IARJSET International Advanced Research Journal in Science, Engineering and Technology Impact Factor 7.105Vol. 9, Issue 1, January 2022 DOI: 10.17148/IARJSET.2022.9136 © IARJSET This work is licensed under a Creative Commons Attribution 4.0 International License 209 ISSN (O) 2393-8021, ISSN (P) 2394-1588 A Study on MQTT Protocol and its Cyber Attacks Abhay Pratap Singh 1 , Amit Kumar 2 , Vipin Kumar 3 Research Scholar, Department of Computer Science, Gurukula Kangri (Deemed to be University), Haridwar, India 1,2,3 Abstract: The Internet of Thing (IoT) is a model of interconnected objects, devices, systems, and other items which are embedded with communication hardware, software, processors and network connectivity, which enables these objects to congregate and swap information. Fast revolution in the field of information communication, technologies, and digital things, are compelling quick information of IoT over the world. In IoT, device to device communication is considered through either Pushing or pulling protocol. Push protocol is more suitable for IoT devices because of its lightweight and high productivity. There are many push protocols available for IoT, where a user does not look for any kind of information. In which MQTT is widely utilized because of its frivolous and bandwidth efficiency. Security is one of the main cares with regards to IoT networks. Since it is not easy to implement robust security mechanism in most of IoT devices because of its restriction in resources and power consumption. MQTT protocol has been implemented because of its little cost and ease software platform which is appropriate for IoT application. This paper gives idea about various attacking scenarios in MQTT protocol and its introduction. Keywords: IoT, MQTT, Push protocol, Publish/Subscribe, Attacks, Security. I. INTRODUCTION The world ‘smart’ used before the name of IoT devices such as smart TV, Smartphone which means that these devices are connected to the internet and the capability to transmission data over a network [1]. The IoT has been developed expressively and is progressing towards maturity. Through this maturity it is possible to blend anything, from something as small as a needle to something large as an aeroplane. It can be looked as “a global network which provides the communication between human-to-human, human-to-things, things-to-human, and things-to-things through constructing a unique identity for each object”. For making the network IoT, various objects which include embedded sensors, software, wireless communication, processors, and electronics can be connected together. The IoT has amalgamation of two terms. The first term arises from the word ‘Internet’, which be integrated the billions of user, devices, personal system and even the business organizations. The second term is Thing, which informs to intelligent item. From past few years the world has practiced dashing enhancement and functionality in technology, which has had a treasured impact on our daily lives. In IoT, there are some important prominent protocols used as a communication protocols given as HTTP, MQTT, AMQP, and XMPP. While selecting protocols for communication, we will have to look at some considerations; energy, efficiency, performance, resource usage, and reliability. MQTT is considered as best protocol because of its reliability, advanced functionality and able to secure multicast messages [2] The crescent number of incident of cyber criminals is compromising IoT devices. The prejudicial impact of security threats indicates by cyber-attacks in the IoT. In the IoT bionetwork, users can distantly retrieve IoT devices through using the application broker or middleware technologies [3]. The major security risk is straight revealing IoT devices to the internet for message transmission and remote control. Most of the IoT devices use middleware or message broker for bidirectional communication and remote control. These IoT devices function from behind firewalls. Several protocols have been evolved to accomplish the bidirectional communication and data transfer between IoT devices (D2D) and between devices and server/cloud (D2S). Among them, MQTT has appeared as the widely embraced protocol. An internet facing broker server uses to enable the exchange of information and messages between clients by this protocol, which are Smartphone, system and IoT devices. So far protecting the IoT environment, the security attacks in MQTT protocol needs to be recognized, that is already built on this protocol. On the month of September 2016, a massive Distributed Denial of Service (DDoS) attack was launched by the largest attack, exceeding 620 gigabits per second (Gbps). This DDoS attack has been carried out using named, Mirai. In early October, Krebs on Security narrated attack based on a separated malware family, which was responsible for other IoT botnet attack. Source code of this malware is not yet revealed public, is named Bashlite. Few security mechanisms are provided by this paper. Since IoT consist of several numbers of heterogeneous things, a dominant security mechanism should be lightweight for approbation. Hence in TLS, for each session key exchanges and collecting certificates is very heavy to secure MQTT protocol.