Published: May 4, 2019
The following paper has been accepted at the IEEE SERVICES Workshop on Cyber Security & Resilience in the Internet of Things (IEEE SERVICES CSRIoT 2019):
- Title: MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT brokers
- Author: Andrea Palmieri, Paolo Prem, Silvio Ranise, Umberto Morelli, Tahir Ahmad
- Abstract: The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation.
- DOI: 10.1109/SERVICES.2019.00023
About the workshop
- Name: IEEE SERVICES Workshop on Cyber Security & Resilience in the Internet of Things (IEEE SERVICES CSRIoT 2019)
- Date: from July 08, 2019 to July 13, 2019
- Location: Milan, Italy
- Website: https://conferences.computer.org/services/2019/
