Security vulnerabilities and cyber threat analysis of the AMQP protocol for the internet of things
Version 2 2024-06-05, 02:45Version 2 2024-06-05, 02:45
Version 1 2020-06-10, 16:16Version 1 2020-06-10, 16:16
conference contribution
posted on 2017-01-01, 00:00authored byI N McAteer, M I Malik, Zubair BaigZubair Baig, P Hannay
The Internet of Things (IoT) expands the global Internet-connected network to encompass device-to-device, device-to-server, and server-to-server connectivity for an ever-increasing variety of end-user devices. IoT remains a somewhat amorphous entity, with little in the way of coordinated development, and is undermined largely by a manufacturer-driven scramble to be first-to-market with the latest innovation. Communication between IoT devices/servers relies on underlying protocols, which must be efficient and effective to establish and maintain reliability and integrity of data transfer. However, the lack of coordination during IoT's expansion has resulted in a variety of communications protocols being developed. AMQP (Advanced Message Queuing Protocol) originated from the financial sector's requirement for an improved messaging system that was fast, reliable and independent of end-user platform configurations. AMQP is an open-source server-to-server communications protocol which allows the addition of user-specific extensions. The software coding of such end-user-developed modules can be insufficient regarding threat-mitigation and can make the end product vulnerable to cyber-attack. Through this paper, we present vulnerability and threat analysis for AMQP-based IoT systems.
History
Event
Information Security Management. Conference (15th : 2017 : Perth, W.A.)
Series
Information Security Management Conference
Pagination
70 - 80
Publisher
Edith Cowan University
Location
Perth, W.A.
Place of publication
Melbourne, Vic.
Start date
2017-12-05
End date
2017-12-06
ISBN-13
9780648127086
Language
eng
Publication classification
E1.1 Full written paper - refereed
Editor/Contributor(s)
C Valli
Title of proceedings
AISM 2017 : Proceedings of the 15th Australian Information Security Management Conference