SlideShare a Scribd company logo

Implementing the 5 Pillars of IT Security for MQTT

HiveMQ
HiveMQ

Connecting objects in the IoT such as cars, homes, and machines exposes lots of sensitive data. Therefore, IoT security is a key concern and an important challenge for any IoT application. Since some of the data generated are not meant for the public, it should be protected by the five pillars of IT security: Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation. In this webinar, we will explore how the five pillars of IT security can be implemented to secure IoT applications using MQTT. Our HiveMQ security experts Georg Held and Magi Erber will show you how to create a secure IoT system with MQTT and HiveMQ. About the Speakers. Magi is a Product Manager at HiveMQ. Georg is an Engineering Manager at HiveMQ. To watch the webinar recording: https://www.hivemq.com/webinars/implementing-the-five-pillars-of-it-security-for-mqtt/

Technology
1 of 58
Download to read offline
Copyright © by HiveMQ. All Rights Reserved. linkedin.com/in/sauroter/ github.com/sauroter/ WELCOME Magi Erber Georg Held Product Manager @HiveMQ Software Developer @HiveMQ @ErberMagi linkedin.com/in/margaretha-erber/
Copyright © by HiveMQ. All Rights Reserved. As we speak millions of things are newly connected to the internet
Copyright © by HiveMQ. All Rights Reserved. The Internet of Things is HUGE Copyright © by HiveMQ. All Rights Reserved. People on the internet
Copyright © by HiveMQ. All Rights Reserved. Web Technology used today is built for the Internet of Humans, NOT for the Internet of Things Confidential and Proprietary. Copyright © by HiveMQ. All Rights Reserved.
Copyright © by HiveMQ. All Rights Reserved. Technical IoT Challenges ● Scalability: Massive scalability required for millions of devices Copyright © by HiveMQ. All Rights Reserved. ● Instant data delivery: critical systems need reliable and instant data transfer ● Unreliable networks: excellent customer experience for IoT apps and devices
Copyright © by HiveMQ. All Rights Reserved. We need open standards designed for the Internet of Things Confidential and Proprietary. Copyright © by HiveMQ. All Rights Reserved.
Copyright © by HiveMQ. All Rights Reserved.
Copyright © by HiveMQ. All Rights Reserved. What is MQTT? • Easy on the device side, pushes all implementation complexity to the server • Publish/Subscribe based architecture • Created for extreme scale and instant data exchange • (I)IoT Messaging Protocol • Built for machines and constrained devices (binary, data agnostic) • Designed for reliable communication over unreliable channels
Copyright © by HiveMQ. All Rights Reserved. Connected Car IIoT / Industry 4.0 Logistics Telecommunication IoT Messaging Middleware MQTT Use Cases
Copyright © by HiveMQ. All Rights Reserved. MQTT Use Cases Push Communication Reliable Communication over unreliable networks Constrained Devices Low Bandwidth and High Latency Industrial Message Bus
Copyright © by HiveMQ. All Rights Reserved. MQTT ● Lightweight protocol on top of TCP/IP ● Publish / Subscribe pattern using topics ● De-coupling of sender and receiver
Copyright © by HiveMQ. All Rights Reserved. Security Challenges for IoT Use Cases
Copyright © by HiveMQ. All Rights Reserved. Challenge 1 - Sensible Data ● Connecting things exposes sensible data to the internet Copyright © by HiveMQ. All Rights Reserved. ● Data breach would damage the reputation of your business Bad press can ruin your business (unit)
Copyright © by HiveMQ. All Rights Reserved. Challenge 2 - Control over IoT Devices ● Compromised devices for daily usage can be extremely dangerous Attacker could get control over device Copyright © by HiveMQ. All Rights Reserved. ● Compromised devices can open access to company infrastructure Point of entry for fraudsters to steal corporate secrets
Copyright © by HiveMQ. All Rights Reserved. Challenge 3 - Legal or Corporate Regulations ● Legal regulations for data privacy and safety Software must be compliant to a bunch of legal regulations like GDPR, CCPA, ... Copyright © by HiveMQ. All Rights Reserved. ● Corporate compliance policies In addition software must be compliant to corporate specific regulations
Copyright © by HiveMQ. All Rights Reserved. Challenge 4 - Customer Experience ● Customer experience for IoT apps and devices must be excellent even when security is in place Combination of high grade security and excellent user experience ● Devices and apps must be easy to program and maintain, complexity should be at the broker not on the device Broker is easier to update than physical devices
Copyright © by HiveMQ. All Rights Reserved. Security is a key concern for any application
Copyright © by HiveMQ. All Rights Reserved. Multiple Security Layers Network Host Application Data Enterprise
Copyright © by HiveMQ. All Rights Reserved. 5 pillars of IT Security
