Litcius/Paper detail

Fuzzing attacks for vulnerability discovery within MQTT protocol

G. Casteur, A. Aubaret, B. Blondeau, V. Clouet, A. Quemat, V. Pical, Rafik Zitouni

202021 citationsDOI

Abstract

This paper deals with the security issues of IoT networks and particularly with vulnerabilities of Message Queuing Telemetry Transport (MQTT) protocol. We proposed Fuzzing attack techniques to detect new security breaches in MQTT. Fuzz involves the random data generation and transmission to the input of MQTT brokers or clients in order to identify breaches by analyzing their responses. We focus on the development of a containerized test architecture as well as on the generation of scenarios using the Fuzzing. We chose Docker as a container of applications based on a single virtual machine. Through our empirical tests, we found Docker lighter and better efficient than traditional Virtual Machines. We demonstrated that the implementation of a fuzzing technique on Docker within small-scale is efficient to detect a number of MQTT security flaws.

Topics & Concepts

MQTTFuzz testingComputer scienceMessage queueComputer securityVulnerability (computing)Protocol (science)Computer networkOperating systemInternet of ThingsSoftwarePathologyAlternative medicineMedicineSoftware Testing and Debugging TechniquesAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection