Skip to main content
SpringerLink
Log in

Formal Specification and Verification of MQTT Protocol in PlusCal-2

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The recent rise in adaptation of Internet of Things (IoT) concepts has potential to transform industries such as healthcare, manufacturing and power-grids. The communication protocols are at the heart of IoT and one such lightweight protocol being in widespread use is the Message Queue Telemetry Transport (MQTT) protocol. In this paper, we address the need to verify the correctness of the MQTT protocol. We have proposed a PlusCal-2 and TLA+ based formal model to both model check the safety and liveness properties and provide execution traces in case of any violation. We have detailed our models and provided performance analysis results to explain the practicality of our technique.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Data Availability

The data related to the manuscript is available and could be produced if required.

Notes

  1. Available at https://github.com/sabinaakhtar/MQTTSpecs.

  2. https://gforge.inria.fr/projects/pcal2-0/.

References

  1. Houimli, M., Kahloul, L., & Benaoun, S.: Formal specification, verification and evaluation of the MQTT protocol in the Internet of Things. pp. 214–221 (2017)

  2. Vinoski, S. (2006). Advanced message queuing protocol. IEEE Internet Computing, 10(6), 87–89.

    Article  Google Scholar 

  3. Saint-Andre, P., Smith, K., & Tronon, R. (2009). XMPP: The definitive guide building real-time applications with jabber technologies. Newton: O’Reilly Media Inc. http://www.oreilly.de/catalog/9780596521264/index.html.

  4. Banks, A., & Gupta, R. (29 October 2014). MQTT version 3.1.1.

  5. Kovatsch, M. (2013). CoAP for the web of things: From tiny resource-constrained devices to the web browser. In: Proceedings of the 2013 ACM Conference on Pervasive and Ubiquitous Computing Adjunct Publication. UbiComp ’13 Adjunct (pp. 1495–1504). New York, NY: ACM. https://doi.org/10.1145/2494091.2497583.

  6. Karagiannis, V., Chatzimisios, P., Vázquez-Gallego, F., & Alonso-Zarate, J. (2015). A survey on application layer protocols for the internet of things. Transaction on IoT and Cloud Computing, 3, 11–17.

    Google Scholar 

  7. Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., & Deardeuff, M. (2015). How amazon web services uses formal methods. Communications of the ACM, 58(4), 66–73.

    Article  Google Scholar 

  8. Ramos, S. H., Villalba, M. T., & Lacuesta, R. (2018). MQTT security: A novel fuzzing approach. Wireless Communications and Mobile Computing, 2018.

  9. Houimli, M., Kahloul, L., Benaoun, S. (2017). Formal specification, verification and evaluation of the MQTT protocol in the internet of things. In: 2017 International conference on mathematics and information technology (ICMIT) (pp. 214–221).

  10. Mladenov, K., Mavrakis, C., van Winsen, S., & Cyber, K. P. M. G. (2017). Formal verification of the implementation of the MQTT protocol in IoT devices. Amsterdam: University of Amsterdam.

    Google Scholar 

  11. Aziz, B. (2016). On the security of the MQTT protocol. p. 22.

  12. Diwan, M., & D’Souza, M. (2017). A framework for modeling and verifying IoT communication protocols. In: Dependable software engineering. Theories, tools, and applications: third international symposium, SETTA 2017, Proceedings (pp. 266–280). Changsha, China, October 23–25, 2017

  13. Tanabe, K., Tanabe, Y., & Hagiya, M. (2020). Model-based testing for MQTT applications. In M. Virvou, H. Nakagawa, & C. L. Jain (Eds.), Knowledge-based software engineering: 2020 (pp. 47–59). Cham: Springer.

    Chapter  Google Scholar 

  14. Hofer-Schmitz, K., & Stojanovi, B. (2019). Towards formal methods of IoT application layer protocols. In: 2019 12th CMI conference on cybersecurity and privacy (CMI) (pp. 1–6). https://doi.org/10.1109/CMI48017.2019.8962139.

  15. Araujo Rodriguez, L. G., & Macêdo Batista, D.: Program-aware fuzzing for MQTT applications. In: Proceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis. ISSTA 2020 (pp. 582–586). New York, NY, USA: Association for Computing Machinery (2020). https://doi.org/10.1145/3395363.3402645.

  16. Zahoor, E., Ikram, A., Akhtar, S., & Perrin, O. (2018). Authorization policies specification and consistency management within multi-cloud environments. Lecture Notes in Computer Science. In: N. Gruschka (ed.), Secure IT systems: 23rd Nordic conference, NordSec 2018, Proceedings (Vol. 11252, pp. 272–288). Oslo, Norway: Springer, November 28–30, 2018.

  17. Zahoor, E., Bibi, U., & Perrin, O. (2019). Shadowed authorization policies: A disaster waiting to happen? Lecture Notes in Computer Science. In R. Cheng, N. Mamoulis, Y. Sun, & X. Huang (Eds.), Web information systems engineering: WISE 2019—20th International Conference, Hong Kong, China, November 26–30, 2019, Proceedings (Vol. 11881, pp. 341–355). Hong Kong, China: Springer.

  18. Akhtar, S., Merz, S., & Quinson, M. (2010). A high-level language for modeling algorithms and their properties. In: 13th Brazilian symposium on formal methods (SBMF 2010). Natal: Springer.

  19. Yu, Y., Manolios, P., & Lamport, L. (1999). Model checking TLA+ specifications. In: Correct hardware design and verification methods (CHARME’99). Bad Herrenalb: Springer.

  20. Clarke, E. M., Grumberg, O., & Peled, D. (1999). Model checking. Cambridge, MA: MIT Press.

    MATH  Google Scholar 

  21. Akhtar, S., Zahoor, E., Perrin, O. (2017). Formal verification of authorization policies for enterprise social networks using PlusCal-2. In: CollaborateCom 2017: 13th EAI international conference on collaborative computing: networking, applications and worksharing, Edinburg, United Kingdom (pp. 1–10). https://hal.inria.fr/hal-01657116.

  22. Lamport, L. (2002). Specifying systems, the TLA+ language and tools for hardware and software engineers. Addison-Wesley.

  23. Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., & Deardeuff, M. (2013). Use of formal methods at Amazon Web services.

  24. Akhtar, S. (2012). Formal verification of distributed algorithms using Pluscal-2. (vérification formelle d’algorithmes distribués en Pluscal-2). Ph.D. Thesis, University of Lorraine, Nancy, France.

  25. Holzmann, G., Peled, D.: An improvement in formal verification. In: IFIP WG 6.1 conference on formal description techniques (pp. 197–214). Bern: Chapman & Hall (1994)

Download references

Author information

Authors and Affiliations

  1. Bahria University Islamabad Campus, Shangrilla Road, E-8, Islamabad, Pakistan

    Sabina Akhtar

  2. Secure Networks and Distributed Systems Lab (SENDS), National University of Computer and Emerging Sciences, 3 A.K. Brohi Road, H-11/4, Islamabad, Pakistan

    Ehtesham Zahoor

Authors
  1. Sabina Akhtar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ehtesham Zahoor
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed equally to the article. The authors read and approved the final manuscript.

Corresponding author

Correspondence to Sabina Akhtar.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Akhtar, S., Zahoor, E. Formal Specification and Verification of MQTT Protocol in PlusCal-2. Wireless Pers Commun 119, 1589–1606 (2021). https://doi.org/10.1007/s11277-021-08296-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08296-4

Keywords

Search

Navigation