Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Attack scenarios and security analysis of MQT - Bhavya Vimavala


Published on

Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO /IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices.Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Attack scenarios and security analysis of MQT - Bhavya Vimavala

  1. 1. || Date - 26-1-2020 || || Venue - Ahmedabad || || Presenter - Bhavya Shah || Attack Scenarios And Security Analysis of MQTT
  2. 2. MQTT - Message Queuing Telemetry Transport MQTT is a machine-to-machine (M2M)/"Internet of Things" connectivity protocol. It was designed as an extremely lightweight publish/subscribe messaging transport. It is useful for connections with remote locations where a small code footprint is required and/or network bandwidth is limited.
  3. 3. MQTT History
  4. 4. 1st Version Was Authored In 1999 By Andy Stanford-Clark Arlen Nipper
  5. 5. Designed for connecting Oil Pipeline telemetry systems over satellite
  6. 6. MQTT Version History
  7. 7. Some Of The Key Features of MQTT ● Facilitates one-to-many communication mediated by brokers ● It has facility to acknowledge the request ● Simple packet formats: binary payloads ● The protocol runs over TCP
  8. 8. Major Areas Where MQTT Is Used
  9. 9. IOT Devices IIOT (Industrial IOT)
  10. 10. Fitness Devices : Fitbit Health Devices : Blood Pressure Glucometer Monitors
  11. 11. Location Services : Owntracks Home Automation Kits : SmartThings (Samsung)
  12. 12. Google IOT Core Cloud Provider
  13. 13. Publisher Subscriber Subscriber Subscribe to “temp/roof” Subscribe to “temp/room” Publish: “20 C” Topic: “temp/roof” Publish: “50 C” Publish: “50 C” Topic: “temp/room” Publish: “20 C”
  14. 14. Topic Hierarchy Temp Roof Floor 1 Floor 2 DrawingRoom Room Room Kitchen Subscribing to the specific topic: Temp/Floor1/Room Temp/Floor1/DrawingRoom Temp/Floor2/Room Subscribing to all Room for the Temp: Temp/+/Room Subscribing to all topic of Temp: Temp/# (wildcard entry)
  15. 15. Basic Commands To run brocker server : mosquitto Subscribe for the topic : mosquitto_sub -t "topicname" Publish for the topic : mosquitto_sub -t "topic" -m "message"
  16. 16. Transmission Of Data In Clear Text
  17. 17. MQTT Over Internet
  18. 18. MQTT Integration With Application
  19. 19. Demo Of Subscribing To The Topic By Changing Or Creating New credentials
  20. 20. Backdoor Over The MQTT