Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Application Layer

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers
    (Institute of Electrical and Electronics Engineers Inc., 2020) Praseed, A.; Santhi Thilagam, P.
    Distributed Denial of Service (DDoS) attacks using the HTTP protocol have started gaining popularity in recent years. A recent trend in this direction has been the use of computationally expensive requests to launch attacks. These attacks, called Asymmetric Workload attacks can bring down servers using limited resources, and are extremely difficult to detect. The introduction of HTTP/2 has been welcomed by developers because it improves user experience and efficiency. This was made possible by the ability to transport HTTP requests and their associated inline resources simultaneously by using Multiplexing and Server Push. However multiplexing has made request traffic bursty and rendered DDoS detection mechanisms based on connection limiting obsolete. Contrary to its intention, multiplexing can also be misused to launch sophisticated DDoS attacks using multiple high workload requests in a single TCP connection. However, sufficient research has not been done in this area. Existing research demonstrates that the HTTP/2 protocol allows users to launch DDoS attacks easily, but does not focus on whether an HTTP/2 server can handle DDoS attacks more efficiently or not. Also, sufficient research has not been done on the possibility of Multiplexing and Server Push being misused. In this work, we analyse the performance of an HTTP/2 server compared to an HTTP/1.1 server under an Asymmetric DDoS attack for the same load. We propose a new DDoS attack vector called a Multiplexed Asymmetric DDoS attack, which uses multiplexing in a different way than intended. We show that such an attack can bring down a server with just a few attacking clients. We also show that a Multiplexed Asymmetric Attack on a server with Server Push enabled can trigger an egress network layer flood in addition to an application layer attack. © 2005-2012 IEEE.
  • No Thumbnail Available
    Item
    Next-Generation DDoS Attacks on IoT Deployments: Targeting the Advanced Features of MQTT v5.0 Protocol
    (Institute of Electrical and Electronics Engineers Inc., 2025) Lakshminarayana, S.; Santhi Thilagam, P.
    Message queuing telemetry transport (MQTT) has emerged as the widely adopted application layer protocol for IoT environments because of its lightweight header, minimal power, and bandwidth requirements. Despite its popularity, the earlier version of the protocol, MQTT v3.1.1, encounters performance issues in large-scale implementations and required an update to handle the growing requirements of modern IoT applications. In response to these concerns, MQTT v5.0 was released with several significant features designed to enhance the reliability, user experience, and performance of IoT systems. While the MQTT protocol features were intended to facilitate robust and efficient communications, adversaries could exploit these features to mount various types of attacks in IoT deployments. More specifically, the Denial-of-Service (DoS) attacks toward the MQTT protocol have recently gained a lot of attention from the research community. However, the existing works primarily focus only on exploring the possibilities of misusing the MQTT v3.1.1 protocol features to generate DoS attacks in IoT realms. In this work, we attempt to extensively investigate the advanced protocol features of MQTT v5.0 that can be exploited to launch DDoS attacks impacting the IoT paradigm. We present the first critical evaluation of Distributed DoS (DDoS) attacks on the MQTT v5.0 protocol by analyzing three significant features: 1) CONNECT properties; 2) user properties; and 3) flow control. Moreover, we systematically propose attack scenarios based on the adversary’s capabilities, thus illustrating the practicality of proposed attacks in real-world scenarios. Furthermore, we built a real-world testbed for IoT healthcare application to evaluate the severity of the identified attacks. The experimental results demonstrate the effectiveness of these attacks in impacting the availability of guaranteed IoT services to legitimate users, even in times of need. Additionally, we disclose the insightful findings of this work as takeaways and present research initiatives toward developing effective defense mechanisms for MQTT v5.0 protocol. We hope that such a discussion could pave the way for future research, contributing to MQTT v5.0 security and resiliency. © 2014 IEEE.