Copyright © by HiveMQ. All Rights Reserved. 5 Pillars of IT Security Confidentiality Information is only available to authorized parities (and to no one else) Integrity Information can only be put into the system or changed by authorized parties (and no one else) Availability The system can be accessed by authorized parties at any time Authenticity Information is associated with a source Non-Repudiation Actions are associated with a source after the fact
Copyright © by HiveMQ. All Rights Reserved. Confidentiality Confidentiality Information is only available to authorized parties (and to no one else) ● This is the thing we most often care about. ● We don't want competitors to get our data. ● We don't want to be liable for data loss (GDPR). ● We want to validate the trust placed in us by our customers.
Copyright © by HiveMQ. All Rights Reserved. ● Trusted environments Confidentiality ● Transport encryption ● Mutual Authentication ● Subscriber Authorization
Copyright © by HiveMQ. All Rights Reserved. Trusted Environments ● Run broker and devices in trusted environments ● Broker often works as interface between public untrusted environment and secure backend ● If devices are not under your control, don’t trust them unconditionally
Copyright © by HiveMQ. All Rights Reserved. Transport Encryption ● MQTT is based on TCP / IP Stack ● Listens on Port 1883 for communication / TLS ● TCP connection can be secured by TLS ● Listens on Port 8883 for secure communication
Copyright © by HiveMQ. All Rights Reserved. TLS - Transport Layer Security Cryptographic protocol Secure communication and authenticated channel between server and clients TLS Handshake initiates TLS session TLS secured communication can’t be eavesdropped by anyone Prevents Man-in-the-Middle attacks
Copyright © by HiveMQ. All Rights Reserved. Provision and Revocation of Certificates Provision of certificates ● Needs a planned provisioning and certificate lifecycle process ● Deployed PKI (public key infrastructure) Revocation of certificates ● Needed as soon as certificates can’t be trusted anymore ● Certificate Revocation List (CRL) ● OCSP for online certificate validation ● Use a management system like Hashicorp Vault
Copyright © by HiveMQ. All Rights Reserved. Transport Encryption - Best Practices ● Use transport encryption (TLS) ● Use certificates from trusted CAs ● Use highest TLS version and secure cipher suites
Copyright © by HiveMQ. All Rights Reserved. Cipher Suites TLS_AES_256_GCM_SHA384 ● High bit length (big numbers) ● Proven Algorithms (AES) ● Safe Modes (GCM) For TLS <= 1.2 ● Ephemeral Diffie Hellman key exchange (e.g. TLS_ECDHE_…)
Copyright © by HiveMQ. All Rights Reserved. Transport Encryption - Example
Copyright © by HiveMQ. All Rights Reserved. Payload Encryption ● Use payload encryption instead ● At least hash or encrypt password of connecting client ● Every clients needs to have key & secret ● BUT!: It leaks metadata On very constrained devices transport encryption could be not possible!
Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication Authentication verifies whether a person, device or application is who they say they are Authentication can take place on the Transport Layer and on the Application Layer
Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication using Certificates Transport Layer Authentication ● Mutual Authentication of broker and client using the presented certificate at TLS handshake ● Authentication takes place before a secure communication channel is established Application Layer Authentication / Authorization ● Client is granted permissions based on certificate information
Copyright © by HiveMQ. All Rights Reserved. Client Authentication (Identity and Access Management Systems) ● Different external systems can be used to authenticate clients at a broker ● Client provides authentication data in the CONNECT packet ● Broker looks up the authentication data in the connected external systems ● External authentication systems: ○ LDAP ○ OAuth2.0 ○ Databases ○ ACL ○ ... Caution: Not all brokers support a pluggable authentication and authorization system!
Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication - Example
Copyright © by HiveMQ. All Rights Reserved. Subscriber Authorization Authorization provides access rights to a resource ● Without authorization every client is allowed to subscribe to all topics ● Clients should only get the data they are allowed to get ● Permission structure must match topic structure ● Tip: Use client identifiers in topics where possible ● Be careful with wildcard subscriptions!
Copyright © by HiveMQ. All Rights Reserved. Subscriber Authorization Permission includes: ● Allowed Topic (exact topic or topic filter including wildcards) ● Allowed Operation (Subscribe, Publish, both) ● Allowed QoS (0, 1, 2, 0-1, 1-2, all) ● Allowed specific operations (retained messages, shared subscriptions) class MQTT_Permissions { String topic; Boolean publish_allowed; Boolean subscribe_allowed; Boolean qos_0_allowed; Boolean qos_1_allowed; Boolean qos_2_allowed; Boolean shared_sub_allowed; String shared_group;}
Copyright © by HiveMQ. All Rights Reserved. Integrity Integrity Information can only be put into the system or changed by authorized parties (and no one else) ● Devices make decisions based on data. ● Customers expect correct data. ● Deployment teams take actions based on data.
Copyright © by HiveMQ. All Rights Reserved. ● Transport Encryption Integrity ● Mutual Authentication ● Publisher Authorization ● Broker / Device access security
Copyright © by HiveMQ. All Rights Reserved. Publisher Authorization 🚫 Blocklist ● Everything that is not explicitly denied, is allowed ● Offers protection as long as all restrictions are known for all clients ● Threats are only stopped after list has been updated 🔆 Whitelist ● Everything that is not explicitly allowed, is denied ● High maintenance effort ● Access is only granted after list has been updated
Copyright © by HiveMQ. All Rights Reserved. Authorization of Publishers - Example
Copyright © by HiveMQ. All Rights Reserved. Access Security (Operating System) ● Keep libraries and software updated ● Every connection should pass at least one Firewall ● Disallow root access and use SSH keys for SSH ● Use file system permissions (chmod -R X00 ...) ● Install a intrusion detection and prevention system ● Use SELinux
Copyright © by HiveMQ. All Rights Reserved. Access Security (Tamper proofing devices) ● Remove JTAG access ● Use signed firmware ● Secure access to X.509 Certificates (read only) ● Endpoint Security ● …
Copyright © by HiveMQ. All Rights Reserved. Availability Availability The system can be accessed by authorized parties at any time ● Excursion: A cautious tale of the most secure software system. ● Only a used system generates any value ● Customers pay for the availability of a system
Copyright © by HiveMQ. All Rights Reserved. Availability ● Incident management ● Support systems ● MQTT software selection
Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right MQTT Broker ● Performant, scalable and high available broker ● Track Record and Reputation of the broker vendor ● Longevity: Long Term Support for broker software ● Compliance to the entire MQTT specification ● Monitoring of broker and tracing of devices ● Pluggable authentication & authorization system ● (D)DoS Detection ● Overload Protection ● Support of TLS ● Professional support
Copyright © by HiveMQ. All Rights Reserved. Overload Protection - Example
Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right MQTT Client ● Efficient and reliable implementation of the whole standard ● Supports all MQTT security features ● Longevity: Long Term Support for client software
Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right Integration Systems ● Highly proven and production grade third party systems ● Track Record and Reputation of the vendor ● Longevity: Long Term Support for software
Copyright © by HiveMQ. All Rights Reserved. Incident Management Clear responsibilities for incident management inside your organisation Defined processes with a multi tiered escalation Direct access to subject matter experts via vendor support contracts. Regular trainings and rehearsals High skill level of responsible team Regular Backups of the system
Copyright © by HiveMQ. All Rights Reserved. Support Systems Load Balancers Scalable Infrastructure Automated monitoring and flexible logging handling Alerting Systems IDS / IPS System with the right data source (Access Log, ip based)
Copyright © by HiveMQ. All Rights Reserved. Other Pillars Authenticity Information is associated with a source -> Payload Signing Non-Repudiation Actions is associated with a source after the fact -> Audit Log Auditability The system generates and stores a paper trail -> Access Log Privacy Personal data is not leaked -> Must be implemented in the infrastructure
Copyright © by HiveMQ. All Rights Reserved. Security is a key concern for any IoT application. HiveMQ implements the security features required for safe and secure enterprise IT and OT deployments.
Copyright © by HiveMQ. All Rights Reserved. HiveMQ Security Architecture
Copyright © by HiveMQ. All Rights Reserved. HiveMQ Security Architecture ● Pluggable Authentication and Authorization System ● Prebuilt Security Extension ● TLS secured communication ● Overload Protection and (D)DOS detection ● Fine grained permission system for MQTT clients and HiveMQ Control Center users ● Chaining of auth mechanisms ● Default Deny-All behaviour ● Integrated monitoring system and over 800 metrics ● 24/7 professional support
Copyright © by HiveMQ. All Rights Reserved. HiveMQ Enterprise Security Extension ● Central management for IoT device and HiveMQ Control Center authentication and authorization ● Flexible and easy integration with multiple external authentication systems and data sources (e.g. databases, LDAP, OAuth 2.0) ● High Scalability and reliability ● Default Whitelisting Concept ● Access log (rolling on daily basis) ● Provides maximum flexibility in defining authorization rules
ANY QUESTIONS? Reach out to community.hivemq.com
THANK YOU Stay updated on upcoming webinars Subscribe to our Newsletter!

