Affordable Access

Access to the full text

SlowITe, a Novel Denial of Service Attack Affecting MQTT

Authors
  • Vaccari, Ivan1, 2
  • Aiello, Maurizio1
  • Cambiaso, Enrico1
  • 1 (E.C.)
  • 2 Department of Informatics, Bioengineering, Robotics and System Engineering (DIBRIS), University of Genoa, 16145 Genoa, Italy
Type
Published Article
Journal
Sensors
Publisher
MDPI AG
Publication Date
May 21, 2020
Volume
20
Issue
10
Identifiers
DOI: 10.3390/s20102932
PMID: 32455752
PMCID: PMC7285273
Source
PubMed Central
Keywords
License
Green

Abstract

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.

Report this publication

Statistics

Seen <100 times