scalable platform for the smart grid,” Energy Procedia, Vol. 50, pp. 270–276, 2014.
  • J. E. Luzuriaga, J. C. Cano, C. Calafate, P. Manzoni, M. Perez, and P. Boronat, “Handling mobility in IoT applications using the MQTT protocol,” in 2015 Internet Technologies and Applications ITA 2015 – Proceedings of the 6th International Conference, 2015, pp. 245–250.
  • Y. F. Gomes, D. F. S. Santos, H. O. Almeida, and A. Perkusich, “Integrating MQTT and ISO / IEEE 11073 for health information sharing in the internet of things,” in 2015 IEEE International Conference on Consumer Electronics, 2015, pp. 200–201.
  • J. J. Anthraper, and J. Kotak, “Security, Privacy and Forensic Concern of MQTT Protocol,” SSRN Electron. J., no. December, 2019.
  • R. Neisse, G. Steri, and G. Baldini, “Enforcement of security policy rules for the internet of things,” in 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2014, pp. 165–172.
  • A. W. Atamli, and A. Martin, “Threat-based security analysis for the internet of things,” in 2014 International Workshop on Secure Internet of Things (SIoT), 2014, pp. 35–43.
  • SecurityCompass, “Publish-subscribe threat modeling,” [Online]. Available: https://blog.securitycompass.com/publish-subscribe-threatmodeling-11add54f1d07%.w5(9zfbr7, 2016.
  • Y. Abed, and G. Boivin, “Treatment of respiratory virus infections,” Antiviral Res., Vol. 70, no. 2, pp. 1–16, 2006.
  • J. Kotak, A. Shah, A. Shah, and P. Rajdev, “A comparative analysis on security of MQTT brokers,” In 2nd Smart Cities Symposium (SCS 2019). pp. 1–5. IET, 2019.
  • M. University, “The Five-Layer TCP/IP Model: Description/Attacks/Defense – Computing and Software Wiki,” 2008.
  • O. Zheng, J. Poon, and K. Beznosov, “Application-based TCP hijacking,” in Proceedings of the 2nd European Workshop on System Security EUROSEC’09, 2009, pp. 9–15.
  • D. Moore, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” Proc. 10th USENIX Secur. Symp., vol. 24, no. 2, pp. 115–139, 2001.
  • K. Lam, D. LeBlanc, and B. Smith, “Theft on the web: prevent session hijacking.” 2005.
  • S. Kumarasamy, and G. A. Shankar, “An Active Defense Mechanism for TCP SYN flooding attacks,” arXiv.org, pp. 1–6, 2012.
  • Incapsula, “What is an IP Fragmentation Attack (Teardrop ICMPUDP) — DDoS Attack Glossary — Incapsula”.
  • T. Jaffey, “MQTT and CoAP, IoT Protocols,Eclipse Newsletter,” 2014.
  • S. Jucker, “Master’s thesis securing the constrained application protocol by Stefan Jucker,” no. October, pp. 1–103, 2012.
  • A. J. Hintaw, S. Manickam, S. Karuppayah, and M. F. Aboalmaaly, “A brief review on MQTT’s security issues within the internet of things (IoT),” J. Commun., Vol. 14, no. 6, pp. 463–469, 2019.
  • M. Marlinspike, “Sslstrip,Thoughtcrime Labs,” [Online]. Available: http://www.thoughtcrime.org/software/sslstrip/ (2009). Accessed Oct. 2011.
  • M. S. Bernard, T. Pei, and K. Nasser, “QoS strategies for wireless multimedia sensor networks in the context of IoT at the MAC layer, application layer, and cross-layer algorithms,” J. Comput. Networks Commun., Vol. 2019, pp. 1–33, 2019.
  • T. D. Juliano Rizzo, “Browser exploit against SSL/TLS packet storm,” 2011. [Online]. Available: https://packetstormsecurity.com/files/105499/Browser-Exploit-Against-SSL-TLS.html. Accessed Nov. 24, 2020.
  • N. Mavrogiannopoulos, F. Vercauteren, V. Velichkov, and B. Preneel, “A cross-protocol attack on the TLS protocol,” in Proceedings of the ACM Conference on Computer and Communications Security, 2012, pp. 62–72.
  • V. Klíma, O. Pokorný, and T. Rosa, “LNCS 2779 – attacking RSA-based sessions in SSL/TLS,” Int. Work. Cryptogr. Hardw. Embed. Syst., Vol. 2779, pp. 426–440, 2003.
  • Y. Sheffer, R. Holz, and P. Saint-Andre, “Summarizing known attacks on transport layer security (tls) and datagram tls (dtls),” 2015.
  • N. J. AlFardan, and K. G. Paterson, “Lucky thirteen: breaking the TLS and DTLS record protocols,” in Proceedings of the IEEE Symposium on Security and Privacy, 2013, pp. 526–540.
