Modelling and Evaluation of Malicious Attacks against the IoT MQTT Protocol

The Internet of Things (IoT) paradigm is changing the way people live and work in society. Advancements in various information and communication technologies have paved the way for new possibilities and opportunities both in households and industries to build such an Internet of connected devices. However, these devices possess capabilities that enable control from anywhere and at anytime. The exploitation of these capabilities make these devices potential and viable targets for adversaries. Middleware-based IoT application protocols play a crucial role in enabling bidirectional communication and remote control of IoT devices. Among the various IoT application protocols, Message Queuing Telemetry Protocol (MQTT) is being widely adopted. The possible threats in MQTT-based IoT environments need to be identified before applying appropriate countermeasures. In this paper, we present the MQTT threat model and perform an evaluation of the Denial of Service (DoS) attack that targets MQTT brokers.