Skip to main content
SpringerLink
Log in
SpringerLink
Log in

An Architecture for Automated Security Test Case Generation for MQTT Systems

  • Conference paper
  • First Online:
Database and Expert Systems Applications (DEXA 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1285))

Included in the following conference series:

Abstract

Message Queuing Telemetry Transport (MQTT) protocol is among the preferred publish/subscribe protocols used for Machine-to-Machine (M2M) communication and Internet of Things (IoT). Although the MQTT protocol itself is quite simple, the concurrent iteration of brokers and clients and its intrinsic non-determinism, coupled with the diversity of platforms and programming languages in which the protocol is implemented and run, makes the necessary task of security testing challenging. We address precisely this problem by proposing an architecture for security test generation for systems relying on the MQTT protocol. This architecture enables automated test case generation to reveal vulnerabilities and discrepancies between different implementations. As a desired consequence, when implemented, our architectural design can be used to uncover erroneous behaviours that entail latent security risks in MQTT broker and client implementations. In this paper we describe the key components of our architecture, our prototypical implementation using a random test case generator, core design decisions and the use of security attacks in testing. Moreover, we present first evaluations of the architectural design and the prototypical implementation with encouraging initial results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See Sect. 5.4.2 at https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901014.

  2. 2.

    https://mosquitto.org/.

  3. 3.

    https://netty.io.

  4. 4.

    https://github.com/moquette-io/moquette.

  5. 5.

    See for instance https://www.hivemq.com/downloads/hivemq-data-sheet-4.2.pdf.

References

  1. Alexander, I.F.: Misuse cases: use cases with hostile intent. IEEE Softw. 20(1), 58–66 (2003)

    Article  Google Scholar 

  2. Ali, S., Briand, L.C., Hemmati, H., Panesar-Walawege, R.K.: A systematic review of the application and empirical investigation of search-based test case generation. IEEE Trans. Softw. Eng. 36(6), 742–762 (2009)

    Article  Google Scholar 

  3. Anand, S., et al.: An orchestrated survey of methodologies for automated software test case generation. J. Syst. Softw. 86(8), 1978–2001 (2013)

    Article  Google Scholar 

  4. Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. In: 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pp. 1–6. IEEE (2017)

    Google Scholar 

  5. Banks, A., Briggs, E., Borgendale, K., Gupta, R.: MQTT Version 5.0. OASIS Standard. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html

  6. Banks, A., Gupta, R.: MQTT Version 3.1.1. OASIS Standard. http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html

  7. Bishop, M.: About penetration testing. IEEE Secur. Priv. 5(6), 84–87 (2007)

    Article  Google Scholar 

  8. Bozic, J., Wotawa, F.: Security testing based on attack patterns. In: Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014 Workshops Proceedings, 31 March–4 April 2014, Cleveland, Ohio, USA, pp. 4–11. IEEE Computer Society (2014)

    Google Scholar 

  9. Dinculeană, D., Cheng, X.: Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 9(5), 848 (2019)

    Article  Google Scholar 

  10. Esfahani, A., et al.: A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet Things J. 6(1), 288–296 (2019)

    Article  Google Scholar 

  11. Firdous, S.N., Baig, Z., Valli, C., Ibrahim, A.: Modelling and evaluation of malicious attacks against the IoT MQTT protocol. In: IEEE International Conference on Internet of Things (iThings) and Green Computing and Communications (GreenCom) and Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 748–755. IEEE (2017)

    Google Scholar 

  12. Heer, T., Morchon, O.G., Hummen, R., Keoh, S.L., Kumar, S.S., Wehrle, K.: Security challenges in the IP-based internet of things. Wireless Pers. Commun. 61(3), 527–542 (2011). https://doi.org/10.1007/s11277-011-0385-5

    Article  Google Scholar 

  13. Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison Wesley, Boston (2004)

    Google Scholar 

  14. Houimli, M., Kahloul, L., Benaoun, S.: Formal specification, verification and evaluation of the MQTT protocol in the internet of things. In: 2017 International Conference on Mathematics and Information Technology (ICMIT), pp. 214–221. IEEE Computer Society (2017)

    Google Scholar 

  15. Liang, H., Pei, X., Jia, X., Shen, W., Zhang, J.: Fuzzing: state of the art. IEEE Trans. Reliab. 67(3), 1199–1218 (2018)

    Article  Google Scholar 

  16. Ma, L., Artho, C., Zhang, C., Sato, H., Gmeiner, J., Ramler, R.: GRT: program-analysis-guided random testing (T). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 212–223. IEEE (2015)

    Google Scholar 

  17. Manzoor, A.: Securing device connectivity in the industrial Internet of Things (IoT). In: Mahmood, Z. (ed.) Connectivity Frameworks for Smart Devices. CCN, pp. 3–22. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33124-9_1

