The Day After Mirai: a Survey on MQTT Security Solutions After the Largest Cyber-attack Carried out through an Army of IoT Devices

Recent news of massive Distributed Denial of Service (DDoS) attacks being carried out using thousands of Internet of Things (IoT) devices transformed into attack bots are nothing else than a wake-up call for all the actors having a role on the IoT stage. The need to define and establish, as quickly as possible, viable security standards able to cope with the heterogeneous requirements arising from the IoT world is urgent, now more than ever. Maybe even before that, the dissemination of basic knowledge connected with the culture of IT security seems to play a major role in the overall security balance for IoT. Since it is more likely that systems using lightweight devices can be more vulnerable to security attacks, in this paper we start with analyzing MQTT, a message-based communication protocol explicitly designed having low-end devices in mind. After that, we move on to describe some of the security solutions and improvements typically suggested and implemented in real-life deployme nts of MQTT. Finally, we conclude this paper with a concise, though not exhaustive, survey on some of the most promising research topics in the IoT security area.