LegitimateBroker: Mitigando Ataques de Personificação em Broker MQTT na Internet das Coisas
Abstract
The Internet of Things (IoT) has gained a prominent role in the emerging technologies scenario. One of the major security problems consist in the impersonation of devices. This work proposes a mechanism to mitigate impersonation attacks on MQTT Broker device in the Internet of Things, called LegitimateBroker. The proposal is based on mutual authentication between Publishers and Broker, indirect keys storage in the Broker and periodic renewal of keys in the Broker and in the Publisher. Experiments indicate that the proposed mechanism presents a low overhead compared to other approaches and can be easily parameterized so that the key renewal rate be given by the periodicity of publications carried out by the network nodes and the attack execution time.
References
Bhawiyuga, A., Data, M., and Warda, A. (2017). Architectural design of token based In 11th International authentication of MQTT protocol in constrained IoT device. Conference on Telecommunication Systems Services and Applications (TSSA), pages 1–4. IEEE.
Biju, S. and Shekokar, N. (2017). Security approach on MQTT based smart home. In International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI), pages 1106–1114. IEEE.
Bisne, L. and Parmar, M. (2017). Composite secure MQTT for Internet of Things using In Innovations in Power and Advanced Computing ABE and dynamic S-box AES. Technologies (i-PACT), pages 1–5. IEEE.
Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54(1):1–17.
Degirmencioglu, A., Erdogan, H. T., Mizani, M. A., and Ylmaz, O. (2016). A classication approach for adaptive mitigation of SYN ood attacks: Preventing performance loss due to SYN ood attacks. In Network Operations and Management Symposium (NOMS), pages 1109–1112. IEEE/IFIP.
Dudar, A. M., Martin, D. R., and Miller, K. J. (2018). Hydrocarbon sensor diagnostic. US Patent App. 15/435,741.
Empetel (2019). Battery Original Huawei Honor 8X. Disponível em: https://www.empetel.es/Battery-Honor8X. Acessado em: Maio/2019.
Esfahani, A., Mantas, G., Matischek, R., Saghezchi, F. B., Rodriguez, J., Bicaku, A., Maksuti, S., Tauber, M. G., Schmittner, C., and Bastos, J. (2019). A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment. IEEE Internet of Things Journal, 6(1):288–296.
Eugster, P. T., Felber, P. A., Guerraoui, R., and Kermarrec, A. (2003). The Many Faces of Publish/Subscribe. ACM Computing Surveys, 35(2):114–131.
Firdous, S. N., Baig, Z., Valli, C., and Ibrahim, A. (2017). Modelling and Evaluation In International Conference of Malicious Attacks against the IoT MQTT Protocol. on Internet of Things (iThings) and Green Computing and Communications (Green- Com) and IEEE Cyber, Physical and Social Computing (CPSCom) and Smart Data (SmartData), pages 748–755. IEEE.
Foundation, R. P. (2012). Raspberry Pi. Disponível em: https://www.raspberrypi.org/. Acessado em: Maio/2019. (2017).
Gartner (2017). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. Disponível em: http://www.gartner.com/newsroom/id/3598917. Acessado em: Marc¸o/2019.
HiveMQ (2019). Plugin Developer Guide. Disponível em: https://www.hivemq.com/docs/3.4/plugins/services.html. Acessado: em Maio/2019.
Jerkins, J. A. (2017). Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In 7th Annual Computing and Communication Workshop and Conference (CCWC), pages 1–5. IEEE.
Khemissa, H. and Tandjaoui, D. (2016). A novel lightweight authentication scheme for heterogeneous wireless sensor networks in the context of Internet of Things. In Wireless Telecommunications Symposium (WTS), pages 1–6. IEEE.
OASIS (2019). MQTT Version 5.0 OASIS Standard. Disponível em: https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html. Acessado em: Março/2019.
Santos, B. P., Silva, L., Celes, C., Borges, J. B., Neto, B. S. P., Vieira, M. A. M., Vieira, L. F. M., Goussevskaia, O. N., and Loureiro, A. (2016). Internet das coisas: da teoria à prática. Livro de Minicursos do XXXIV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), 1:15–52.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Trafc Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116.
Tanenbaum, A. S. and Wetherall, D. J. (2010). Computer Networks. Prentice Hall Press, Upper Saddle River, NJ, USA, 5th edition.
Waher, P. (2015). Learning Internet of Things. Packt Publishing Ltd.
