Loading...

Investigating Distributed Denial of Service Attacks on MQTT Protocol And Proposal of New Attack Scenarios

Sadegh Esfahani, Hatef | 2023

53 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 56580 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Aref, Mohammad Reza; Salmasizadeh, Mahmoud
  7. Abstract:
  8. MQTT (Message Queuing Telemetry Transport) is one of the essential and widely used protocols in the Internet of Things (IoT) networks. It operates at the application layer (Layer 7) for data transmission. As IoT applications using this protocol for communication have grown, securing such systems against security attacks has become a significant challenge. One of the important attacks implementable by IoT networks is Distributed Denial of Service (DDoS) attacks. In this thesis, we initially provide a general overview of IoT security and demonstrate how DDoS attacks disrupt the availability feature in these networks. We then examine known types of DDoS attacks to gain a better understanding of this attack. Furthermore, by introducing features of the MQTT protocol that impact DDoS attacks, we propose several new DDoS attack scenarios on this protocol. Three of the proposed attack scenarios are designed to include a control packet signature. These control packets, capable of being used in DDoS attacks, include connect, publish, and ping packets. Another achievement of this thesis is the proposal of two more proactive scenarios. The Combination scenario introduces more complex behavior to compromised users, making it harder to distinguish between legitimate users traffic and DDoS attacks traffic compared to previous scenarios. In the last scenario, known as the Amplification scenario, attackers can leverage certain MQTT protocol features, such as one-to-many property or publish-subscribe structure, to amplify their attacks with an amplification factor greater than one against the victim system. Alongside attack diagrams and charts, the outputs of these proposed attacks, in the form of a CSV file, create a diverse dataset for use in the detection and mitigation stages of this protocol. To collect these outputs, we introduced an intermediary packet handler node called Port-Forwarding when setting up attack infrastructure to record the required data. Additionally, this entity can be used for placing detection and mitigation systems. Finally, after introducing all scenarios, we simulated each one multiple times with different parameters, comparing packet loss and practical amplification factor in each attack. We demonstrated that among the proposed scenarios, the Amplification scenario leads to the removal of more packets from the network
  9. Keywords:
  10. Distributed Denial of Service (DDOS)Attack ; Internet of Things ; Network Security ; Message Queuing Telemetry Transport (MQTT) ; Denial of Service (DOS)Attack Detection

 Digital Object List

 Bookmark

No TOC