The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation.

MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers / Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.. - (2019), pp. 47-53. (Intervento presentato al convegno 2019 IEEE World Congress on Services, SERVICES 2019 tenutosi a ita nel 2019) [10.1109/SERVICES.2019.00023].

MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers

Ranise S.;
2019-01-01

Abstract

The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation.
2019
Proceedings - 2019 IEEE World Congress on Services, SERVICES 2019
10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
Institute of Electrical and Electronics Engineers Inc.
978-1-7281-3851-0
Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.
MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers / Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.. - (2019), pp. 47-53. (Intervento presentato al convegno 2019 IEEE World Congress on Services, SERVICES 2019 tenutosi a ita nel 2019) [10.1109/SERVICES.2019.00023].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333060
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 26
  • ???jsp.display-item.citation.isi??? 19
  • OpenAlex ND
social impact