Skip navigation

Assessment and analysis of IoT protocol effectiveness in data exfiltration scenario

Assessment and analysis of IoT protocol effectiveness in data exfiltration scenario

Adesanya, Olanrewaju Mueez, Moradpoor, Naghmeh, Maglaras, Leandros, Lim, Ik Soo ORCID: 0000-0002-9499-8515 and Ferrag, Mohamed Amine (2024) Assessment and analysis of IoT protocol effectiveness in data exfiltration scenario. In: 5th International Workshop on Security and Reliability of IoT Systems (DCOSS-IoT 2024), 29th Apr – 1st May, 2024, Abu Dhabi, United Arab Emirates. (In Press)

[img] PDF (Accepted conference paper)
46878_LIM_assessment_and_analysis_of_IoT_protocol_effectiveness_in_data_exfiltration_scenario.pdf - Accepted Version
Restricted to Repository staff only

Download (931kB) | Request a copy


The rapid growth of Internet of Things technology has introduced an era of numerous interconnected devices, transforming the communication with the physical world. However, the security and privacy of the data generated and stored on these devices have become significant concerns due to the potential risks associated with unauthorized access and data exfiltration. This paper presents a comprehensive study on the characterization and evaluation of IoT protocols for data exfiltration, with a focus on Message Queuing Telemetry Transport versions 3.1.1 and 5.0, Constrained Application Protocol version 1.0, and Websocket, owing to their widespread adoption and diverse characteristics. These protocols are chosen to meet the constraints of IoT devices and networks, where minimal bandwidth utilization and low power consumption are crucial. We employed a multifaceted methodology, incorporating a comprehensive literature review and the Chiton data encapsulation and exfiltration software tool, to assess the security features, vulnerabilities, and performance metrics of these protocols for data exfiltration. Performance evaluations on the three selected protocols were conducted using a live Client-Server network. A laptop served as the server for exfiltrated data collection, while a Raspberry Pi 3 device acted as the IoT Client Publisher. The evaluation included Wireshark as a network protocol analyser and the enhancement of the Chiton Software Tool with custom codes to encapsulate and exfiltrate data within the IoT protocol messages, empirically measuring the selected protocols’ performance, including overhead, latency, and throughput for different data exfiltration scenarios, providing a versatile platform for protocol evaluation. Comparative analysis revealed the strengths and weaknesses of MQTT, CoAP, and Websocket in various data exfiltration scenarios, facilitating the selection of MQTT and Websocket over the CoAP protocol for IoT applications. Lastly, ideas and recommendations for identifying and mitigating data exfiltration in IoT protocols are proposed.

Item Type: Conference or Conference Paper (Paper)
Uncontrolled Keywords: COAP; websocket; MQTT; data integrity and confidentiality; Chiton
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified: 29 Apr 2024 09:13

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics