{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T11:21:58Z","timestamp":1781090518541,"version":"3.54.1"},"reference-count":109,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3412030","type":"journal-article","created":{"date-parts":[[2024,6,10]],"date-time":"2024-06-10T17:28:15Z","timestamp":1718040495000},"page":"139273-139289","source":"Crossref","is-referenced-by-count":36,"title":["Securing MQTT Ecosystem: Exploring Vulnerabilities, Mitigations, and Future Trajectories"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6036-395X","authenticated-orcid":false,"given":"Shams Ul Arfeen","family":"Laghari","sequence":"first","affiliation":[{"name":"National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Pulau Pinang, Malaysia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4342-6676","authenticated-orcid":false,"given":"Wenhao","family":"Li","sequence":"additional","affiliation":[{"name":"National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Pulau Pinang, Malaysia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4378-1954","authenticated-orcid":false,"given":"Selvakumar","family":"Manickam","sequence":"additional","affiliation":[{"name":"National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Pulau Pinang, Malaysia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5748-155X","authenticated-orcid":false,"given":"Priyadarsi","family":"Nanda","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and IT, University of Technology Sydney, Sydney, NSW, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6559-0433","authenticated-orcid":false,"given":"Ayman Khallel","family":"Al-Ani","sequence":"additional","affiliation":[{"name":"Department of Cybersecurity Engineering Technology, Al-Hikma University College, Baghdad, Iraq"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4801-6370","authenticated-orcid":false,"given":"Shankar","family":"Karuppayah","sequence":"additional","affiliation":[{"name":"National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Pulau Pinang, Malaysia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"issue":"7","key":"ref1","first-page":"97","article-title":"That \u2018Internet of Things\u2019 thing","volume":"22","author":"Ashton","year":"2009","journal-title":"RFID J."},{"issue":"1","key":"ref2","first-page":"1","article-title":"Towards a definition of the Internet of Things (IoT)","volume":"1","author":"Minerva","year":"2015","journal-title":"IEEE Internet Initiative"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.3390\/app12031607"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/2238233"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cie.2022.108455"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.clscn.2022.100065"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCE.2016.8073787"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-019-02043-1"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/COINS57856.2023.10189261"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2021.0120737"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.11591\/ijeecs.v31.i2.pp986-994"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.11591\/ijeecs.v29.i2.pp797-807"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/NOTERE.2016.7745830"},{"key":"ref14","article-title":"Comparative study of IoT protocols","author":"Elhadi","year":"2018","journal-title":"Smart Appl. Data Anal. Smart Cities"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICCW.2016.7503802"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3390\/vehicles6010020"},{"key":"ref17","volume-title":"Shodan Search Engine","year":"2023"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.58496\/MJCS\/2023\/010"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3127515"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2021.0120828"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2023.08.010"},{"key":"ref22","volume-title":"Exposed IoT Servers Let Hackers Unlock Prison Cells, Modify Pacemakers","author":"Zack","year":"2023"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.12720\/jcm.14.6.463-469"},{"issue":"1","key":"ref24","first-page":"458","article-title":"A review on security approaches of MQTT protocol with respect to Internet of Things","volume":"7","author":"Oza","year":"2020","journal-title":"Int. J. Res. Anal. Rev."},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SmartCloud49737.2020.00032"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1080\/03772063.2021.1912651"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.5120\/ijca2018916438"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ISCTURKEY53027.2021.9654337"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2018.8554472"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2019.0180"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560680"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00019"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2444095"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCS48705.2020.9074399"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.11591\/ijeecs.v21.i3.pp1663-1672"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ISETC50328.2020.9301055"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/EECSI.2017.8239179"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC49032.2021.9369499"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2919971"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3409334.3452067"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.2352\/ISSN.2470-1173.2021.3.MOBMU-096"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/IICETA51758.2021.9717495"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/WF-IoT.2016.7845397"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3386164.3389095"},{"key":"ref46","article-title":"A real time demonstrative analysis of lightweight payload encryption in resource constrained devices based on MQTT","author":"Menyah","year":"2017"},{"key":"ref47","article-title":"MQTT protocol for resource constrained IoT applications: A review","volume-title":"Proc. Int. Conf. Syst., Energy Environ.","author":"Aleesha"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/CCECE58730.2023.10288857"},{"key":"ref49","first-page":"1","article-title":"Man-in-the-middle attacks on MQTT-based IoT using BERT based adversarial message generation","volume-title":"Proc. KDD AIoT Workshop","author":"Wong"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/iThings-GreenCom-CPSCom-SmartData.2017.115"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.3390\/s20102932"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.3390\/info11090452"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"},{"key":"ref54","volume-title":"NVD\u2014CVE-2017\u20137653","year":"2017"},{"key":"ref55","volume-title":"NVD\u2014CVE-2020\u201313821","year":"2020"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3266385"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.44"},{"key":"ref58","first-page":"1183","article-title":"Shattered chain of trust: Understanding security risks in cross-cloud IoT access delegation","volume-title":"Proc. 29th USENIX Security Symp.","author":"Yuan"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2019.09.002"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.05.002"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2020.0110743"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/TPSISA52974.2021.00016"},{"key":"ref63","volume-title":"Over 3.7m Accounts Were Compromised in the Flexbooker Data Breach","author":"Paganini","year":"2024"},{"key":"ref64","volume-title":"Report: Conferencing Service Exposes Private Customers\u2019 Meetings","year":"2024"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-19-6755-9_4"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.6029\/smartcr.2015.04.004"},{"key":"ref67","article-title":"Strange Wi-Fi spots may harbor hackers: ID thieves may lurk behind a hot spot with a friendly name","author":"Smith","year":"2007"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.12.011"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.sbspro.2014.07.133"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2011.6107876"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-42500-5_5"},{"issue":"15","key":"ref72","first-page":"36","article-title":"A survey on security threats and solutions in the age of IoT","author":"Ata\u00e7","year":"2019","journal-title":"Avrupa Bilim ve Teknoloji Dergisi"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.31"},{"key":"ref74","volume-title":"MQTT-PWN Documentation","author":"Abeles","year":"2019"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/SERVICES.2019.00023"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/IntelCIS.2015.7397267"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/IPACT.2017.8245126"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3340503"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/35.312842"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/CDAN.2016.7570945"},{"issue":"162","key":"ref81","first-page":"1","article-title":"Guide to attribute based access control (ABAC) definition and considerations (draft)","volume":"800","author":"Hu","year":"2013","journal-title":"NIST Special Publication"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102907"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.3390\/s22020567"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64758-2_6"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.3390\/s20226578"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3161566"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/6516253"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.3390\/s21217016"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC57700.2023.00093"},{"key":"ref90","article-title":"Combining MQTT and blockchain to improve data security","volume-title":"Proc. 3rd Int. Workshop Emerg. Trends Softw. Eng. Blockchain (WETSEB)","author":"Katende"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.3390\/s20072002"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1016\/j.bcra.2023.100158"},{"key":"ref93","first-page":"1","article-title":"Implementation of MQTT\/CoAP honeypots and analysis of observed data","volume-title":"Proc. 13th Int. Conf. Emerg. Secur. Inf., Syst. Technol.","volume":"10","author":"Shimada"},{"key":"ref94","article-title":"Understanding security flaws of IoT protocols through honeypot technologies: ThingPot\u2014An IoT platform honeypot","author":"Wang","year":"2017"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/8261746"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM48880.2022.9796755"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-20160-8_9"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.3390\/en16010008"},{"issue":"21","key":"ref99","doi-asserted-by":"crossref","first-page":"8304","DOI":"10.3390\/en15218304","article-title":"Energy-aware UAV based on blockchain model using IoE application in 6G network-driven cybertwin","volume":"15","author":"Kathole","year":"2022","journal-title":"Energies"},{"key":"ref100","first-page":"649","article-title":"A blockchain-based approach to ensuring the security of electronic data","volume":"12","author":"Patil","year":"2024","journal-title":"Int. J. Intell. Syst. Appl. Eng."},{"key":"ref101","first-page":"472","article-title":"IoT-based smart agriculture for onion plant disease management: A comprehensive approach","volume":"12","author":"Kathole","year":"2024","journal-title":"Int. J. Intell. Syst. Appl. Eng."},{"key":"ref102","first-page":"477","article-title":"IoT-enabled agricultural waste management for sustainable energy generation","volume":"12","author":"Kumbhare","year":"2024","journal-title":"Int. J. Intell. Syst. Appl. Eng."},{"key":"ref103","doi-asserted-by":"crossref","DOI":"10.1016\/j.pmcj.2019.101105","article-title":"Energy-aware dynamic Internet of Things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks","volume":"61","author":"De Rango","year":"2020","journal-title":"Pervas. Mobile Comput."},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2020.3026027"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC.2019.8885553"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/3477086.3480838"},{"key":"ref107","volume-title":"Fofa Search Engine","year":"2024"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1080\/24751839.2020.1767484"},{"key":"ref109","volume-title":"Common Vulnerabilities and Exposures","year":"2024"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10380310\/10552255.pdf?arnumber=10552255","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,9]],"date-time":"2024-10-09T17:56:42Z","timestamp":1728496602000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10552255\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":109,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3412030","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}