Security Vulnerabilities and Cyber Threat Analysis of the AMQP Protocol for the Internet of Things

The Internet of Things (IoT) expands the global Internet-connected network to encompass device-to-device, device-to-server, and server-to-server connectivity for an ever-increasing variety of end-user devices. IoT remains a somewhat amorphous entity, with little in the way of coordinated development, and is undermined largely by a manufacturer-driven scramble to be first-to-market with the latest innovation. Communication between IoT devices/servers relies on underlying protocols, which must be efficient and effective to establish and maintain reliability and integrity of data transfer. However, the lack of coordination during IoT’s expansion has resulted in a variety of communications protocols being developed. AMQP (Advanced Message Queuing Protocol) originated from the financial sector’s requirement for an improved messaging system that was fast, reliable and independent of end-user platform configurations. AMQP is an open-source server-to-server communications protocol which allows the addition of user-specific extensions. The software coding of such end-user-developed modules can be insufficient regarding threat-mitigation and can make the end product vulnerable to cyber-attack. Through this paper, we present vulnerability and threat analysis for AMQP-based IoT systems.