Wander, A. S., Gura, N., Eberle, H., Gupta, V., and Shantz, S. C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In 3dh International Conference on Pervasive Computing and Communications, pages 324–328. IEEE.
Wells, L. J., Camelio, J. A., Williams, C. B., and White, J. (2014). Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2):74 – 77.
Biju, S. and Shekokar, N. (2017). Security approach on MQTT based smart home. In International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI), pages 1106–1114. IEEE.
Bisne, L. and Parmar, M. (2017). Composite secure MQTT for Internet of Things using In Innovations in Power and Advanced Computing ABE and dynamic S-box AES. Technologies (i-PACT), pages 1–5. IEEE.
Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54(1):1–17.
Degirmencioglu, A., Erdogan, H. T., Mizani, M. A., and Ylmaz, O. (2016). A classication approach for adaptive mitigation of SYN ood attacks: Preventing performance loss due to SYN ood attacks. In Network Operations and Management Symposium (NOMS), pages 1109–1112. IEEE/IFIP.
Dudar, A. M., Martin, D. R., and Miller, K. J. (2018). Hydrocarbon sensor diagnostic. US Patent App. 15/435,741.
Empetel (2019). Battery Original Huawei Honor 8X. Disponível em: https://www.empetel.es/Battery-Honor8X. Acessado em: Maio/2019.
Esfahani, A., Mantas, G., Matischek, R., Saghezchi, F. B., Rodriguez, J., Bicaku, A., Maksuti, S., Tauber, M. G., Schmittner, C., and Bastos, J. (2019). A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment. IEEE Internet of Things Journal, 6(1):288–296.
Eugster, P. T., Felber, P. A., Guerraoui, R., and Kermarrec, A. (2003). The Many Faces of Publish/Subscribe. ACM Computing Surveys, 35(2):114–131.
Firdous, S. N., Baig, Z., Valli, C., and Ibrahim, A. (2017). Modelling and Evaluation In International Conference of Malicious Attacks against the IoT MQTT Protocol. on Internet of Things (iThings) and Green Computing and Communications (Green- Com) and IEEE Cyber, Physical and Social Computing (CPSCom) and Smart Data (SmartData), pages 748–755. IEEE.
Foundation, R. P. (2012). Raspberry Pi. Disponível em: https://www.raspberrypi.org/. Acessado em: Maio/2019. (2017).
Gartner (2017). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. Disponível em: http://www.gartner.com/newsroom/id/3598917. Acessado em: Marc¸o/2019.
HiveMQ (2019). Plugin Developer Guide. Disponível em: https://www.hivemq.com/docs/3.4/plugins/services.html. Acessado: em Maio/2019.
Jerkins, J. A. (2017). Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In 7th Annual Computing and Communication Workshop and Conference (CCWC), pages 1–5. IEEE.
Khemissa, H. and Tandjaoui, D. (2016). A novel lightweight authentication scheme for heterogeneous wireless sensor networks in the context of Internet of Things. In Wireless Telecommunications Symposium (WTS), pages 1–6. IEEE.
OASIS (2019). MQTT Version 5.0 OASIS Standard. Disponível em: https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html. Acessado em: Março/2019.
Santos, B. P., Silva, L., Celes, C., Borges, J. B., Neto, B. S. P., Vieira, M. A. M., Vieira, L. F. M., Goussevskaia, O. N., and Loureiro, A. (2016). Internet das coisas: da teoria à prática. Livro de Minicursos do XXXIV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), 1:15–52.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Trafc Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116.
Tanenbaum, A. S. and Wetherall, D. J. (2010). Computer Networks. Prentice Hall Press, Upper Saddle River, NJ, USA, 5th edition.
Waher, P. (2015). Learning Internet of Things. Packt Publishing Ltd.
Wander, A. S., Gura, N., Eberle, H., Gupta, V., and Shantz, S. C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In 3dh International Conference on Pervasive Computing and Communications, pages 324–328. IEEE.
Wells, L. J., Camelio, J. A., Williams, C. B., and White, J. (2014). Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2):74 – 77.
Published
2019-09-02
How to Cite
RAMPELOTTO JUNIOR, Charles; QUINCOZES, Silvio; KAZIENKO, Juliano.
LegitimateBroker: Mitigando Ataques de Personificação em Broker MQTT na Internet das Coisas. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 141-154.
DOI: https://doi.org/10.5753/sbseg.2019.13968.