  • M. Wang, “Understanding security flaws of IoT protocols through honeypot technologies.” Master of Science), Delft University of Technology, Netherlands. Retrieved∼ … , 2017.
  • H. Wong, “Man-in-the-Middle attacks on MQTT-based IoT using BERT based adversarial message generation,” pp. 1–6.
  • S. N. Swamy, D. Jadhav, and N. Kulkarni, “Security threats in the application layer in IOT applications,” in Proc. Int. Conf. IoT Soc. Mobile, Anal. Cloud, I-SMAC 2017, 2017, pp. 477–480.
  • G. Nebbione, and M. C. Calzarossa, “Security of IoT application layer protocols: challenges and findings,” Futur. Internet, Vol. 12, no. 3, pp. 1–20, 2020.
  • M. Roland, J. Langer, and J. Scharinger, “Practical attack scenarios on secure element-enabled mobile devices,” in 2012 4th International Workshop on Near Field Communication, 2012, pp. 19–24.
  • F. De Rango, G. Potrino, M. Tropea, and P. Fazio, “Energy-aware dynamic internet of things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks,” Pervasive Mob. Comput., Vol. 61, p. 101105, 2020.
  • C. Rong, S. T. Nguyen, and M. G. Jaatun, “Beyond lightning: a survey on security challenges in cloud computing,” Comput. Electr. Eng., Vol. 39, no. 1, pp. 47–54, 2013.
  • N. Kaaniche, and M. Laurent, “Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms,” Comput. Commun., Vol. 111, pp. 120–141, 2017.
  • C. Chandra, “Data loss vs. data leakage prevention what’s the difference,” 2017. [Online]. Available: https://blogs.informatica.com/2017/05/03/data-loss-vs-data-leakage-prevention-whats-difference/%:~:text=Data%20Loss%20Prevention,-I%20had%20thought&text=In%20a%20data%20loss%2C%20the,are%20usually%20systems%20of%20records. Accessed Feb. 03, 2021.
  • T. Authors, C. C. By-nc-nd, and C. P. Chairs, Available: www.sciencedirect.com, vol. 9, pp. 1–8, 2020.
  • C. S. Alliance, “Top threats to cloud computing V1.0.” 2010. Available: https://ioactive.com/wp-content/uploads/2018/05/csathreats.v1.0-1.pdf. Accessed Feb. 5, 2021.
  • W. Dawoud, I. Takouna, and C. Meinel, “Infrastructure as a service security: challenges and solutions,” in INFOS2010 – 2010 7th International Conference on Informatics and Systems, 2010.
  • P. Gallo, U. Q. Nguyen, G. Barone, and P. Van Hien, “Decymo: decentralized Cyber-Physical system for monitoring and Controlling industries and homes,” in IEEE 4th International Forum on Research and Technology for Society and Industry (RTSI 2018), 2018.
  • W. A. Jansen, “Cloud hooks: security and privacy issues in cloud computing,” in 2011 44th Hawaii International Conference on System Sciences, 2011, pp. 1–10.
  • B. Grobauer, T. Walloschek, and E. Stocker, “Understanding cloud computing vulnerabilities,” IEEE Secur. Priv., Vol. 9, no. 2, pp. 50–57, 2011.
  • H. F. Atlam, A. Alenezi, A. Alharthi, R. J. Walters, and G. B. Wills, “Integration of cloud computing with internet of things: Challenges and open issues,” Proc. – 2017 IEEE Int. Conf. Internet Things, IEEE Green Comput. Commun. IEEE Cyber, Phys. Soc. Comput. IEEE Smart Data, iThings-GreenCom-CPSCom-SmartData 2017, vol. 2018-Janua, pp. 670–675, 2018.
  • J. W. Rittinghouse, and J. F. Ransome. Cloud Computing: Implementation, Management, and security. Boca Raton, NW, USA: CRC Press, 2016.
  • K. Jackson, “Hacker’s Choice Top Six Database Attacks,” 2008. [Online]. Available: https://www.darkreading.com/risk/hackers-choice-top-six-database-attacks/d/d-id/1129481. Accessed Feb. 3, 2021.
  • I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso, “MQTTset, a new dataset for machine learning techniques on MQTT,” Sensors (Switzerland), Vol. 20, no. 22, pp. 1–17, 2020.
  • M. Stevens, A. Lenstra, and B. De Weger, “Chosen-prefix collisions for MD5 and colliding X. 509 certificates for different identities,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2007, pp. 1–22.
  • C. S. Alliance, “Data Loss Prevention,” 2012. [Online]. Available: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_2_DLP_Implementation_Guidance.pdf?_ga=2.263928460.1471820541.1606222125-441287358.1606222125. Accessed Feb 3, 2021.
