Explore a 20-minute IEEE conference talk on enhancing Internet-of-Things (IoT) client security through Language-theoretic Security (LangSec). Delve into a methodology for building secure input-handling functionality in application-layer IoT protocols, focusing on XMPP and MQTT implementations. Learn about the creation of efficient clients with less than 100 lines of code that accurately recognize valid messages. Compare CPU performance against widely deployed protocol implementations and examine the approach's limitations. Gain insights into the importance of principled input handling in addressing prevalent vulnerabilities in the IoT era.
Building Hardened Internet-of-Things Clients with Language-Theoretic Security
Overview
Syllabus
Introduction
Outline
Problem
Language
Protocols
MQTT
MQTT Protocol
MQTT State Machine
XMPP
XMPP Messages
Contributions
Passing in the IoT
Approach
Methodology
State Machine Gem
Writing Individual Passes
Limitations
Results
Performance
MQTT Performance
Simple Phaser
Parse Tree
Fuzzing Limitations
Lessons Learned
Next Steps
Taught by
IEEE Symposium on Security and Privacy
