MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers

IRIS

The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation.

MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers / Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.. - (2019), pp. 47-53. (Intervento presentato al convegno 2019 IEEE World Congress on Services, SERVICES 2019 tenutosi a ita nel 2019) [10.1109/SERVICES.2019.00023].

MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers

Palmieri A.;Prem P.;Ranise S.;Morelli U.;Ahmad T.

2019-01-01

Abstract

The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2019
		
	Titolo del volume (Proceedings title)
	
			Proceedings - 2019 IEEE World Congress on Services, SERVICES 2019
		
	Luogo di edizione (Place of publication)
	
			10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
		
	Casa editrice (Publisher)
	
			Institute of Electrical and Electronics Engineers Inc.
		
	ISBN
	
			978-1-7281-3851-0
		
	Codice Scopus (Scopus Identifier)
	
			2-s2.0-85072765765
		
	Codice WOS (WOS identifier)
	
			WOS:000556201200008
		
	Tutti gli autori
	
			Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.
		
	Citazione
	
			MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers / Palmieri, A.; Prem, P.; Ranise, S.; Morelli, U.; Ahmad, T.. - (2019), pp. 47-53. (Intervento presentato al  convegno 2019 IEEE World Congress on Services, SERVICES 2019 tenutosi a ita nel 2019) [10.1109/SERVICES.2019.00023].
		
	Appare nelle tipologie:
	
			04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333060

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

22

15

social impact