Recommended

IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTTHiveMQ
 
HiveMQ Cloud Webinar
HiveMQ Cloud WebinarHiveMQ Cloud Webinar
HiveMQ Cloud WebinarHiveMQ
 
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22Inntroduction to MQTT Sparkplug with HiveMQ and Opto22
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22Dominik Obermaier
 
HiveMQ Cloud - The Cloud Native IoT Messaging Layer
HiveMQ Cloud - The Cloud Native IoT Messaging LayerHiveMQ Cloud - The Cloud Native IoT Messaging Layer
HiveMQ Cloud - The Cloud Native IoT Messaging LayerDominik Obermaier
 
Introducing HiveMQ Cloud
Introducing HiveMQ CloudIntroducing HiveMQ Cloud
Introducing HiveMQ CloudMargarethaErber
 
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Dominik Obermaier
 
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ Swarm
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ SwarmRevolutionizing IoT Testing - A Sneak Peek of HiveMQ Swarm
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ SwarmHiveMQ
 
Modernizing the Manufacturing Industry with MQTT and Kafka
Modernizing the Manufacturing Industry with MQTT and KafkaModernizing the Manufacturing Industry with MQTT and Kafka
Modernizing the Manufacturing Industry with MQTT and KafkaHiveMQ
 

Recommended

IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTTHiveMQ
 
HiveMQ Cloud Webinar
HiveMQ Cloud WebinarHiveMQ Cloud Webinar
HiveMQ Cloud WebinarHiveMQ
 
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22Inntroduction to MQTT Sparkplug with HiveMQ and Opto22
Inntroduction to MQTT Sparkplug with HiveMQ and Opto22Dominik Obermaier
 
HiveMQ Cloud - The Cloud Native IoT Messaging Layer
HiveMQ Cloud - The Cloud Native IoT Messaging LayerHiveMQ Cloud - The Cloud Native IoT Messaging Layer
HiveMQ Cloud - The Cloud Native IoT Messaging LayerDominik Obermaier
 
Introducing HiveMQ Cloud
Introducing HiveMQ CloudIntroducing HiveMQ Cloud
Introducing HiveMQ CloudMargarethaErber
 
