Talking about secure MQTT I told you that you need:
- To protect the confidentiality of the communication; In other words you don’t want that anyone else connected on the network is capable of reading the data, except for the gateway and the device;
- Authenticate the gateway: the device (thing) needs to be sure that it is sending the data to the “real” gateway and not to someone else;
- Authenticate the thing: the gateway will use the X509 certificate sent by the thing to authenticate the thing.
But, take care that in the configuration phase someone (you?) can take an easy path and in some way weaken the communication.
For example, you can configure the MQTT broker in such a way that it doesn’t require device authentication. This way some “fake” device can connect to your gateway and send fake data.
If you look at the way Iot Cloud Providers configure communication, the client authentication is mandatory.
Well, in my tests with Mosquitto I took the easy path. Well, you know, often I work on these posts on evening, when my mind tends to be “lazy”.
In conclusion: be careful about security. “Things” can discover the real world and act on it. Imagine if someone take controls of your Air Conditioners. He can drive you mad.
And worse things can happen.
No comments:
Post a Comment