Security of IoT Application Layer Protocols: Challenges and Findings

Nebbione, Giuseppe; Calzarossa, Maria Carla

doi:10.3390/fi12030055

Cited by 103 publications

(48 citation statements)

References 68 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Finally, Application layer security involves the security vulnerabilities and prevention mechanism detected and, respectively, implemented at communication protocol layer. It is worth mentioning IoT protocol solutions such as MQTT, CoAP and less-typical IoT protocols AMQP, DDS, and XMPP [ 40 ]. MQTT is widely used in IoT platforms.…”

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

“…Moreover, message validation mechanisms that are improperly implemented (for example, a publisher sends messages consisting of invalid characters that cannot be correctly interpreted by brokers and subscribers), facilitate security attacks. Man-in-the-middle (MiTM) attacks [ 40 ] may happen as the encryption is performed only for payloads, not for the entire message [ 41 ].…”

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

“…To conclude the section, the IoT security is an important subject not only for technical purposes, but also for the welfare of the society and its citizens [ 40 ] as, currently, many person-centric applications are being developed.…”

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

See 2 more Smart Citations

Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications

Vulpe

Crăciunescu

Drăgulinescu

et al. 2021

Sensors

View full text Add to dashboard Cite

Today’s IoT deployments are highly complex, heterogeneous and constantly changing. This poses severe security challenges such as limited end-to-end security support, lack of cross-platform cross-vertical security interoperability as well as the lack of security services that can be readily applied by security practitioners and third party developers. Overall, these require scalable, decentralized and intelligent IoT security mechanisms and services which are addressed by the SecureIoT project. This paper presents the definition, implementation and validation of a SecureIoT-enabled socially assisted robots (SAR) usage scenario. The aim of the SAR scenario is to integrate and validate the SecureIoT services in the scope of personalized healthcare and ambient assistive living (AAL) scenarios, involving the integration of two AAL platforms, namely QTrobot (QT) and CloudCare2U (CC2U). This includes risk assessment of communications security, predictive analysis of security risks, implementing access control policies to enhance the security of solution, and auditing of the solution against security, safety and privacy guidelines and regulations. Future perspectives include the extension of this security paradigm by securing the integration of healthcare platforms with IoT solutions, such as Healthentia with QTRobot, by means of a system product assurance process for cyber-security in healthcare applications, through the PANACEA toolkit.

show abstract

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

Section: Security In the Internet Of Thingsmentioning

confidence: 99%

See 1 more Smart Citation

Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications

Vulpe

Crăciunescu

Drăgulinescu

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…It is capable to ensure the integrity of the software and configuration of all the nodes and, thus, to avoid the exchange of incorrect synchronization information over secure protocols. For a more complete view on prior works about SW vulnerabilities in other domains, interested readers can also refer to [29][30][31] and the references therein.…”

Section: Master Clockmentioning

confidence: 99%

Trusted GNSS-Based Time Synchronization for Industry 4.0 Applications

Margaria

Vesco

2021

Applied Sciences

View full text Add to dashboard Cite

The protection of satellite-derived timing information is becoming a fundamental requirement in Industry 4.0 applications, as well as in a growing number of critical infrastructures. All the industrial systems where several nodes or devices communicate and/or coordinate their functionalities by means of a communication network need accurate, reliable and trusted time synchronization. For instance, the correct operation of automation and control systems, measurement and automatic test systems, power generation, transmission, and distribution typically require a sub-microsecond time accuracy. This paper analyses the main attack vectors and stresses the need for software integrity control at network nodes of Industry 4.0 applications to complement existing security solutions that focus on Global Navigation Satellite System (GNSS) radio-frequency spectrum and Precision Time Protocol (PTP), also known as IEEE-1588. A real implementation of a Software Integrity Architecture in accordance with Trusted Computing principles concludes the work, together with the presentation of promising results obtained with a flexible and reconfigurable testbed for hands-on activities.

show abstract

“…The AMQP standard consists mainly of [51]: message, the key element of the entire communication process; producer, creates a message and sends it; broker, distributes the message according to rules defined to different queues; and finally, consumer, which takes the message from the queue where it can access and reprocess it. The security aspects and threats were analyzed in [52]. In particular, the authors showed that AMQP could be exploited by using common threats such as replay [53], masquerade, modification, and denial of service [54].…”

Section: Related Workmentioning

confidence: 99%

SlowTT: A Slow Denial of Service against IoT Networks

2020

View full text Add to dashboard Cite

The security of Internet of Things environments is a critical and trending topic, due to the nature of the networks and the sensitivity of the exchanged information. In this paper, we investigate the security of the Message Queue Telemetry Transport (MQTT) protocol, widely adopted in IoT infrastructures. We exploit two specific weaknesses of MQTT, identified during our research activities, allowing the client to configure the KeepAlive parameter and MQTT packets to execute an innovative cyber threat against the MQTT broker. In order to validate the exploitation of such vulnerabilities, we propose SlowTT, a novel “Slow” denial of service attack aimed at targeting MQTT through low-rate techniques, characterized by minimum attack bandwidth and computational power requirements. We validate SlowTT against real MQTT services, by considering both plaintext and encrypted communications and by comparing the effects of the attack when targeting different application daemons and protocol versions. Results show that SlowTT is extremely successful, and it can exploit the identified vulnerability to execute a denial of service against the IoT network by keeping the connection alive for a long time.

show abstract

Security of IoT Application Layer Protocols: Challenges and Findings

Cited by 103 publications

References 68 publications

Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications

Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications

Trusted GNSS-Based Time Synchronization for Industry 4.0 Applications

SlowTT: A Slow Denial of Service against IoT Networks

Contact Info

Product

Resources

About