Fight Industrial Data Security Breaks with Secure Enterprise MQTT Broker

Fight Industrial Data Security Breaks with Secure Enterprise MQTT Broker

We all know that our world is more connected. Billions of intelligent tools and machines are generating enormous amounts of data, which creates enormous potential for businesses and other organizations to optimize their operations and achieve efficiency. As IoT devices continue to evolve, every newly connected product is vulnerable to hackers, and security turns into a significant concern. Fighting the industrial data security breaks is a 100% mandate to protect critical data in any place it dwells. Bevywise MQTTRoute provides an option to enable encrypted data transmission for better MQTT data security. It works with all standard SSL / TLS certificates and runs with a self-signed certificate. This article provides complete guidance on securing the delicate data that you transfer over the Enterprise MQTT Broker.

MQTT Broker Security Fundamentals

With regards to security in Enterprise MQTT Broker, there are some fundamental concepts to take into account they are identity, authentication, authorization, and encryption. In this tutorial, we take a gander at how you can confine access to a broker, and protect your data using different security systems.

Identity

Every client has a unique Client ID. The Enterprise MQTT broker indicates that the client must report the client ID when requesting a connection. When the broker receives a connect command from the client, it determines whether to allow the client to connect only if the received message contains a legitimate client ID, user name, and password. The client can use UUID, mac address of the network device, or other unique client information as the client ID.

Authentication With X.509

This is the safest method for client authentication. In addition to authentication with username and password, the MQTT broker allows a device to authenticate with an X.509 certificate. This certificate provides authentication at the transport level. X.509 uses a public key infrastructure to verify that a public key belongs to a client. In the X.509, a certificate authority is introduced to verify the identity of a client. During the handshake process, the client presents the broker with its certificate, which contains information such as identity and public key. Then the broker relays this certificate to the certificate authority for verification. After verifying the client certificate, the broker ensures it is genuine or not and gain trust in the binding with the client name and public key.

Client Authentication

There are three ways to verify the identity of the MQTT client on Bevywise MQTT broker : the Client IDs, Usernames and Passwords, and the Client Certificates.

Client ids

All MQTT clients must provide a client id. When a client subscribes to a topic the client id links the topic to the client and the TCP connection. With constant connections, the broker remembers client IDs and subscribed topics. When configuring the MQTT client you need to relegate the Name / ID to the client. However the Bevywise MQTT Broker allows you to impose client id prefix restrictions on the client name, and this provides some basic client security. You will find this setting in the security settings section of the broker.conf file.

########### prefix for Random Clientid Generation ###########
[MQTT]
CLIENTID_PREFIX = Bevywise-

Username and Password

An Enterprise MQTT broker can request a valid username and password from a client before allowing a connection. The username and password combination is transmitted in plain text and is not secure without some form of transport encryption. However, it does provide an easy way of restricting access to a broker and is probably the most common form of identification used. The username used for authentication can also be used in restricting access to topics. On the Bevywise MQTT broker, you need to configure settings for this to work. Again you will find these settings in the security section of the broker.conf file. The devices can connect using MQTT Username / Password or you can connect it without the username and password. You have to change NO to YES if you are planning to use Authentication.

################ Device Authentication #################
[AUTHENTICATION]
AUTHENTICATION_ENABLED = YES
# YES || NO

To create the passwords you will need to use the utility that comes with the broker. You can add the Username and passwords on the UI under the Security tab for secure client connections.

Authorization

Authorization is managing the clients’ rights. The most common types of authorization used are Role-Based Access Controls (RBAC) and Access Control List (ACL). RBAC provides a level of abstraction between the client and the main resources. It facilitates the administration of security in a large organization. This allows the broker to authorize the clients published or subscribed topic. ACL associates certain clients with a list of permissions that includes who can access the resources and which operations are allowed. ACL provides policies on what topics a client can subscribe / publish. Using ACL or RBAC, the broker implements topic permissions to restrict a client from publish / subscribe to unauthorized topics. Each topic permission allows the broker to specify authorization for clients and limit them to subscribe and publish messages. If a client attempts to perform an unauthorized operation, the broker can perform actions such as disconnect the client by preventing it from publishing data to other clients.

Authorization with Access Tokens

Another approach to providing authorization is a token authorization. Token authorization permits a client to request the scope or privileges that the client has. To connect to the broker with an access token, the client must use the password field to send the access token with the connect message. The client must be given an access token before requesting a connection. There are a variety of token services available. The most commonly used are OAuth and OAuth 2.0.