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...
Software-Infrastrukturen modernisieren in der Produktion - Digitale Transform...Dominik Obermaier
 
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ Swarm
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ SwarmRevolutionizing IoT Testing - A Sneak Peek of HiveMQ Swarm
Revolutionizing IoT Testing - A Sneak Peek of HiveMQ SwarmHiveMQ
 
Modernizing the Manufacturing Industry with MQTT and Kafka
Modernizing the Manufacturing Industry with MQTT and KafkaModernizing the Manufacturing Industry with MQTT and Kafka
Modernizing the Manufacturing Industry with MQTT and KafkaHiveMQ
 
Mqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloudMqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloudMargarethaErber
 
MQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the CloudMQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the CloudHiveMQ
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoTIntroduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoTHiveMQ
 
Simplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and DatadogSimplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and DatadogHiveMQ
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQHiveMQ
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT TalkJonathan Lishawa
 
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudHiveMQ
 
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ
 
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationHiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationMargarethaErber
 
Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT Dominik Obermaier
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Mrx security
Mrx securityMrx security
Mrx securitydavidjd
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareMike Rossi
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
Iot in-production
Iot in-productionIot in-production
Iot in-productionFlorian Raschbichler
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCloudIDSummit
 
Testing the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with ConfidenceTesting the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with ConfidenceHiveMQ
 
Designing an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoTDesigning an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoTHiveMQ
 

More Related Content

Similar to Implementing the 5 Pillars of IT Security for MQTT

Mqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloudMqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloudMargarethaErber
 
MQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the CloudMQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the CloudHiveMQ
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoTIntroduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoTHiveMQ
 
Simplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and DatadogSimplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and DatadogHiveMQ
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQHiveMQ
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT TalkJonathan Lishawa
 
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudHiveMQ
 
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ
 
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationHiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationMargarethaErber
 
Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT Dominik Obermaier
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Mrx security
Mrx securityMrx security
Mrx securitydavidjd
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareMike Rossi
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCloudIDSummit
 

Similar to Implementing the 5 Pillars of IT Security for MQTT (20)

Mqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloudMqtt.fx on hive mq cloud
Mqtt.fx on hive mq cloud
 
MQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the CloudMQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
MQTT.fx on HiveMQ Cloud Testing MQTT in the Cloud
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoTIntroduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
Introduction to MQTT Sparkplug: Plug 'n Play Interoperability for IIoT
 
Simplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and DatadogSimplified IoT Operations With HiveMQ and Datadog
Simplified IoT Operations With HiveMQ and Datadog
 
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQMachine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
Machine to Machine Communication with Microsoft Azure IoT Edge & HiveMQ
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT Talk
 
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ CloudDebugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
Debugging MQTT Client Communications With MQTT.fx and HiveMQ Cloud
 
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data Integration
 
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationHiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
 
Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT Modernizing the Manufacturing Industry with Kafka and MQTT
Modernizing the Manufacturing Industry with Kafka and MQTT
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Mrx security
Mrx securityMrx security
Mrx security
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS Healthcare
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_users
 
Iot in-production
Iot in-productionIot in-production
Iot in-production
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open Standards
 

More from HiveMQ

Testing the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with ConfidenceTesting the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with ConfidenceHiveMQ
 
Designing an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoTDesigning an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoTHiveMQ
 
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]HiveMQ
 
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...HiveMQ
 
How MQTT 5 Makes Difficult IoT Use Cases Possible
How MQTT 5 Makes Difficult IoT Use Cases PossibleHow MQTT 5 Makes Difficult IoT Use Cases Possible
How MQTT 5 Makes Difficult IoT Use Cases PossibleHiveMQ
 
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ HiveMQ
 
Connecting the Smart Factory to the Cloud
Connecting the Smart Factory to the CloudConnecting the Smart Factory to the Cloud
Connecting the Smart Factory to the CloudHiveMQ
 
