Alessandro Di Vincenzo
Analysis of MQTT protocol security and a method for key distribution through separation of knowledge.
Rel. Edoardo Patti. Politecnico di Torino, Master of science program in Computer Engineering, 2022
Abstract
The scope of the project is to analyse MQTT protocol (used in IoT application) to detect malicious contexts in real use cases and analyse possible workarounds. The studies performed are: - MQTT protocol features analysis: it is a protocol used to transport messages, mainly used in IoT environment given its lightweightness; - Malicious contexts analysis: given its lightweightness, MQTT has not security mechanisms by default, in order to maintain it simple to be runned by resource constrained devices like IoT ones; - Workarounds analysis: identification of countermeasures able to guarantee authentication, confidentiality and integrity of MQTT messages; - State of the art of MQTT security solutions: analysis of innovative solutions developed to provide security to MQTT protocol; - Determining target use case; - Design, implementation and testing of a demo.
The main threats of MQTT protocol are the lack of data privacy protection (anyone can read messages contained in MQTT packet, a big problem especially in scenario where sensitive information are sent) and the absence of authentication method integrated by default (there is no assurance about the "identity" of devices involved in communication)
Relators
Publication type
URI
 |
Modify record (reserved for operators) |