OAuth

It is a token-based authentication that is used to provide SSO and permits information to be utilized by third party services. It likewise requires an identity provider for authenticating clients’ access.

OAuth 2.0

It authorizes third-party applications to access the client account and authenticates the client by following the authorization code flow.

Securing Data

There are numerous possibilities to hack the data transfer between Clients and Broker. To protect the contents of your MQTT messages, you can use TLS or SSL Security and Payload encryption. Enterprise MQTT Broker eliminates “Man in Middle attack” by enabling data transfer through TLS port.

TLS / SSL Security

TLS / SSL security is a more commonly known security used on the web. This security is part of the TCP / IP protocol. TLS provides a secure communication channel between the client and the server. TLS certificate is provided for both server and client, and those certificates will be verified and authenticated by Certificate Authority before connection. The broker will connect only if the Certificate and host IP match.

Communication between clients and the server must be ensured by enabling TLS mode and setting passwords for the connection. You can use a single password for all clients or individual passwords for each client. Open conf/ folder on broker.conf and update TLS_ENABLED to TRUE . All other values can be changed if necessary. Using a non-regular port number for Broker and a secure web socket will further enhance security against DDOS.

#########MQTT BROKER CONFIG#######
[CONFIG]
PORT_NO = 8883
WS_PORT_NO = 10443
TLS_ENABLED = TRUE
# TLS_PORT must be 88xx.
TLS_PORT_NO = 8883
WSS_PORT_NO = 11443

Payload Encryption

This is done at the application level and not by the broker. You can encrypt data without configuring the broker. It likewise implies that data is eventually encrypted and not just between the broker and the client. However, this type of encryption doesn’t protect passwords on the connection itself. Because it doesn’t involve any broker configuration or support this is likely to be a very popular method of protecting data.

WILL and Retained message

Last WILL, will help the subscribers to know when the publishing device has gone down or got disconnected from the broker. Retain tag tells the broker to keep the last published message for the new subscribers to know the last published messages while connecting for the first time. Besides, the Enterprise MQTT Broker provides both these messages as needed for the realtime.

DataBase Storage

The broker will store the data into the database for further analysis and decision making. The default DB supported is SQLite. But the DB Configuration can be modified to make it work with MySQL or any other Big Data engine. Please refer to the help document to set up MySQL, its dependency packages, and other big data engines.

Intuitive User Interface

Through a web-based primitive User Interface broker, you can view the active devices and recent activities of different devices. It also helps to view the activities and messages sent from and to specific devices.

mqtt-dashboard

Get your free version of MQTT Broker now for secure data transfer.

download now

The product page and the help documentation will provide more information on configuring and running the Broker securely. For more queries, feel free to contact us at [email protected].

Build a Fleet Management System with Ease

Build a Fleet Management System with Ease

IoT technology is used to make the transportation and logistics industry increasingly effective and solid. Fleet management systems play an important role in the transportation system. Here we have depicted the Bevywise MQTTRoute which gives the technology required to track associated fleets. Bevywise MQTTRoute is a profoundly extendable, adaptable, and versatile MQTT Broker utilized for gathering information from IoT edge devices in which it is easy to transfer data to and from associated vehicles in a dependable and quick way. This documentation provides developers with a comprehensive guide to using this IoT application framework to track associated fleets.

MQTT Implementation

Fleet management is now made simple with IoT. It offers a high return on investment, improved fleet optimization, operator safety, and reduced fuel costs. Nevertheless, it faces some challenges in managing fleets. One of the biggest challenges is bidirectional messaging and real-time connectivity resulting in loss of connection and significant network latency. Bevywise MQTTRoute facilitates the reliable and fast transfer of data to and from connected vehicles.

The MQTT Route Fleet Management System enables you to maintain a continuous connection between the vehicle and the cloud, ensures reliable data transfer between vehicles and the cloud, setting up a secure TLS / SSL connection, deploy MQTTBroker and run it in a private or public cloud and integrate messaging data with other existing business systems.

The factors that affect fleet optimization are:

  • Live Tracking and Notifications
  • Outing History
  • Fleet Safety and Security
  • Charts and Reports
  • Fuel Management
  • Admin Console

Live Tracking and Notifications

The intuitive dashboard exhibits real-time information from vehicle sensors and gathers it using MQTT to create notifications. The collected data is stored on the MySql. For powerful visualization and analysis of data, you can use Advanced data storage for custom usage to store your data in Elastic Search or other data engines. Coordinate your ML Algorithm into the Python assembled MQTT Broker and get your data ready for decisions. Direct the incoming real-time events and guide it to your ML engine utilizing the scheduler module to make custom alerts and notifications.