    Chapter  Google Scholar 

  18. Marksteiner, S., Ramler, R., Sochor, H.: Integrating threat modeling and automated test case generation into industrialized software security testing. In: Proceedings of the Third Central European Cybersecurity Conference, CECC 2019, Munich, Germany, 14–15 November 2019, pp. 25:1–25:3. ACM (2019)

    Google Scholar 

  19. Mladenov, K.: Formal verification of the implementation of the MQTT protocol in IoT devices. Technical report, University of Amsterdam, Faculty of Physics, Mathematics and Informatics (2017)

    Google Scholar 

  20. Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivability. Technical report, Technical Note CMU/SEI-2001-TN-001, Carnegie Mellon University (2001)

    Google Scholar 

  21. Nagy, S., Hicks, M.: Full-speed fuzzing: reducing fuzzing overhead through coverage-guided tracing. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 787–802 (2019)

    Google Scholar 

  22. Neisse, R., Steri, G., Baldini, G.: Enforcement of security policy rules for the Internet of Things. In: IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2014, pp. 165–172. IEEE Computer Society (2014)

    Google Scholar 

  23. Pacheco, C., Ernst, M.D.: Randoop: feedback-directed random testing for java. In: Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications Companion, pp. 815–816 (2007)

    Google Scholar 

  24. Ramler, R., Buchgeher, G., Klammer, C.: Adapting automated test generation to GUI testing of industry applications. Inf. Softw. Technol. 93, 248–263 (2018)

    Article  Google Scholar 

  25. Ramos, S.H., Villalba, M.T., Lacuesta, R.: MQTT security: a novel fuzzing approach. Wireless Communications and Mobile Computing 2018 (2018)

    Google Scholar 

  26. Shin, S., Kobara, K., Chuang, C., Huang, W.: A security framework for MQTT. In: 2016 IEEE Conference on Communications and Network Security, CNS 2016, Philadelphia, PA, USA, 17–19 October 2016, pp. 432–436. IEEE (2016)

    Google Scholar 

  27. Singh, M., Rajan, M.A., Shivraj, V.L., Balamuralidhar, P.: Secure MQTT for Internet of Things (IoT). In: Fifth International Conference on Communication Systems and Network Technologies, pp. 746–751. IEEE (2015)

    Google Scholar 

  28. Su, W., Chen, W., Chen, C.: An extensible and transparent thing-to-thing security enhancement for MQTT protocol in IotTenvironment. In: 2019 Global IoT Summit, GIoTS 2019, Aarhus, Denmark, 17–21 June 2019, pp. 1–4. IEEE (2019)

    Google Scholar 

  29. Sudhodanan, A., Armando, A., Carbone, R., Compagna, L.: Attack patterns for black-box security testing of multi-party web applications. In: 23rd Network and Distributed System Security Symposium, NDSS 2016, San Diego, CA, 21–24 February 2016. The Internet Society (2016)

    Google Scholar 

  30. Takanen, A., DeMott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance, 1st edn. Artech House, Inc., Norwood (2008)

    MATH  Google Scholar 

  31. Tappler, M., Aichernig, B.K., Bloem, R.: Model-based testing IoT communication via active automata learning. In: IEEE International Conference on Software Testing, Verification and Validation, ICST 2017, Tokyo, Japan, March 2017, pp. 276–287. IEEE (2017)

    Google Scholar 

Download references

Acknowledgement

The research reported in this paper has been supported by the ICT of the Future programme (grant #863129, IoT4CPS) and the COMET Competence Centers Programme (grant #865891, SCCH) managed by FFG and funded by the Austrian federal ministries BMK and BMDW, and the Province of Upper Austria.

Author information

Authors and Affiliations

  1. Software Competence Center Hagenberg, Softwarepark 21, 4232, Hagenberg, Austria

    Hannes Sochor, Flavio Ferrarotti & Rudolf Ramler

Authors
  1. Hannes Sochor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Flavio Ferrarotti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rudolf Ramler
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hannes Sochor .

Editor information

Editors and Affiliations

  1. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Kotsis

  2. Vienna University of Technology, Vienna, Wien, Austria

    A Min Tjoa

  3. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

  4. Software Competence Center Hagenberg, Linz, Austria

    Lukas Fischer

  5. Software Competence Center Hagenberg, Linz, Austria

    Bernhard Moser

  6. Software Competence Center Hagenberg, Linz, Austria

    Atif Mashkoor

  7. Johannes Kepler University of Linz, Linz, Austria

    Johannes Sametinger

  8. University of Innsbruck, Innsbruck, Tirol, Austria

    Anna Fensel

  9. Software Competence Center Hagenberg, Linz, Austria

    Jorge Martinez-Gil

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sochor, H., Ferrarotti, F., Ramler, R. (2020). An Architecture for Automated Security Test Case Generation for MQTT Systems. In: Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2020. Communications in Computer and Information Science, vol 1285. Springer, Cham. https://doi.org/10.1007/978-3-030-59028-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59028-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59027-7

  • Online ISBN: 978-3-030-59028-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation