How Secure is MQTT?

Forums General How Secure is MQTT?

Place to gain & share general unique information
  • This topic has 0 replies, 1 voice, and was last updated 1 year ago by Lakshmi Deepa.
Viewing 1 post (of 1 total)
  • Author
  • #8032
    Lakshmi Deepa

    IoT Device communication security is the most important need to ensure the total implementation is secured. MQTT supports secured data transfer through MQTT Authentication and Encryption over TLS/SSL certificates.
    The fundamentals of the MQTT security are Identity, Authentication with User name and Password, Authorization, and TLS/SSL.
    1. TLS/SSL :
    TLS provides a secure communication channel between the client and the server.
    SSL binds the identity of an entity to cryptographic key pairs via x.509 certificates.
    Each key pair has a public key and a private key to encrypt data.
    TLS/SSL certificate grants permissions to use encrypted communication via Public Key Infrastructure and authenticate the identity of the certificate holder.
    2. IDENTITY :
    Identity is naming the client that is being authorized and given authority.
    It contains valid client Id, username, and password.
    Authentication provides the identity of the client with an X.509 certificate.
    It also provides username and password fields in the CONNECT message for authentication.
    The Utility allows 20 characters for username and password and the module supports 49 characters for username and 99 characters for the password.
    Authorization is managing the clients’ rights.
    The most common types of authorization used are Role-Based Access Controls(RBAC) and Access Control List(ACL).
    RBAC provides a level of abstraction between the client and the main resources.
    It facilitates the administration of security in a large organization.
    ACL associates certain clients with a list of permissions that includes who can access the resources and which operations are allowed.

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.