Free Your Manufacturing Data with Apache PLC4X & MQTT
Free Your Manufacturing Data with Apache PLC4X & MQTTFree Your Manufacturing Data with Apache PLC4X & MQTT
Free Your Manufacturing Data with Apache PLC4X & MQTTHiveMQ
 
Build Your Own HiveMQ Extension
Build Your Own HiveMQ ExtensionBuild Your Own HiveMQ Extension
Build Your Own HiveMQ ExtensionHiveMQ
 
How to Set up, Run and Scale a Secure MQTT Broker on Kubernetes
How to Set up, Run and Scale a Secure MQTT Broker on KubernetesHow to Set up, Run and Scale a Secure MQTT Broker on Kubernetes
How to Set up, Run and Scale a Secure MQTT Broker on KubernetesHiveMQ
 
Best Practices for Streaming Connected Car Data with MQTT & Kafka
Best Practices for Streaming Connected Car Data with MQTT & KafkaBest Practices for Streaming Connected Car Data with MQTT & Kafka
Best Practices for Streaming Connected Car Data with MQTT & KafkaHiveMQ
 
MQTT - The Key to Scalable Reliable Connected Car Platforms
MQTT - The Key to Scalable Reliable Connected Car PlatformsMQTT - The Key to Scalable Reliable Connected Car Platforms
MQTT - The Key to Scalable Reliable Connected Car PlatformsHiveMQ
 
4 Paradigm Shifts for the Connected Car of the Future
4 Paradigm Shifts for the Connected Car of the Future4 Paradigm Shifts for the Connected Car of the Future
4 Paradigm Shifts for the Connected Car of the FutureHiveMQ
 
Lightweight and Scalable IoT Messaging with MQTT
Lightweight and Scalable IoT Messaging with MQTTLightweight and Scalable IoT Messaging with MQTT
Lightweight and Scalable IoT Messaging with MQTTHiveMQ
 
Building Scalable & Reliable MQTT Clients for Enterprise Computing
Building Scalable & Reliable MQTT Clients for Enterprise ComputingBuilding Scalable & Reliable MQTT Clients for Enterprise Computing
Building Scalable & Reliable MQTT Clients for Enterprise ComputingHiveMQ
 
MQTT 5 - Why You Need It and Potential Pitfalls
MQTT 5 - Why You Need It and Potential PitfallsMQTT 5 - Why You Need It and Potential Pitfalls
MQTT 5 - Why You Need It and Potential PitfallsHiveMQ
 
How to Stream IoT MQTT Messages Into the Azure Event Hubs Service
How to Stream IoT MQTT Messages Into the Azure Event Hubs ServiceHow to Stream IoT MQTT Messages Into the Azure Event Hubs Service
How to Stream IoT MQTT Messages Into the Azure Event Hubs ServiceHiveMQ
 
Back to Basics: An Introduction to MQTT
Back to Basics: An Introduction to MQTTBack to Basics: An Introduction to MQTT
Back to Basics: An Introduction to MQTTHiveMQ
 

More from HiveMQ (18)

Testing the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with ConfidenceTesting the Scalability of a Robust IoT System with Confidence
Testing the Scalability of a Robust IoT System with Confidence
 
Designing an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoTDesigning an Edge to Cloud Architecture for IIoT
Designing an Edge to Cloud Architecture for IIoT
 
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]
What's New in HiveMQ [Inside the Upcoming HiveMQ 4.7 Release]
 
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...
HiveMQ & HighByte Presents: Building an Enterprise Unified Namespace (UNS) to...
 
