Australian Information Security Management Conference

Document Type

Conference Proceeding


Security Research Institute, Edith Cowan University


Associate Professor Mike Johnstone




Malik, M.I, McAteer, I.N., Hannay, P., Syed, N.F., & Zubair, B. (2018). XMPP architecture and security challenges in an IoT ecosystem. In proceedings of the 16th Australian Information Security Management Conference (pp. 62-73). Perth, Australia: Edith Cowan University.


The elusive quest for technological advancements with the aim to make human life easier has led to the development of the Internet of Things (IoT). IoT technology holds the potential to revolutionise our daily life, but not before overcoming barriers of security and data protection. IoTs’ steered a new era of free information that transformed life in ways that one could not imagine a decade ago. Hence, humans have started considering IoTs as a pervasive technology. This digital transformation does not stop here as the new wave of IoT is not about people, rather it is about intelligent connected devices. This proliferation of devices has also brought serious security issues not only to its users but the society as a whole. Application layer protocols form an integral component of IoT technology stack, and XMPP is one of such protocol that is efficient and reliable that allows real-time instant messaging mechanism in an IoT ecosystem. Though the XMPP specification possesses various security features, some vulnerabilities also exist that can be leveraged by the attacking entity to compromise an IoT network. This paper will present XMPP architecture along with various security challenges that exist in the protocol. The paper has also simulated a Denial of Service (DoS) attack on the XMPP server rendering its services unresponsive to its legitimate clients.