IEEE Access (Jan 2024)

Securing MQTT Ecosystem: Exploring Vulnerabilities, Mitigations, and Future Trajectories

  • Shams Ul Arfeen Laghari,
  • Wenhao Li,
  • Selvakumar Manickam,
  • Priyadarsi Nanda,
  • Ayman Khallel Al-Ani,
  • Shankar Karuppayah

DOI
https://doi.org/10.1109/ACCESS.2024.3412030
Journal volume & issue
Vol. 12
pp. 139273 – 139289

Abstract

Read online

Amid the exponential rise of Internet of Things (IoT) devices, the Message Queue Telemetry Transport (MQTT) protocol has gained prominence due to its efficiency in facilitating device-cloud interactions. Yet, the surge in IoT device usage and MQTT’s popularity has spotlighted potential security risks. Vulnerabilities in this realm can lead to substantial disturbances and financial setbacks. While there is a noticeable increase in IoT-related attacks, comprehensive reviews on MQTT security remain scarce. Existing studies often exhibit shortcomings, such as a broad but superficial discussion of MQTT attacks and countermeasures. Additionally, many essential components and roles in building or implementing MQTT-based applications have not been adequately addressed. This research fills this void by offering a contemporary analysis of MQTT ecosystem security challenges, encompassing prevalent attacks, their repercussions, mitigation strategies, and prospective areas for further research. This study presents a comprehensive taxonomy of security attacks within the MQTT ecosystem, offering a systematic framework to guide researchers, businesses, and end-users in mitigating these risks. As a result, this work serves as a crucial resource for enhancing the security of IoT devices utilizing MQTT, marking a significant stride in safeguarding IoT infrastructure.

Keywords