scholarly journals MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Sensors ◽  
2020 ◽  
Vol 20 (18) ◽  
pp. 5194
Author(s):  
Yingpei Zeng ◽  
Mingmin Lin ◽  
Shanqing Guo ◽  
Yanzhao Shen ◽  
Tingting Cui ◽  
...  
Keyword(s):  
Internet Of Things ◽  
State Of The Art ◽  
State Transitions ◽  
The Internet ◽  
Message Queue ◽  
Single Input ◽  
Constrained Application Protocol ◽  
The Internet Of Things

The publish/subscribe model has gained prominence in the Internet of things (IoT) network, and both Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) support it. However, existing coverage-based fuzzers may miss some paths when fuzzing such publish/subscribe protocols, because they implicitly assume that there are only two parties in a protocol, which is not true now since there are three parties, i.e., the publisher, the subscriber and the broker. In this paper, we propose MultiFuzz, a new coverage-based multiparty-protocol fuzzer. First, it embeds multiple-connection information in a single input. Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. Third, it uses a new desockmulti module to feed the network messages into the program under test. desockmulti is similar to desock (Preeny), a tool widely used by the community, but it is specially designed for fuzzing and is 10x faster. We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. In addition, we compare MultiFuzz with AFL and two state-of-the-art fuzzers, MOPT and AFLNET, and find it discovering more paths and crashes.

scholarly journals SlowITe, a Novel Denial of Service Attack Affecting MQTT

Sensors ◽  
2020 ◽  
Vol 20 (10) ◽  
pp. 2932
Author(s):  
Ivan Vaccari ◽  
Maurizio Aiello ◽  
Enrico Cambiaso
Keyword(s):  
Internet Of Things ◽  
Denial Of Service ◽  
The Internet ◽  
Message Queue ◽  
Plain Text ◽  
Denial Of Service Attack ◽  
Service Attack ◽  
Iot Devices ◽  
The Internet Of Things ◽  
Low Rate

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

scholarly journals Grid-PPPS: A Skyline Method for Efficiently Handling Top-kQueries in Internet of Things

2014 ◽  
Vol 2014 ◽  
pp. 1-10 ◽  
Author(s):  
Sun-Young Ihm ◽  
Aziz Nasridinov ◽  
Young-Ho Park
Keyword(s):  
Internet Of Things ◽  
State Of The Art ◽  
Rapid Development ◽  
The Internet ◽  
Space Partitioning ◽  
Data Space ◽  
Index Building ◽  
Representative Skyline ◽  
The Internet Of Things ◽  
Grid Based

A rapid development in wireless communication and radio frequency technology has enabled the Internet of Things (IoT) to enter every aspect of our life. However, as more and more sensors get connected to the Internet, they generate huge amounts of data. Thus, widespread deployment of IoT requires development of solutions for analyzing the potentially huge amounts of data they generate. A top-kquery processing can be applied to facilitate this task. The top-kqueries retrievektuples with the lowest or the highest scores among all of the tuples in the database. There are many methods to answer top-kqueries, where skyline methods are efficient when considering all attribute values of tuples. The representative skyline methods are soft-filter-skyline (SFS) algorithm, angle-based space partitioning (ABSP), and plane-project-parallel-skyline (PPPS). Among them, PPPS improves ABSP by partitioning data space into a number of spaces using hyperplane projection. However, PPPS has a high index building time in high-dimensional databases. In this paper, we propose a new skyline method (called Grid-PPPS) for efficiently handling top-kqueries in IoT applications. The proposed method first performs grid-based partitioning on data space and then partitions it once again using hyperplane projection. Experimental results show that our method improves the index building time compared to the existing state-of-the-art methods.

scholarly journals Physical Unclonable Functions in the Internet of Things: State of the Art and Open Challenges

Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3208 ◽  
Author(s):  
Armin Babaei ◽  
Gregor Schiele
Keyword(s):  
Internet Of Things ◽  
State Of The Art ◽  
The Internet ◽  
Physical Unclonable Functions ◽  
Iot Devices ◽  
Computational Resources ◽  
The Internet Of Things

Attacks on Internet of Things (IoT) devices are on the rise. Physical Unclonable Functions (PUFs) are proposed as a robust and lightweight solution to secure IoT devices. The main advantage of a PUF compared to the current classical cryptographic solutions is its compatibility with IoT devices with limited computational resources. In this paper, we investigate the maturity of this technology and the challenges toward PUF utilization in IoT that still need to be addressed.

scholarly journals IOT-BASED SMART ENVIRONMENTS: STATE OF THE ART, SECURITY THREATS AND SOLUTIONS

2021 ◽  
Vol XLVI-4/W5-2021 ◽  
pp. 279-286
Author(s):  
G. Ikrissi ◽  
T. Mazri
Keyword(s):  
Energy Efficiency ◽  
Internet Of Things ◽  
State Of The Art ◽  
The Internet ◽  
Smart Environments ◽  
Security Threats ◽  
Smart Environment ◽  
Security Attacks ◽  
Security Issues ◽  
The Internet Of Things

Abstract. Smart environments provide many benefits to the users including comfort, convenience, energy efficiency, safety, automation, and service quality. The Internet of Things (IoT) has developed to become one of the widely used technologies in smart environments. Many security attacks and threats are generated by security flaws in IoT-based systems and devices, which may affect smart environments applications. As a result, security is one of the most important issues in any smart area or environment based on the IoT model. This paper presents an overview of smart environments based on IoT technology and highlights the main security issues and countermeasures in the four layers of smart environment IoT architecture. It also reviews some of the current solutions that ensure the security of information in smart environments applications.

Sign in / Sign up

Export Citation Format

Share Document