Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation

Amina Jandoubi; M. Bennani; Olfa Mosbahi; Abdelaziz El Fazziki

doi:10.5220/0012625600003687

Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation

Amina Jandoubi, M. Bennani, Olfa Mosbahi, Abdelaziz El Fazziki

2024

Abstract

The SIGIRO project seeks to create an intelligent system for managing water resources in Marrakech-Safi and Tunisia’s northwest regions. The project introduces a systematic monitoring process to ensure adaptive control to address climate change. SIGIRO gathers data using the MQTT protocol, which has been the target of several cyberattacks in recent years. The absence of a formal description of these attacks leaves the field open to interpretation, leading to distinct implementations for a given attack. In this article, we formalize these attacks, provide descriptions, and check their exactness. We offer a systematic approach to formalizing seven attack scenarios targeting the MQTT protocol. Using the LTL temporal logic formalism, we generate 12 LTL formulas, each precisely describing a specific attack scenario. We classify these formulas into four categories according to a sequence of observation and injection events. These events are the abstract elements needed to control the attacks’ implementation. We verify our proposed formulas using the TLC Model Checker. We show the procedure to encode the LTL formula using TLA+ language. For each attack formula, the verification process generates a counterexample proving the occurrence of the formalized attack. These counterexamples model the execution sequence leading to the breach while providing key metrics such as the number of states generated, the number of pending states, the elapsed time, and the identification of redundant states. Based on the execution traces obtained, we formulate proposals for enhancing the specification of the MQTT protocol.

Download

Paper Citation

in Harvard Style

Jandoubi A., Bennani M., Mosbahi O. and El Fazziki A. (2024). Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation. In Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE; ISBN 978-989-758-696-5, SciTePress, pages 370-378. DOI: 10.5220/0012625600003687

in Bibtex Style

@conference{enase24,
author={Amina Jandoubi and M. Bennani and Olfa Mosbahi and Abdelaziz El Fazziki},
title={Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation},
booktitle={Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE},
year={2024},
pages={370-378},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012625600003687},
isbn={978-989-758-696-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE
TI - Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation
SN - 978-989-758-696-5
AU - Jandoubi A.
AU - Bennani M.
AU - Mosbahi O.
AU - El Fazziki A.
PY - 2024
SP - 370
EP - 378
DO - 10.5220/0012625600003687
PB - SciTePress