Map
Fuel Consumption

Outing History

You can create historical graphs and charts, to preview and download any vehicle’s historical data for a specific date range. You can also check the details of any previous trip, including distance, fuel mileage, and driving conduct during the excursion. The history graph provides a comparative report of payloads issued on two different days, months, or years. You can also download the graph as a PDF.

Outing History
Driving Behaviour

Fleet Safety and Security

Control hasty driving behavior, such as excessive speed, sudden acceleration, and braking. The IoT platform and Mobile SDK are tightly integrated with the firebase cloud messaging system, which sets burglar alarms on the phone to let you know if the vehicle is driven without permission. The web platform is also integrated with the WebSocket-based notification engine for notifications in the web user interface. Real-time driving behavior dashboards and charts let you understand the intensity of hasty driving and take the appropriate action.

Safer Drive
Safety score history
 

Charts and Reports

Consequently get reports of distance, driving time, fuel expended, and other indispensable data to lessen manual slip-ups and improve consistency. Get definite vehicle use, fuel, driver execution, and other downloadable reports of your fleet to improve assets and increase productivity. The report tab in MQTTRoute has build-in visualization, in which the users can visualize the data in a chart or graph. The reports can also get downloaded in which it is stored in the big data engine in the back-end and automatically converted to PDF.

Distance
Alerts

Fuel Management

The fleet costs can be reduced by observing fuel utilization and inefficient driving conduct. The intuitive dashboard gives you the permeability of all viewpoints including fleet usage, driving conduct, fuel utilization patterns.

The developers can create widgets for measuring fleet usage, driving conduct, fuel utilization patterns. All widgets created by the developer are placed on the interactive dashboard which gives you the permeability of all viewpoints. The following code snippet is used to build a custom URL inside custom_ui_server.py.

def custom_urls():
urllist={
“AUTHENTICATION”:’DISABLE’,
“urls”:[{“/extend/Dashboard”:dashboard}]
}
return urllist

Fuel Consumption
Fuel Mileage
 

Admin Console

Manage multiple users on the platform with appropriate privileged access through the Admin console. Admin console has an elegant Dashboard that gives brief details about the organizations to manage drivers and assign them to specific vehicles. Bevywise MQTTRoute provides an API for integrating relevant data into internal enterprise applications. This allows the server infrastructure to provide the opportunity to consolidate, collect, store, and test various vehicle information and the impact of test results with clients and end users.

Fleet Management Dashboard

Download MQTT Broker now and start building your application today.

Bevywise vs Mosquitto vs ActiveMQ vs HiveMQ

Bevywise vs Mosquitto vs ActiveMQ vs HiveMQ

The number of devices connected to the internet reached 22 billion worldwide and it is expected to reach 47 billion in the next couple of years. In mission critical industries like healthcare, aviation, automotive, etc., the number of devices connected per broker and the message to be recorded is on per second basis. The number is huge and this is exactly why, IoT deployments steadily pin one’s hope on the exceptional messaging protocols like MQTT developed specifically for M2M communication within IoT applications. However, almost all MQTT client applications are not intended to deal with the immense amount of MQTT messages per second. Hence, it gets overloaded due to high frequency on the subscribed. Moreover, also, the high throughput message processing is necessary to handle the complex IoT implementation. This mandates the need for selection of perfect MQTT Broker that can handle message frequency for different vertical & performs reliable message processing. A recent deeper analysis of all prime MQTT Brokers in the market by the University of Szeged, Hungary conducted between Mosquitto, ActiveMQ, HiveMQ and Bevywise MQTTRoute revealed that Bevywise MQTTRoute stands second next to Mosquito on the message processing performance. Let us have a look what made Bevywise MQTTRoute to stand alone from other leading MQTT Broker in the MQTT Broker Performance comparison study.

Performance Evaluation with Stress Test

Their study on analysis leading MQTT Brokers intent to evaluate the performance of these MQTT Broker implementations by putting them under stress-test. They made the evaluation of the servers in a realistic test scenario, and the different metrics used for comparison of the results is CPU, latency, message rates and the test conditions includes QoS level, message throughput per client and message payload size, etc. The final result of the analysis is made with respect to the performance of MQTT brokers in terms of projected message rate @100% CPU usage and the average time taken for message transmission by putting them under stress-test. Every complex IoT implementation demands reliable message processing. MQTT Broker should be capable to deliver messages reliably even under unreliable networking conditions. And also, how fast is the MQTT broker? and how long it makes client to wait for the response? is much important to have a better user-experience.

message broker comparison

The MQTT Broker performance comparison report finally states that the Bevywise MQTT Route occupies the second position after mosquitto with respect to message processing capabilities @ 100% CPU load in all QOS categories. They also mentioned that it has lower latency/message delivery time compared to ActiveMQ and HiveMQ across all QOSes. And also, MQTTRoute has exposed better latency (less round the trip time) than Mosquitto in QOS 0.

Have a look at the comparative study paper.

To know more about the features visit MQTT Broker page.

Try downloading the MQTT Broker for free now.

download now

Announcing MQTT 5 Beta release

Announcing MQTT 5 Beta release

“All good things must be replaced with something better”.

We are happy and excited to announce the release of MQTT version 5. MQTT is the more suitable and best available protocol when it comes to IoT development. The extensive endorsement of protocol has created a more hype for further upgrade of MQTT specification. Though MQTT protocol is good as 3.1.1 specification, it is further better in version 5 specification. Bevywise MQTT Broker now supports MQTT 5 specification.

Why MQTT 5?

Though, MQTT 3.1.1 is perfectly scalable protocol specification, the jump from MQTT 3.1.1 to 5 is because of its feature – packed protocol specification. The main function of this key rich update is that it caters enhancement for scalability and large scale industrial deployments.

Absolute Error Handling – An improved error checking provides a more readable information about the error which instructs about the reasons for disconnection. Error handling is favourable for diagnosis to know what actually happened.

Perfect Load Balancing – With the support of shared subscriptions the client load balancing is possible. Shared subscription is an immense method to deliver messages across different MQTT subscribers with standard MQTT mechanisms.

Facile Message processing – Payload format indicator & content type ensures the correct processing of each message without the need of looking into actual payload.

MQTT 5 specification will have its foot prints in all sort of industrial deployments because of its rich features. It has become the apparent and discernible choice for the majority of IoT applications.

We are happy to announce that Bevywise MQTT Broker now supports MQTT 5 beta version. This specification is initially available only for ubuntu users. We will provide the availability for other users soon.

For any suggestions or clarifications, kindly reach us. We would be happy to hear from you.

Download the new version of MQTT Broker now

 

Keep an eye out for further upgrades and improvements in MQTTRoute, Bevywise IoT simulator and IoT Platform

IoT Success Stories – Cattle Management – Dwmzone

IoT Success Stories – Cattle Management – Dwmzone

“If your animals aren’t healthy, you cannot make money,” says Dr Jan du Preez, veterinarian. Diseases are prone to affect healthy animals and can cause hundreds of millions of dollar damage to the cattle Industry. Early diagnosis of the deadly diseases will significantly reduce the risk of mortality. Hence, the proper cattle management and its health is necessary. When it comes to managing cattle, the objective of every rancher is to be as decisive as possible. One of our customers, Dwmzone is the online electronic parts store in China who provide a critical solutions in a specifical application area. Their device could monitor cattle health parameters. Certainly, they uses the secure MQTT broker for their data visualization & analysis. This is one of our IoT Success stories of MQTTRoute Implementation.

Need for Data Visualization

Dwmzone designed a device pierced into cattle’s ear to track the cattle health parameters such as temperature. Their goal was to provide farm owners, a complete visibility of health of their cattle. To get a better visibility of tracked parameters, the data visualization tool is necessary to audit the wellness of cattle. Hence, this will help them take an actionable decisions at any cost.

Why MQTTRoute ?

MQTTRoute comes up with a flexible data storage in addition to the Custom UI option to have a better data analysis & visualization. MQTT Broker integrated with Tableau provides a high level analysis of cattle parameters with an influential & impressive visualization. The data collected from the ear mounted sensor is pushed to MySQL through the built-in flexible storage option of MQTT Broker. As a result, MQTTRoute implementation addresses their need and provide them a complete solution for cattle management.

“MQTTRoute provided us the necessary extendability for the custom storage option and enabled us for our Visualization. The support team helped us in craving the perfect end to end solution with their experience and expertise.”
– Jon Li, Co-Founder, Dwmzone. Ltd, China

For more details and queries on MQTTRoute, you can visit our website.

We will be happy to hear your requirements to provide a complete solution. Schedule a call now.

Download the MQTT Broker for free now

download now

Feel free to write to support for any questions or suggestions.

