Fuzzing attacks for vulnerability discovery within MQTT protocol

Fuzzing attacks for vulnerability discovery within MQTT protocol

연구 분야: Software Development

학회: 2020 International Wireless Communications and Mobile Computing (IWCMC)

This paper deals with the security issues of IoT networks and particularly with vulnerabilities of Message Queuing Telemetry Transport (MQTT) protocol. We proposed Fuzzing attack techniques to detect new security breaches in MQTT. Fuzz involves the random data generation and transmission to the input of MQTT brokers or clients in order to identify breaches by analyzing their responses. We focus on the development of a containerized test architecture as well as on the generation of scenarios using the Fuzzing. We chose Docker as a container of applications based on a single virtual machine. Through our empirical tests, we found Docker lighter and better efficient than traditional Virtual Machines. We demonstrated that the implementation of a fuzzing technique on Docker within small-scale is efficient to detect a number of MQTT security flaws.