How MQTT 5 Makes Difficult IoT Use Cases Possible
How MQTT 5 Makes Difficult IoT Use Cases PossibleHow MQTT 5 Makes Difficult IoT Use Cases Possible
How MQTT 5 Makes Difficult IoT Use Cases Possible
 
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
 
Connecting the Smart Factory to the Cloud
Connecting the Smart Factory to the CloudConnecting the Smart Factory to the Cloud
Connecting the Smart Factory to the Cloud
 
Free Your Manufacturing Data with Apache PLC4X & MQTT
Free Your Manufacturing Data with Apache PLC4X & MQTTFree Your Manufacturing Data with Apache PLC4X & MQTT
Free Your Manufacturing Data with Apache PLC4X & MQTT
 
Build Your Own HiveMQ Extension
Build Your Own HiveMQ ExtensionBuild Your Own HiveMQ Extension
Build Your Own HiveMQ Extension
 
How to Set up, Run and Scale a Secure MQTT Broker on Kubernetes
How to Set up, Run and Scale a Secure MQTT Broker on KubernetesHow to Set up, Run and Scale a Secure MQTT Broker on Kubernetes
How to Set up, Run and Scale a Secure MQTT Broker on Kubernetes
 
Best Practices for Streaming Connected Car Data with MQTT & Kafka
Best Practices for Streaming Connected Car Data with MQTT & KafkaBest Practices for Streaming Connected Car Data with MQTT & Kafka
Best Practices for Streaming Connected Car Data with MQTT & Kafka
 
MQTT - The Key to Scalable Reliable Connected Car Platforms
MQTT - The Key to Scalable Reliable Connected Car PlatformsMQTT - The Key to Scalable Reliable Connected Car Platforms
MQTT - The Key to Scalable Reliable Connected Car Platforms
 
4 Paradigm Shifts for the Connected Car of the Future
4 Paradigm Shifts for the Connected Car of the Future4 Paradigm Shifts for the Connected Car of the Future
4 Paradigm Shifts for the Connected Car of the Future
 
Lightweight and Scalable IoT Messaging with MQTT
Lightweight and Scalable IoT Messaging with MQTTLightweight and Scalable IoT Messaging with MQTT
Lightweight and Scalable IoT Messaging with MQTT
 
Building Scalable & Reliable MQTT Clients for Enterprise Computing
Building Scalable & Reliable MQTT Clients for Enterprise ComputingBuilding Scalable & Reliable MQTT Clients for Enterprise Computing
Building Scalable & Reliable MQTT Clients for Enterprise Computing
 
MQTT 5 - Why You Need It and Potential Pitfalls
MQTT 5 - Why You Need It and Potential PitfallsMQTT 5 - Why You Need It and Potential Pitfalls
MQTT 5 - Why You Need It and Potential Pitfalls
 
How to Stream IoT MQTT Messages Into the Azure Event Hubs Service
How to Stream IoT MQTT Messages Into the Azure Event Hubs ServiceHow to Stream IoT MQTT Messages Into the Azure Event Hubs Service
How to Stream IoT MQTT Messages Into the Azure Event Hubs Service
 
Back to Basics: An Introduction to MQTT
Back to Basics: An Introduction to MQTTBack to Basics: An Introduction to MQTT
Back to Basics: An Introduction to MQTT
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Implementing the 5 Pillars of IT Security for MQTT

