Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects

Abstract

The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology. © 2024 IEEE.