Abstract
The recent rise in adaptation of Internet of Things (IoT) concepts has potential to transform industries such as healthcare, manufacturing and power-grids. The communication protocols are at the heart of IoT and one such lightweight protocol being in widespread use is the Message Queue Telemetry Transport (MQTT) protocol. In this paper, we address the need to verify the correctness of the MQTT protocol. We have proposed a PlusCal-2 and TLA+ based formal model to both model check the safety and liveness properties and provide execution traces in case of any violation. We have detailed our models and provided performance analysis results to explain the practicality of our technique.
Similar content being viewed by others
Data Availability
The data related to the manuscript is available and could be produced if required.
References
Houimli, M., Kahloul, L., & Benaoun, S.: Formal specification, verification and evaluation of the MQTT protocol in the Internet of Things. pp. 214–221 (2017)
Vinoski, S. (2006). Advanced message queuing protocol. IEEE Internet Computing, 10(6), 87–89.
Saint-Andre, P., Smith, K., & Tronon, R. (2009). XMPP: The definitive guide building real-time applications with jabber technologies. Newton: O’Reilly Media Inc. http://www.oreilly.de/catalog/9780596521264/index.html.
Banks, A., & Gupta, R. (29 October 2014). MQTT version 3.1.1.
Kovatsch, M. (2013). CoAP for the web of things: From tiny resource-constrained devices to the web browser. In: Proceedings of the 2013 ACM Conference on Pervasive and Ubiquitous Computing Adjunct Publication. UbiComp ’13 Adjunct (pp. 1495–1504). New York, NY: ACM. https://doi.org/10.1145/2494091.2497583.
Karagiannis, V., Chatzimisios, P., Vázquez-Gallego, F., & Alonso-Zarate, J. (2015). A survey on application layer protocols for the internet of things. Transaction on IoT and Cloud Computing, 3, 11–17.
Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., & Deardeuff, M. (2015). How amazon web services uses formal methods. Communications of the ACM, 58(4), 66–73.
Ramos, S. H., Villalba, M. T., & Lacuesta, R. (2018). MQTT security: A novel fuzzing approach. Wireless Communications and Mobile Computing, 2018.
Houimli, M., Kahloul, L., Benaoun, S. (2017). Formal specification, verification and evaluation of the MQTT protocol in the internet of things. In: 2017 International conference on mathematics and information technology (ICMIT) (pp. 214–221).
Mladenov, K., Mavrakis, C., van Winsen, S., & Cyber, K. P. M. G. (2017). Formal verification of the implementation of the MQTT protocol in IoT devices. Amsterdam: University of Amsterdam.
Aziz, B. (2016). On the security of the MQTT protocol. p. 22.
Diwan, M., & D’Souza, M. (2017). A framework for modeling and verifying IoT communication protocols. In: Dependable software engineering. Theories, tools, and applications: third international symposium, SETTA 2017, Proceedings (pp. 266–280). Changsha, China, October 23–25, 2017
Tanabe, K., Tanabe, Y., & Hagiya, M. (2020). Model-based testing for MQTT applications. In M. Virvou, H. Nakagawa, & C. L. Jain (Eds.), Knowledge-based software engineering: 2020 (pp. 47–59). Cham: Springer.
Hofer-Schmitz, K., & Stojanovi, B. (2019). Towards formal methods of IoT application layer protocols. In: 2019 12th CMI conference on cybersecurity and privacy (CMI) (pp. 1–6). https://doi.org/10.1109/CMI48017.2019.8962139.
Araujo Rodriguez, L. G., & Macêdo Batista, D.: Program-aware fuzzing for MQTT applications. In: Proceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis. ISSTA 2020 (pp. 582–586). New York, NY, USA: Association for Computing Machinery (2020). https://doi.org/10.1145/3395363.3402645.
Zahoor, E., Ikram, A., Akhtar, S., & Perrin, O. (2018). Authorization policies specification and consistency management within multi-cloud environments. Lecture Notes in Computer Science. In: N. Gruschka (ed.), Secure IT systems: 23rd Nordic conference, NordSec 2018, Proceedings (Vol. 11252, pp. 272–288). Oslo, Norway: Springer, November 28–30, 2018.
Zahoor, E., Bibi, U., & Perrin, O. (2019). Shadowed authorization policies: A disaster waiting to happen? Lecture Notes in Computer Science. In R. Cheng, N. Mamoulis, Y. Sun, & X. Huang (Eds.), Web information systems engineering: WISE 2019—20th International Conference, Hong Kong, China, November 26–30, 2019, Proceedings (Vol. 11881, pp. 341–355). Hong Kong, China: Springer.
Akhtar, S., Merz, S., & Quinson, M. (2010). A high-level language for modeling algorithms and their properties. In: 13th Brazilian symposium on formal methods (SBMF 2010). Natal: Springer.
Yu, Y., Manolios, P., & Lamport, L. (1999). Model checking TLA+ specifications. In: Correct hardware design and verification methods (CHARME’99). Bad Herrenalb: Springer.
Clarke, E. M., Grumberg, O., & Peled, D. (1999). Model checking. Cambridge, MA: MIT Press.
Akhtar, S., Zahoor, E., Perrin, O. (2017). Formal verification of authorization policies for enterprise social networks using PlusCal-2. In: CollaborateCom 2017: 13th EAI international conference on collaborative computing: networking, applications and worksharing, Edinburg, United Kingdom (pp. 1–10). https://hal.inria.fr/hal-01657116.
Lamport, L. (2002). Specifying systems, the TLA+ language and tools for hardware and software engineers. Addison-Wesley.
Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., & Deardeuff, M. (2013). Use of formal methods at Amazon Web services.
Akhtar, S. (2012). Formal verification of distributed algorithms using Pluscal-2. (vérification formelle d’algorithmes distribués en Pluscal-2). Ph.D. Thesis, University of Lorraine, Nancy, France.
Holzmann, G., Peled, D.: An improvement in formal verification. In: IFIP WG 6.1 conference on formal description techniques (pp. 197–214). Bern: Chapman & Hall (1994)
Author information
Authors and Affiliations
Contributions
All authors contributed equally to the article. The authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Akhtar, S., Zahoor, E. Formal Specification and Verification of MQTT Protocol in PlusCal-2. Wireless Pers Commun 119, 1589–1606 (2021). https://doi.org/10.1007/s11277-021-08296-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08296-4