MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT Brokers
| Autor: | Umberto Morelli, Tahir Ahmad, Silvio Ranise, Paolo Prem, Andrea Palmieri |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
MQTT
business.industry Computer science 010401 analytical chemistry Wearable computer 020206 networking & telecommunications 02 engineering and technology Security awareness Computer security computer.software_genre 01 natural sciences 0104 chemical sciences 0202 electrical engineering electronic engineering information engineering Code (cryptography) Internet of Things business Communications protocol Protocol (object-oriented programming) computer Message queue |
| Zdroj: | SERVICES |
| Popis: | The Internet of Things (IoT) is radically changing the way people live and interact with society: ranging from wearables to smart cities, the number of IoT devices has grown exponentially. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most widely used IoT communication protocols. However, our investigation over publicly available MQTT endpoints confirms an alarming trend, i.e. many do not provide adequate security measures and often rely on the insecure default configuration. To improve the security awareness on the use of MQTT the paper presents MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|