MQTT Vulnerabilities, Attack Vectors and Solutions in the Internet of Things (IoT)

ABSTRACT
Internet of Things (IoT) paved the way for devices and machine communication using TCP/IP protocol.
Lightweight and stateless communication is imperative especially in a situation requiring
conservation of energy usage, e.g. wireless sensor network. Representational State Transfer (REST)
API method is based on web communication protocol, Hyper-Text Transfer Protocol (HTTP), and is
widely used in IoT messaging. Some of these protocols are DPWS, XMPP, MQTT, COaP, AMQP.Among
these protocols, MQTT is the most preferred protocol and is expected to be the de facto messaging
IoT standard. MQTT uses a publisher/subscriber model to facilitate messaging between devices making
messaging lightweight. Nevertheless, there are a number of security issues due to the design of
the protocol itself. Some of the issues are denial of service, identity spoofing, information disclosure,
elevation of privileges and data tampering. These issues can be caused by both internal and external
perpetrators. Researchers have proposed various security techniques and mechanisms to address
these issues. Incorporation of security has added processing overhead to the devices and this will
have a bearing on IoT devices that are powered by a battery. This issue has opened up new research
challenges in making the protocols more lightweight and at the same time not compromising the
level of security provided.