Research And Implementation Of Scanning Of Internet Of Things Based On MQTT Protocol

With the continuous development of the Internet of Things,Internet of Things security has become an important part of cyberspace security.At the same time,the devices of Io T devices are increasingly exposed.In order to avoid security threats caused by the exposure of Internet of Things assets by malicious attackers,network scanning is of great significance.Message Queuing Telemetry Transport is one of the most widely used application-layer protocols in the Internet of Things.Because MQTT protocol uses plaintext transmission by default and has serious unauthorized access,the asset exposure of MQTT protocol service is more serious.This paper carries out relevant research,mainly including the following three aspects:(1)This paper proposes a network scanning method based on MQTT protocol,and carries out scanning work on the network space security equipment based on MQTT protocol.In this paper,1883 ports of the existing MQTT protocol services in China and the world are explored on a large scale,and the open state of the ports,the distribution of the applied MQTT services and the response of the ports are counted,so as to understand the operating status of the MQTT protocol services in China and over the world.This paper also extracted the subject and payload parts of MQTT protocol message body field,and summarized the existing MQTT service equipment asset exposure and personal privacy disclosure by means of analysis,transcoding,semantic recognition and other methods.(2)This paper proposes a security assessment method using the port to send back the topic and content as the authentication method.According to the scanning results of network space security devices based on MQTT protocol,this method can be used to evaluate the security of existing MQTT ports,and the ports with low security rating can be effectively screened out.(3)This paper designs an encryption scheme for the payload part of MQTT protocol message.Based on the characteristics of a large number of unauthorized access in MQTT protocol security and the limited resources of MQTT protocol service equipment,the key management system was established to encrypt the payload part of message information separately,so as to reduce the existing asset exposure of manufacturers and the disclosure of users’ personal privacy and enhance the security of Internet of Things assets.After conducting network scanning,port security assessment and security improvement on existing MQTT protocol devices,the assets and private data of manufacturers and users can be effectively protected and the security of Internet of Things devices covered by MQTT protocol can be improved.