  • S. Chandna, R. Singh, and F. Akhtar, “Data scavenging threat in cloud computing,” Int. J. Adv. Comput. Sci. Cloud Comput., Vol. 2, no. 2, pp. 106–111, 2014.
  • N. P. Smart, and F. Vercauteren, “Public key cryptography – PKC 2010,” Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), Vol. 6056, pp. 420–443, 2010.
  • SYBASE, “Dynamic credentia,” 2011. [Online]. Available: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01218.0200/doc/html/vhu1249594001338.html. Accessed Feb. 3, 2021.
  • Tenable, “Tenable.io web application scanning — tenable,” 2020. [Online]. Available: https://www.tenable.com/products/tenable-io/web-application-scanning. Accessed Feb. 3, 2021.
  • “VNSS: A NETWORK SECURITY SANDBOX FOR VIRTUAL COMPUTING ENVIRONMENT Gao Xiaopeng, Wang Sumei, Chen Xianqin State Key Laboratory of Software Development Environment BeiHang University,” 2010.
  • Webopedia, “PALM,” 2021. [Online]. Available: https://webopedia.dev.wordpress.relay.cool/2020/10/13/palm-inc/. Accessed Feb. 3, 2021.
  • E. Z. Goodnight, “What Is SHAttered SHA-1 Collision Attacks, Explained,” 2017. [Online]. Available: https://www.howtogeek.com/238705/what-is-sha-1-and-why-will-retiring-it-kick-thousands-off-theinternet/#:∼:text=The%20SHA%20in%20SHA%2D1,important%20transmissions%20on%20the%20internet. Accessed Feb. 3, 2021.
  • A. VAULT, “Brute Force Attack Mitigation Methods & Best Practices.” 2016.
  • Infodox, “Hydra IRC bot, the 25 min overview of the kit,” 2011. [Online]. Available: source: http://insecurety.net/?p=90. Accessed Nov. 20, 2020.
  • M. Janus, “Heads of the Hydra. Malware for Network Devices,” 2011. [Online]. Available: https://securelist.com/heads-of-the-hydra-malware-for-network-devices/36396/. Accessed Nov. 10, 2020.
  • Psyb0t, “In Wikipedia,” 2013. [Online]. Available: https://en.wikipedia.org/wiki/Psyb0t. Accessed Nov. 10, 2020.
  • R. McMillan, “Chuck Norris botnet karate-chops routers hard,” 2010. [Online]. Available: https://www.computerworld.com/article/2521061/chuck-norris-botnet-karate-chops-routers-hard.html. Accessed Nov. 10, 2020.
  • Fitsec, “New piece of malicious code infecting routers and IPTV’s,” 2012. [Online]. Available: http://www.fitsec.com/blog/index.php/2012/02/19/new-piece-of-malicious-codeinfecting-routers-and-iptvs/. Accessed Nov. 10, 2020.
  • F. Fazzi, “LightAidra Source Code on GitHub,” 2012. [Online]. Available: https://github.com/eurialo/lightaidra. Accessed Feb. 3, 2021.
  • Anonymous, “Internet census 2012 Port scanning /0 using insecure embedded devices,” 2012. [Online]. Available: https://internetcensus2012.github.io/InternetCensus2012/paper.html. Accessed Nov. 10, 2020.
  • J. Cowan, “Linux.Darlloz,” 2014. [Online]. Available: https://www.iot-now.com/2014/03/26/19228-symantec-finds-new-variant-linux-darlloz-worm-targets-internet-things/. Accessed Nov. 10, 2020.
  • K. Hayashi, “IoT worm used to mine cryptocurrency,” 2014. [Online]. Available: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=00fcdbad-954d-42ff-af50-4d74001bdcbb&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments. Accessed Nov. 10, 2020.
  • M. Ballano, “Is there an internet-of-things vigilante out there,” 2015. [Online]. Available: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ef23b297-5cc6-4c4a-b2e7-ff41635965fe&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments. Accessed Nov. 10, 2020.
  • J. Ullrich, “Linksys Worm (TheMoon) captured,” 2014. [Online]. Available: https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Captured/17630. Accessed Nov. 10, 2020.
  • Akamai, “Spike DDoS toolkit,” 2014. [Online]. Available: https://www.akamai.com/fr/fr/multimedia/documents/state-of-the-internet/spike-ddos-toolkit-threat-advisory.pdf. Accessed Nov. 10, 2020.
  • T. Spring, K. Carpenter, and M. Mimoso, “Bashlite family of malware infects 1 million iot devices,” Threat Post, 2016.
  • P. Paganini, “The Linux Remaiten malware is building a Botnet of IoT devices,” 2016. [Online]. Available: http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html. Accessed Nov. 10, 2020.
