An architecture for automated security test case generation for MQTT systems

• Hannes Sochor
• Flavio Ferrarotti
• Rudolf Ramler

• Gabriele Kotsis
• A Min Tjoa
• Ismail Khali
• Lukas Fischer Ph.D.
• Priv.-Doz. Dr. Bernhard A. Moser
• Atif Mashkoor
• Johannes Sametinger
• Anna Fensel
• Dr. Jorge Martinez-Gil

Message Queuing Telemetry Transport (MQTT) protocol is among the preferred publish/subscribe protocols used for Machine-to-Machine (M2M) communication and Internet of Things (IoT). Although the MQTT protocol itself is quite simple, the concurrent iteration of brokers and clients and its intrinsic non-determinism, coupled with the diversity of platforms and programming languages in which the protocol is implemented and run, makes the necessary task of security testing challenging. We address precisely this problem by proposing an architecture for security test generation for systems relying on the MQTT protocol. This architecture enables automated test case generation to reveal vulnerabilities and discrepancies between different implementations. As a desired consequence, when implemented, our architectural design can be used to uncover erroneous behaviours that entail latent security risks in MQTT broker and client implementations. In this paper we describe the key components of our architecture, our prototypical implementation using a random test case generator, core design decisions and the use of security attacks in testing. Moreover, we present first evaluations of the architectural design and the prototypical implementation with encouraging initial results.