HiveMQ - MQTT Security Fundamentals
Written by The HiveMQ Team
Published: April 20, 2015
Recently, we asked you to take a short survey and tell us which MQTT topic you would like us to cover next. In last week’s post we announced the winner: security in MQTT. Today, we are happy to welcome you to the first post in our new MQTT Security Fundamentals series. We hope that you are as excited as we are to explore a new aspect of MQTT security every week. This post is a general introduction to the topic. Upcoming posts dive into the nitty-gritty of security in MQTT. Lets get started.
Why is security essential for the Internet of Things?
In our digital and global world, security affects us every day. Whether you complete a bank transfer, purchase products online, or access personal documents over the internet, security is involved. The basic concept of the Internet of Things is to connect objects to make processes more efficient, provide more comfort, or improve our work and personal life in some way. However, connecting objects such as cars, homes, and machines also exposes lots of sensitive data. For example, you can collect data on the location of every member in your household. While it is nice to know what your family members are up to, it is not ideal to share that information with a burglar. Some types of data are not meant for the public and should be protected by the pillars of information security: confidentiality, integrity, and availability. When real machines or things are compromised, an attacker can harm real people. For example, activate the breaks in your car remotely or sabotage production equipment. Even if a specific person is not involved, the exposure of sensitive data can seriously damage the reputation of your business. As the number of connected devices in our lives grows and the amount of data that is collected every day skyrockets, security is an increasingly crucial topic.
Security challenges in IoT
Although there is no question about the need for security, the Internet of Things presents new implementation challenges. Often, security is seen as a trade-off between the level of protection and the degree of usability. This trade-off gets even more interesting with the Internet of Things. Usually, IoT devices have limited computing power and memory capacity. Many cryptographic algorithms require more resources than tiny IoT devices possess. Another security challenge arises from the need to update devices in the field. Critical security issues that require updates to be rolled out to all devices simultaneously are hampered by unreliable networks on which many IoT devices run. Additionally, because user acceptance depends more than ever on easy installation and maintenance, security must be intuitive for the user. To successfully meet all these challenges, security needs to be a top concern for developers of IoT applications right from the beginning of the implementation process.
Approaches to security in MQTT
Now that we have established some context, let’s dive into how MQTT handles security. If you need to freshen up your MQTT knowledge, take a look at the MQTT Essentials before you continue. In this post, we assume that you are already familiar with the basics of the protocol.
Security in MQTT is divided in multiple layers. Each layer prevents different kinds of attacks. The goal of MQTT is to provide a lightweight and easy-to-use communication protocol for the Internet of Things. The protocol itself specifies only a few security mechanisms. MQTT implementations commonly use other state-of-the-art security standards: for example, SSL/TLS for transport security. Since security is difficult, it makes sense to build upon generally accepted standards. Here is a high-level summary of security levels in MQTT (designated posts for each level come later in the series):
One way to provide a secure and trustworthy connection is to use a physically secure network or VPN for all communication between clients and brokers. This solution is suitable for gateway applications where the gateway is connected to devices on the one hand and with the broker over VPN on the other side.
When confidentiality is the primary goal, TLS/SSL is commonly used for transport encryption. This method is a secure and proven way to make sure that data can’t be read during transmission and provides client-certificate authentication to verify the identity of both sides. We discuss the feasibility of TLS on constrained devices in detail in another post.
On the transport level, communication is encrypted and identities are authenticated. The MQTT protocol provides a client identifier and username/password credentials to authenticate devices on the application level. These properties are provided by the protocol itself. Authorization or control of what each device is allowed to do is defined by the specific broker implementation. Additionally, it is possible to use payload encryption on the application level to secure the transmitted information (without the need for full-fledged transport encryption).
Scope of the series
That gives you a brief overview of what we plan to cover in the next 10 weeks. Our goal is to discuss all the pillars and best practices of security in MQTT. Although there isn’t enough time to cover each aspect of security in equal detail, we focus on the most commonly used solutions and show practical examples. We also explore the issue of potential attacks on an MQTT solution (and how to prevent attacks from the beginning) and cover how to adapt available security mechanisms to constrained devices. MQTT provides a lot of options to make it completely secure. It’s important to find the solution that satisfies the security requirements of your specific use case.
We hope this post motivates you to follow our MQTT Security Fundamentals series. If you would like us to notify you as soon as we publish the next post, subscribe to our newsletter or RSS feed. If you think we missed some important topics, please tell us. We are always open to questions and suggestions.