当前位置:
X-MOL 学术
›
IEEE Commun. Surv. Tutor.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects
IEEE Communications Surveys & Tutorials ( IF 34.4 ) Pub Date : 2024-03-04 , DOI: 10.1109/comst.2024.3372630 Sujitha Lakshminarayana , Amit Praseed , P. Santhi Thilagam
IEEE Communications Surveys & Tutorials ( IF 34.4 ) Pub Date : 2024-03-04 , DOI: 10.1109/comst.2024.3372630 Sujitha Lakshminarayana , Amit Praseed , P. Santhi Thilagam
The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology.
中文翻译:
从 MQTT 协议角度保护物联网应用层:挑战和研究前景
物联网 (IoT) 是最有前途的新千年技术之一,在我们周围的环境中拥有众多应用。物联网系统的基本目标是确保用户与其设备之间的有效通信,这是通过物联网的应用层来实现的。因此,物联网应用层采用的协议的安全性极其重要。消息队列遥测传输 (MQTT) 作为资源受限物联网设备的应用层协议被广泛采用。 MQTT协议在物联网设备中广泛使用的原因是其极具吸引力的特性,例如与数据包无关的通信、高可扩展性、低功耗、低实施成本、快速可靠的消息传递。 MQTT 协议的这些功能使其成为对手潜在且可行的目标。因此,我们首先强调新兴的 MQTT 漏洞,并为物联网范式提供已识别的 MQTT 漏洞的分类。然后,本文回顾了针对 MQTT 协议的攻击以及基于 MQTT 的物联网部署的相应防御机制。此外,MQTT 攻击根据有助于理解这些攻击是如何进行的关键特征进行分类和调查。详细讨论了防御机制,特别关注识别漏洞、检测和防止针对 MQTT 协议的攻击的技术。这项工作还揭示了通过识别和提供富有洞察力的发现、开放的挑战和未来的研究方向而吸取的经验教训。 这样的讨论预计将推动这一新兴领域的更多研究工作,并为在物联网技术中扩展和完全实现 MQTT 协议铺平一条安全的道路。
更新日期:2024-03-04
中文翻译:
从 MQTT 协议角度保护物联网应用层:挑战和研究前景
物联网 (IoT) 是最有前途的新千年技术之一,在我们周围的环境中拥有众多应用。物联网系统的基本目标是确保用户与其设备之间的有效通信,这是通过物联网的应用层来实现的。因此,物联网应用层采用的协议的安全性极其重要。消息队列遥测传输 (MQTT) 作为资源受限物联网设备的应用层协议被广泛采用。 MQTT协议在物联网设备中广泛使用的原因是其极具吸引力的特性,例如与数据包无关的通信、高可扩展性、低功耗、低实施成本、快速可靠的消息传递。 MQTT 协议的这些功能使其成为对手潜在且可行的目标。因此,我们首先强调新兴的 MQTT 漏洞,并为物联网范式提供已识别的 MQTT 漏洞的分类。然后,本文回顾了针对 MQTT 协议的攻击以及基于 MQTT 的物联网部署的相应防御机制。此外,MQTT 攻击根据有助于理解这些攻击是如何进行的关键特征进行分类和调查。详细讨论了防御机制,特别关注识别漏洞、检测和防止针对 MQTT 协议的攻击的技术。这项工作还揭示了通过识别和提供富有洞察力的发现、开放的挑战和未来的研究方向而吸取的经验教训。 这样的讨论预计将推动这一新兴领域的更多研究工作,并为在物联网技术中扩展和完全实现 MQTT 协议铺平一条安全的道路。
京公网安备 11010802027423号