Among the technologies that have witnessed rampant growth in recent years, a significant one is the IoT (Internet of Things). This transformative paradigm involves the connection of various devices, including smartphones, tablets, and objects equipped with sensors, thereby expanding the scope of IoT to virtually any sensor-enabled entity. The rapid growth of the Internet of Things (IoT) has transformed everyday activities, requiring efficient communication protocols between IoT devices and their servers. In the quest for a communication protocol that effectively addresses the diverse constraints of IoT devices, Message Queuing Telemetry Transport (MQTT) has emerged as a highly popular and widely embraced protocol within this domain. However, our initial investigation revealed a significant number of MQTT brokers hosted on the internet with critical misconfigurations or lacking proper security measures. These challenges include the utilization of outdated versions of MQTT, employment of outdated broker versions, the absence of robust authentication methods, and inadequate access controls once a client establishes a connection with a broker. To address this issue and enhance MQTT broker security, we propose QT-Killer, an automated testing tool specifically designed for MQTT brokers. The tool employs a generation-based fuzzing technique as its fundamental approach to perform fuzzing along with multithreading in order to increase the throughput. Additionally, it incorporates a Graphical User Interface (GUI) for effective interaction between the program and the user. The efficacy of the tool is evaluated by conducting a series of experiments to assess its performance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MQTT FuzzSecure: Enhancing Robust Security Measures in MQTT Brokers Through Fuzzing

  • Hemanshu Kailash Bisht,
  • Ramya Shah,
  • Digvijaysinh Rathod,
  • Sarang Rajvansh

摘要

Among the technologies that have witnessed rampant growth in recent years, a significant one is the IoT (Internet of Things). This transformative paradigm involves the connection of various devices, including smartphones, tablets, and objects equipped with sensors, thereby expanding the scope of IoT to virtually any sensor-enabled entity. The rapid growth of the Internet of Things (IoT) has transformed everyday activities, requiring efficient communication protocols between IoT devices and their servers. In the quest for a communication protocol that effectively addresses the diverse constraints of IoT devices, Message Queuing Telemetry Transport (MQTT) has emerged as a highly popular and widely embraced protocol within this domain. However, our initial investigation revealed a significant number of MQTT brokers hosted on the internet with critical misconfigurations or lacking proper security measures. These challenges include the utilization of outdated versions of MQTT, employment of outdated broker versions, the absence of robust authentication methods, and inadequate access controls once a client establishes a connection with a broker. To address this issue and enhance MQTT broker security, we propose QT-Killer, an automated testing tool specifically designed for MQTT brokers. The tool employs a generation-based fuzzing technique as its fundamental approach to perform fuzzing along with multithreading in order to increase the throughput. Additionally, it incorporates a Graphical User Interface (GUI) for effective interaction between the program and the user. The efficacy of the tool is evaluated by conducting a series of experiments to assess its performance.