Preventing MQTT Vulnerabilities Using IoT-Enabled Intrusion Detection System

Muhammad Husnain,Habiba Akram,Khizar Hayat,Enrico Cambiaso,Ubaid U Fayyaz,Syed Ghazanfar Abbas,Maurizio Mongelli,Ghalib A Shah

doi:10.3390/s22020567

Abstract

The advancement in the domain of IoT accelerated the development of new communication technologies such as the Message Queuing Telemetry Transport (MQTT) protocol. Although MQTT servers/brokers are considered the main component of all MQTT-based IoT applications, their openness makes them vulnerable to potential cyber-attacks such as DoS, DDoS, or buffer overflow. As a result of this, an efficient intrusion detection system for MQTT-based applications is still a missing piece of the IoT security context. Unfortunately, existing IDSs do not provide IoT communication protocol support such as MQTT or CoAP to validate crafted or malformed packets for protecting the protocol implementation vulnerabilities of IoT devices. In this paper, we have designed and developed an MQTT parsing engine that can be integrated with network-based IDS as an initial layer for extensive checking against IoT protocol vulnerabilities and improper usage through a rigorous validation of packet fields during the packet-parsing stage. In addition, we evaluate the performance of the proposed solution across different reported vulnerabilities. The experimental results demonstrate the effectiveness of the proposed solution for detecting and preventing the exploitation of vulnerabilities on IoT protocols.

Highlights

We found that a total of 81 Message Queuing Telemetry Transport (MQTT) protocol-related vulnerabilities were reported in National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVE) from April 2014 to December 2021
We performed a set of experiments to validate the effectiveness of the proposed solution for protecting MQTT vulnerabilities in Internet of Things (IoT) devices
We evaluated the performance of the proposed parsing engine for MQTT protocol identification over known and unknown ports traffic

Summary

Introduction

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. The Internet of Things (IoT) is a collection of smart objects connected to the Internet to provide different services for the ease of human beings [1]. IoT introduced many innovative concepts such as smart home, smart city, smart traffic system, smart parking, smart industry, and smart wearable, all of which enhance human life. IoT contributes many novel applications in our daily life, one of its main concerns refers to IoT devices security. Recent cyber-security incidents exposed the security pitfalls and vulnerabilities in IoT devices [2,3,4]

Objectives

Methods

Results

Conclusion