Automated security test generation for MQTT using attack patterns

Authors Hannes Sochor
Flavio Ferrarotti
Rudolf Ramler
Editors
Title Automated security test generation for MQTT using attack patterns
Booktitle ARES'20: Proccedings of the 15th International Conference on Availability, Reliability and Security
Type in proceedings
Publisher ACM
ISBN 978-1-4503-8833-7
DOI 10.1145/3407023.3407078
Month August
Year 2020
Pages article 97, 1-9
SCCH ID# 20048
Abstract

The dramatic increase of attacks and malicious activities has made security a major concern in the development of interconnected cyber-physical systems and raised the need to address this concern also in testing. The goal of security testing is to discover vulnerabilities in the system under test so that they can be fixed before an attacker finds and abuses them. However, testing for security issues faces the challenge of systematically exploring a potentially non-tractable number of interaction scenarios that have to include also invalid inputs and possible harmful interaction attempts. In this paper, we describe an approach for automated generation of test cases for security testing, which are based on attack patterns. These patterns are blueprints that can be used for exploiting common vulnerabilities. The approach combines random test case generation with attack patterns implemented for the Message Queuing Telemetry Transport (MQTT) protocol. We have applied the proposed testing approach to five popular and widely available MQTT brokers, generating 1,804 interaction sequences in form of executable test cases which resulted in numerous test failures, unhandled exceptions and crashes. A detailed manual analysis of these cases have revealed 28 security-relevant issues and critical shortcomings in the tested MQTT broker implementations.