Security Analysis of a Communication Protocol: MQTT
For IoT developers and security practitioners, this paper provides a security analysis of MQTT, but the findings are incremental and well-known.
The paper identifies critical security vulnerabilities in MQTT, such as lack of encryption and authentication, through theoretical review and experimental attacks in a simulated smart home, and proposes mitigation strategies.
This paper analyzes the security of the Message Queuing Telemetry Transport (MQTT) protocol in the context of the Internet of Things (IoT). The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined with an experimental demonstration in a simulated Smart Home environment. Eavesdropping, Tampering, Denial of Service (DoS), and Brute Force attacks were executed and analyzed. The results evidenced critical risks due to the absence of robust encryption and authentication. Finally, mitigation strategies and best practices are proposed to strengthen MQTT implementations.