An Assessment Platform of Cybersecurity Attacks against the MQTT Protocol using SIEM

The industry of shared self-driving is increasingly interested in the Message Queuing Telemetry Transport (MQTT) solution to develop and evaluate their autonomous and shared mobility services. This solution would have the advantage of making data exchange easier between autonomous vehicles themselves and between vehicles and infrastructure. Nevertheless, there are a number of security threats due to the design and the use of the MQTT protocol. Some of these threats are denial of service (DoS), spoofing, information disclosure and data corruption. These security issues can be caused by external attackers as well as internal entities that are successfully authenticated. This paper analyzes the impact of these attacks on the performance of MQTT protocol with TLS in terms of CPU/RAM usage and latency. For that, we provide in this paper an in-depth overview of cybersecurity attacks that can disrupt the MQTT protocol and we also present an evaluation platform using Security Information and Event Management (SIEM) architecture that automatically collects and aggregates system events from the server to assess the impact of the cyber attacks. The results indicate that these attacks have highly negative influence on the performance of broker. These results will contribute in the future to implement new countermeasures to improve cybersecurity of MQTT protocol.