Next Article in Journal
Development of User-Participatory Crowdsensing System for Improved Privacy Preservation
Next Article in Special Issue
Revisiting the High-Performance Reconfigurable Computing for Future Datacenters
Previous Article in Journal
Feature Selection Algorithms as One of the Python Data Analytical Tools
Previous Article in Special Issue
LPWAN Technologies: Emerging Application Characteristics, Requirements, and Design Considerations
Open AccessReview

Security of IoT Application Layer Protocols: Challenges and Findings

Department of Electrical, Computer and Biomedical Engineering, University of Pavia, I-27100 Pavia, Italy
Author to whom correspondence should be addressed.
Future Internet 2020, 12(3), 55;
Received: 17 January 2020 / Revised: 28 February 2020 / Accepted: 14 March 2020 / Published: 17 March 2020
(This article belongs to the Collection Featured Reviews of Future Internet Research)
IoT technologies are becoming pervasive in public and private sectors and represent presently an integral part of our daily life. The advantages offered by these technologies are frequently coupled with serious security issues that are often not properly overseen or even ignored. The IoT threat landscape is extremely wide and complex and involves a wide variety of hardware and software technologies. In this framework, the security of application layer protocols is of paramount importance since these protocols are at the basis of the communications among applications and services running on different IoT devices and on cloud/edge infrastructures. This paper offers a comprehensive survey of application layer protocol security by presenting the main challenges and findings. More specifically, the paper focuses on the most popular protocols devised in IoT environments for messaging/data sharing and for service discovery. The main threats of these protocols as well as the Common Vulnerabilities and Exposures (CVE) for their products and services are analyzed and discussed in detail. Good practices and measures that can be adopted to mitigate threats and attacks are also investigated. Our findings indicate that ensuring security at the application layer is very challenging. IoT devices are exposed to numerous security risks due to lack of appropriate security services in the protocols as well as to vulnerabilities or incorrect configuration of the products and services being deployed. Moreover, the constrained capabilities of these devices affect the types of security services that can be implemented. View Full-Text
Keywords: IoT; security; threat; mitigation; application layer protocols; CVE; MQTT; CoAP; mDNS; SSDP; AMQP; DDS; XMPP; good practices IoT; security; threat; mitigation; application layer protocols; CVE; MQTT; CoAP; mDNS; SSDP; AMQP; DDS; XMPP; good practices
Show Figures

Figure 1

MDPI and ACS Style

Nebbione, G.; Calzarossa, M.C. Security of IoT Application Layer Protocols: Challenges and Findings. Future Internet 2020, 12, 55.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Search more from Scilit
Back to TopTop