Security problems have grown as a result of the expanding use of Internet of Things (IoT) devices in industries, smart homes, and healthcare. Many of the IoT protocols, such as MQTT and CoAP, were created with portability and efficiency in mind, however they lack inherent security. Others, such as AMQP and HTTP, include stronger mechanisms but introduce more overhead, which makes them harder to use in constrained environments. Because of these distinctions, IoT systems are vulnerable to various attacks. This paper studies the vulnerabilities of four commonly used IoT protocols - MQTT, CoAP, AMQP, and HTTP - through a cross-layer perspective. Controlled experiments were carried out to test how these protocols behave under real attack scenarios at the application, transport, and network layers. Mitigation techniques, including authentication, access control, TLS/DTLS encryption, and rate limiting, were then applied to see how effective they were and what kind of performance cost they introduced. The findings demonstrate that all of the evaluated protocols have cross-layer vulnerabilities, but they also demonstrate that light mitigations can be successful without always resulting in significant performance loss. The study emphasizes that the deployment context has a significant impact on selecting the "right" protocol and security configuration, and that layered and protocol-aware protection tactics are most effective for IoT systems. Also it shows that choosing the "right" protocol and security setup depends strongly on the deployment context, and that IoT systems benefit most from layered and protocol-aware defense strategies.
IoT, protocol vulnerabilities, MQTT, CoAP, AMQP, HTTP, cross-layer security, mitigation, performance
© IACyC is conducted under the administration of the CyberMACS Erasmus-Mundus Masters Programme. cybermacs.org