IoT Security Issues and MQTT
Watch the Webinar
Chapters
- 12:53 - How MQTT helps secure IoT?
- 13:00 - Authentication & Authorization.
- 14:46 - Advanced authentication options.
- 15:27 - Using certificates for TLS.
- 17:19 - Consider these when using X.509 based authentication.
- 21:36 - OCSP Stapling: Authorization at Scale.
- 23:50 - Client Authentication.
- 26:26 - Authorization.
- 27:44 - Permissions.
- 30:29 - Encryption.
- 32:58 - DoS and Overload Protection.
- 34:25 - Criteria for selecting the right MQTT Broker.
- 35:38 - HiveMQ Security Architecture.
- 36:22 - HiveMQ Enterprise Security Extension.
- 37:08 - Resources.
- 38:26 - Q&A.
- 39:06 - Would a use of Certificate Pinning be a possible remedy?
- 40:54 - Does it make sense to combine multiple approaches: having certificate-based security on the TLS layer and on the top of that OAuth token security?
- 42:49 - How many authentications per second is a single server capable of?
- 44:32 - How is MQTT 5 different in terms of security from MQTT 3?
- 48:03 - Is it possible to allow unsecured over TCP connections to a Hyper V broker?
- 49:18 - Is TLS alone enough?
- 50:41 - Any news on trusted execution environment support for IoT edge devices.
- 51:26 - Is it possible to detect authentication issues, authorization issues, and encryption issues?
- 53:47 - Can I use MQTT to pass data from a low to high-security zone and if it's compliant with the Purdue model?
- 56:09 - As an OEM manufacturer, how do I secure or anonymize my clients' data beyond segregation with topics?
- 58:05 - Tips on IT & OT team enterprise and domain architectures.
Webinar Overview
Survey after survey puts IoT security as a primary concern for enterprises. As IoT proliferation grows, vulnerabilities, and attacks are also growing.
As the defacto protocol for IoT, the MQTT standard has been consistently evolving between version 3.1.1 and version 5, it has a large repertoire of security features which, if implemented well, can thwart many kinds of attacks including denial of service and man in the middle attacks.
Technical architects and IoT developers know that a solid security architecture for IoT will require encryption, authentication and authorization to run at scale. It is not an easy feat.
This webinar discusses the key security features of the MQTT protocol and how those are further enhanced with the HiveMQ Enterprise Security Extension.
Navigate this series:
Gaurav Suman
Gaurav Suman, Director of Product Marketing at HiveMQ, is an electronics and communications engineer with a background in Solutions Architecture and Product Management. He has helped customers adopt enterprise middleware, storage, blockchain, and business collaboration solutions. Passionate about technology’s customer impact he has been at HiveMQ since 2021 and is based in Ottawa, Canada.