  • E. IRGC, “Governing cybersecurity risks and benefits of the internet of things: connected medical & health devices and connected vehicles,” 2017. Hentet fra https://irgc.org/wp-content/uploads/2018/09/IRGC.-2017.-Cybersecurity-in-the-IoT.-Workshop-report.pdf.
  • M. Abomhara, and G.M. Køien, “Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks,” J. Cyber Secur. Mobil., Vol. 4, no. 1, pp. 65–88, 2015.
  • J. Cochran, “The Wirex Botnet,” 2018. [Online]. Available: https://blog.cloudflare.com/the-wirex-botnet/. Accessed Nov. 20, 2020.
  • “The reaper IoT botnet has already infected A Mil- lion networks,” 2017. [Online]. Available: https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/. Accessed Nov. 10, 2020.
  • Smith, “New Vicious Torii IoT Botnet Discovered,” 2018. [Online]. Available: https://www.csoonline.com/article/3310222/new-vicious-torii-iot-botnet-discovered.html. Accessed Nov. 10, 2020.
  • “Alert (TA18-331A) 3ve—Major online Ad Fraud operation,” 2018. [Online]. Available: https://us-cert.cisa.gov/ncas/alerts/TA18-331A. Accessed Nov. 10, 2020.
  • Microsoft Azure, “Internet of Things security architecture,” 2017. Available: Microsoft Azur. https://docs.microsoft.com/enus/Azur. Accessed Sept. 2, 2018.
  • A. Kliarsky, and K. Leune, “Detecting attacks against the internet of things,” SANS Inst. Inf. Secur. Read. Room, 2017.
  • A. Shalaginov, O. Semeniuta, and M. Alazab, “MEML: resource-aware MQTT-based machine learning for network attacks detection on IoT edge devices,” in UCC 2019 Companion: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion, 2019, pp. 123–128.
  • E. Ciklabakkal, A. Donmez, M. Erdemir, E. Suren, M. K. Yilmaz, and P. Angin, “ARTEMIS: An intrusion detection system for MQTT attacks in internet of things,” in Proceedings of the IEEE Symposium on Reliable Distributed Systems, 2019, pp. 369–371.
  • N. F. Syed, Z. Baig, A. Ibrahim, and C. Valli, “Denial of service attack detection through machine learning for the IoT,” J. Inf. Telecommun., Vol. 4, no. 4, pp. 482–503, 2020. DOI: 10.1080/24751839.2020.1767484
  • H. Alaiz-Moreton, J. Aveleira-Mata, J. Ondicol-Garcia, A. L. Muñoz-Castañeda, I. García, and C. Benavides, “Multiclass classification procedure for detecting attacks on MQTT-IoT protocol,” Complexity, Vol. 2019, pp. 1–11, 2019.
  • F. Buccafurri, V. De Angelis, and R. Nardone, “Securing MQTT by blockchain-based otp authentication,” Sensors (Switzerland), Vol. 20, no. 7, pp. 2002, 2020.
  • F. Buccafurri, and C. Romolo, “A blockchain-based OTP-authentication scheme for constrainded IoT devices using MQTT,” in ACM International Conference Proceeding Series, 2019.
  • A. E. Guerrero-Sanchez, E. A. Rivas-Araiza, J. L. Gonzalez-Cordoba, M. Toledano-Ayala, and A. Takacs, “Blockchain mechanism and symmetric encryption in a wireless sensor network,” Sensors (Switzerland), Vol. 20, no. 10, p. 2798, 2020.
  • M. Katende, “Combining MQTT and Blockchain to improve data security,” in 3rd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), 2020.
  • T. A. Ahanger, “Defense scheme to protect IoT from cyber attacks using AI principles,” Int. J. Comput. Commun. Control, Vol. 13, no. 6, pp. 915–926, 2018.
  • S. Hernández Ramos, M. T. Villalba, and R. Lacuesta, “MQTT security: a novel fuzzing approach,” Wirel. Commun. Mob. Comput., Vol. 2018, pp. 1–11, 2018.
  • H. HaddadPajouh, R. Khayami, A. Dehghantanha, K. K. R. Choo, and R. M. Parizi, “AI4SAFE-IoT: an AI-powered secure architecture for edge layer of internet of things,” Neural Comput. Appl., Vol. 32, no. 20, pp. 16119–16133, 2020.
  • P. C. Kocher, and T. Dierks, “The TLS Protocol Version 1.0,” 1996.
  • S. Katsikeas, “A lightweight and secure MQTT implementation for Wireless Sensor Nodes,” Tech. Univ. Crete, 2016.
  • A. Mektoubi, H. L. Hassani, H. Belhadaoui, M. Rifi, and A. Zakari, “New approach for securing communication over MQTT protocol A comparaison between RSA and elliptic curve,” in Proceedings of the 2016 3rd International Conference on Systems of Collaboration (SysCo), 2016, vol. 0, 2017.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.