Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO /IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices.Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. https://nsconclave.net-square.com/attack-scenarios-and-security-analysis-of-MQTT.html

1. || Date - 26-1-2020 || || Venue - Ahmedabad || || Presenter - Bhavya Shah ||
Attack Scenarios And Security Analysis of MQTT

2. MQTT - Message Queuing Telemetry Transport
MQTT is a machine-to-machine
(M2M)/"Internet of Things"
connectivity protocol. It was
designed as an extremely
lightweight publish/subscribe
messaging transport. It is useful
for connections with remote
locations where a small code
footprint is required and/or
network bandwidth is limited.

3. MQTT History

4. 1st Version Was Authored In 1999 By
Andy Stanford-Clark
Arlen Nipper

5. Designed for connecting Oil Pipeline telemetry systems over satellite

6. MQTT Version History

7. Some Of The Key Features of MQTT
● Facilitates one-to-many communication mediated by brokers
● It has facility to acknowledge the request
● Simple packet formats: binary payloads
● The protocol runs over TCP

8. Major Areas Where MQTT Is Used

9. IOT Devices IIOT (Industrial IOT)

10. Fitness Devices : Fitbit Health Devices : Blood Pressure
Glucometer Monitors

11. Location Services : Owntracks Home Automation Kits :
SmartThings (Samsung)

12. Google IOT Core
Cloud Provider

13. Publisher
Subscriber
Subscriber
Subscribe to
“temp/roof”
Subscribe to
“temp/room”
Publish: “20 C”
Topic: “temp/roof”
Publish: “50 C”
Publish: “50 C”
Topic: “temp/room”
Publish: “20 C”

15. Topic Hierarchy
Temp
Roof Floor 1 Floor 2
DrawingRoom Room Room Kitchen
Subscribing to the specific
topic:
Temp/Floor1/Room
Temp/Floor1/DrawingRoom
Temp/Floor2/Room
Subscribing to all Room for the
Temp:
Temp/+/Room
Subscribing to all topic of Temp:
Temp/# (wildcard entry)

16. Basic Commands
To run brocker server :
mosquitto
Subscribe for the topic :
mosquitto_sub -t "topicname"
Publish for the topic :
mosquitto_sub -t "topic" -m "message"

17. Transmission Of Data In Clear Text

19. MQTT Over Internet

22. MQTT Integration With Application

24. Demo Of Subscribing To The Topic By Changing
Or Creating New credentials

26. Backdoor Over The MQTT