Cargando…
SlowITe, a Novel Denial of Service Attack Affecting MQTT
Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific we...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7285273/ https://www.ncbi.nlm.nih.gov/pubmed/32455752 http://dx.doi.org/10.3390/s20102932 |
| _version_ | 1783544661992800256 |
|---|---|
| author | Vaccari, Ivan Aiello, Maurizio Cambiaso, Enrico |
| author_facet | Vaccari, Ivan Aiello, Maurizio Cambiaso, Enrico |
| author_sort | Vaccari, Ivan |
| collection | PubMed |
| description | Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources. |
| format | Online Article Text |
| id | pubmed-7285273 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-72852732020-06-15 SlowITe, a Novel Denial of Service Attack Affecting MQTT Vaccari, Ivan Aiello, Maurizio Cambiaso, Enrico Sensors (Basel) Article Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources. MDPI 2020-05-21 /pmc/articles/PMC7285273/ /pubmed/32455752 http://dx.doi.org/10.3390/s20102932 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Vaccari, Ivan Aiello, Maurizio Cambiaso, Enrico SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title | SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title_full | SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title_fullStr | SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title_full_unstemmed | SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title_short | SlowITe, a Novel Denial of Service Attack Affecting MQTT |
| title_sort | slowite, a novel denial of service attack affecting mqtt |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7285273/ https://www.ncbi.nlm.nih.gov/pubmed/32455752 http://dx.doi.org/10.3390/s20102932 |
| work_keys_str_mv | AT vaccariivan slowiteanoveldenialofserviceattackaffectingmqtt AT aiellomaurizio slowiteanoveldenialofserviceattackaffectingmqtt AT cambiasoenrico slowiteanoveldenialofserviceattackaffectingmqtt |