Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Lakshminarayana, S.Has files: No

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects
    (Institute of Electrical and Electronics Engineers Inc., 2024) Lakshminarayana, S.; Praseed, A.; Santhi Thilagam, P.S.
    The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology. © 2024 IEEE.
  • No Thumbnail Available
    Item
    Next-Generation DDoS Attacks on IoT Deployments: Targeting the Advanced Features of MQTT v5.0 Protocol
    (Institute of Electrical and Electronics Engineers Inc., 2025) Lakshminarayana, S.; Santhi Thilagam, P.
    Message queuing telemetry transport (MQTT) has emerged as the widely adopted application layer protocol for IoT environments because of its lightweight header, minimal power, and bandwidth requirements. Despite its popularity, the earlier version of the protocol, MQTT v3.1.1, encounters performance issues in large-scale implementations and required an update to handle the growing requirements of modern IoT applications. In response to these concerns, MQTT v5.0 was released with several significant features designed to enhance the reliability, user experience, and performance of IoT systems. While the MQTT protocol features were intended to facilitate robust and efficient communications, adversaries could exploit these features to mount various types of attacks in IoT deployments. More specifically, the Denial-of-Service (DoS) attacks toward the MQTT protocol have recently gained a lot of attention from the research community. However, the existing works primarily focus only on exploring the possibilities of misusing the MQTT v3.1.1 protocol features to generate DoS attacks in IoT realms. In this work, we attempt to extensively investigate the advanced protocol features of MQTT v5.0 that can be exploited to launch DDoS attacks impacting the IoT paradigm. We present the first critical evaluation of Distributed DoS (DDoS) attacks on the MQTT v5.0 protocol by analyzing three significant features: 1) CONNECT properties; 2) user properties; and 3) flow control. Moreover, we systematically propose attack scenarios based on the adversary’s capabilities, thus illustrating the practicality of proposed attacks in real-world scenarios. Furthermore, we built a real-world testbed for IoT healthcare application to evaluate the severity of the identified attacks. The experimental results demonstrate the effectiveness of these attacks in impacting the availability of guaranteed IoT services to legitimate users, even in times of need. Additionally, we disclose the insightful findings of this work as takeaways and present research initiatives toward developing effective defense mechanisms for MQTT v5.0 protocol. We hope that such a discussion could pave the way for future research, contributing to MQTT v5.0 security and resiliency. © 2014 IEEE.