Build your IOT Application in a Day

Build your IOT Application in a Day

Just think a while if you can build your IOT application in a day. Yes! You read it right. We recently did a major update of the MQTTRoute where our customers will be able to embed their ML & AI algorithms and create their own application. MQTTRoute helps you host and manage your application easily. This just leaves your development challenge for your IOT Server application. MQTTRoute comes with a default user interface, however visualization needs to be built for specific vertical. We recently run an internal hackathon at Bevywise to build applications over our framework. Interestingly, we were able to build an IOT application in a day. The application built was a Industrial Furnace monitoring. This blog portrays the hacks used to build the application.

Industrial Furnace Temperature Monitoring – Sample Application

Monitoring and control of temperature of the furnaces is crucial with respect to its usage in the industries as it directly affects the quality of the product that is being created. We created a simulated device similar to a monitoring edge device which pushes data to the MQTT Broker. The goals set for the application were:

  • live graph of the incoming temperature
  • Historical hourly average of the temperature
  • Alarm when the temperature exceeds a range
  • Alarm when current temperature exceeds the previous hour average

Create a live graph

MQTT Broker is programmed in a way that it pushes the incoming device data to the user interface using the web socket. You will be able to add your own code to create live graphs. In this hackathon, plotly is used by the developer. The data on temperature of the furnace collected is presented as a line graph in the dashboard. This is done by configuring custom_ui_server.py file.

reference code for line graph

xaxis: {
type: ‘date’,
range: [olderTime, futureTime]
}
};
Plotly.relayout (graph_id, minuteView);
Plotly.extendTraces (graph_id, update, d)

Create a historical graph

The historical graph on hourly average data can be created by the Data Crunching process. The schedule module is used to automate the creation of hourly average data. Custom implementation for the average of data developed in a separate method and configured in the schedule to be called every 60 minutes in  custom_scheduler.py file.

 

def schedule_conf( ):
schedules={}
schedules={
‘STATUS’ : ‘DISABLE’,
‘SCHEDULES’ : [
{‘OnceIn’ : 1,‘methodtocall’ : oneminschedule },
{‘OnceIn’ : 5,‘methodtocall’ : fiveminschedule } ] }
return schedules

After processing the data, the data is pushed to the user interface through the web socket. The bar graph is created using plotly to display the crunched data.

 

reference code for bar graph

x: [ data1 [i] [‘time1’] ]
y: [ data1 [i] [‘value’] ]
Plotly.newPlot ( ‘history’, data123,layout, {displayModeBar:false, responsive:true},
{scrollZoom: true} );

 

We believe you will be able to add your own algorithm similar to the above.

 

Create a live Alarm

The variation in the temperature can be noted and displayed in a widgets. For a certain range of temperature values the data will be shown in varied colours to alarm for a temperature variations. Here, the data will be shown as red coloured text if the temperature is above 500 degree Celsius (default value) and blue coloured text if the temperature is below 500 degree Celsius. The default temperature range set can be changed according to your need. You can add your own widgets and notifications to the user interface by customizing custom_ui_server.py file. To schedule your alarms use  custom_scheduler.py file.

 

reference code for text_widget

if ( key == “message-integer” || key == “message-float” || key == “message-string” ) {
var message = data1 [key] [‘message’][0] ;
document.getElementById(id).innerHTML = message + String.fromCharCode(176)+unit+ ;
}

 

Create Alerts

The comparison of incoming data with the previous hourly average data can be done. Alerts can be created with the compared data. If the temperature exceeds the hourly average temperature then the data blinks by creating an alert. This can be done by adding event based triggers using the scheduling module. Add your own algorithm to create alerts in custom_scheduler.py file.

 

reference code for alarm_widget

if ( p_avg < data3 [‘msg’] [‘message’] [0] ){
document.getElementById (“alert”).innerHTML=data3 [‘msg’] [‘message’] [0] + “ALERT!” + “Temperature High”;
}

 

Dashboard for IOT Application in a day

All the widgets created by the developer was put on a separate page, as it can be used as a dashboard to be projected/displayed onto to a bigger screen. This has been done as a custom URL inside the custom_ui_server.py similar to the following code snippet.

 

 

Add your URL here

def custom_urls():
urllist={
“AUTHENTICATION”:’DISABLE’,
“urls”:[{“/extend/Dashboard”:dashboard}]
}
return urllist

The hackathon IoT Application built in a day is available on GitHub for trying it out. Download the MQTT Broker now to start building your application today.

download now