  • 1.
  • 2. Copyright © by HiveMQ. All Rights Reserved. linkedin.com/in/sauroter/ github.com/sauroter/ WELCOME Magi Erber Georg Held Product Manager @HiveMQ Software Developer @HiveMQ @ErberMagi linkedin.com/in/margaretha-erber/
  • 3. Copyright © by HiveMQ. All Rights Reserved. As we speak millions of things are newly connected to the internet
  • 4. Copyright © by HiveMQ. All Rights Reserved. The Internet of Things is HUGE Copyright © by HiveMQ. All Rights Reserved. People on the internet
  • 5. Copyright © by HiveMQ. All Rights Reserved. Web Technology used today is built for the Internet of Humans, NOT for the Internet of Things Confidential and Proprietary. Copyright © by HiveMQ. All Rights Reserved.
  • 6. Copyright © by HiveMQ. All Rights Reserved. Technical IoT Challenges ● Scalability: Massive scalability required for millions of devices Copyright © by HiveMQ. All Rights Reserved. ● Instant data delivery: critical systems need reliable and instant data transfer ● Unreliable networks: excellent customer experience for IoT apps and devices
  • 7. Copyright © by HiveMQ. All Rights Reserved. We need open standards designed for the Internet of Things Confidential and Proprietary. Copyright © by HiveMQ. All Rights Reserved.
  • 8. Copyright © by HiveMQ. All Rights Reserved.
  • 9. Copyright © by HiveMQ. All Rights Reserved. What is MQTT? • Easy on the device side, pushes all implementation complexity to the server • Publish/Subscribe based architecture • Created for extreme scale and instant data exchange • (I)IoT Messaging Protocol • Built for machines and constrained devices (binary, data agnostic) • Designed for reliable communication over unreliable channels
  • 10. Copyright © by HiveMQ. All Rights Reserved. Connected Car IIoT / Industry 4.0 Logistics Telecommunication IoT Messaging Middleware MQTT Use Cases
  • 11. Copyright © by HiveMQ. All Rights Reserved. MQTT Use Cases Push Communication Reliable Communication over unreliable networks Constrained Devices Low Bandwidth and High Latency Industrial Message Bus
  • 12. Copyright © by HiveMQ. All Rights Reserved. MQTT ● Lightweight protocol on top of TCP/IP ● Publish / Subscribe pattern using topics ● De-coupling of sender and receiver
  • 13. Copyright © by HiveMQ. All Rights Reserved. Security Challenges for IoT Use Cases
  • 14. Copyright © by HiveMQ. All Rights Reserved. Challenge 1 - Sensible Data ● Connecting things exposes sensible data to the internet Copyright © by HiveMQ. All Rights Reserved. ● Data breach would damage the reputation of your business Bad press can ruin your business (unit)
  • 15. Copyright © by HiveMQ. All Rights Reserved. Challenge 2 - Control over IoT Devices ● Compromised devices for daily usage can be extremely dangerous Attacker could get control over device Copyright © by HiveMQ. All Rights Reserved. ● Compromised devices can open access to company infrastructure Point of entry for fraudsters to steal corporate secrets
  • 16. Copyright © by HiveMQ. All Rights Reserved. Challenge 3 - Legal or Corporate Regulations ● Legal regulations for data privacy and safety Software must be compliant to a bunch of legal regulations like GDPR, CCPA, ... Copyright © by HiveMQ. All Rights Reserved. ● Corporate compliance policies In addition software must be compliant to corporate specific regulations
  • 17. Copyright © by HiveMQ. All Rights Reserved. Challenge 4 - Customer Experience ● Customer experience for IoT apps and devices must be excellent even when security is in place Combination of high grade security and excellent user experience ● Devices and apps must be easy to program and maintain, complexity should be at the broker not on the device Broker is easier to update than physical devices
  • 18. Copyright © by HiveMQ. All Rights Reserved. Security is a key concern for any application
  • 19. Copyright © by HiveMQ. All Rights Reserved. Multiple Security Layers Network Host Application Data Enterprise
  • 20. Copyright © by HiveMQ. All Rights Reserved. 5 pillars of IT Security
  • 21. Copyright © by HiveMQ. All Rights Reserved. 5 Pillars of IT Security Confidentiality Information is only available to authorized parities (and to no one else) Integrity Information can only be put into the system or changed by authorized parties (and no one else) Availability The system can be accessed by authorized parties at any time Authenticity Information is associated with a source Non-Repudiation Actions are associated with a source after the fact
  • 22. Copyright © by HiveMQ. All Rights Reserved. Confidentiality Confidentiality Information is only available to authorized parties (and to no one else) ● This is the thing we most often care about. ● We don't want competitors to get our data. ● We don't want to be liable for data loss (GDPR). ● We want to validate the trust placed in us by our customers.
  • 23. Copyright © by HiveMQ. All Rights Reserved. ● Trusted environments Confidentiality ● Transport encryption ● Mutual Authentication ● Subscriber Authorization
  • 24. Copyright © by HiveMQ. All Rights Reserved. Trusted Environments ● Run broker and devices in trusted environments ● Broker often works as interface between public untrusted environment and secure backend ● If devices are not under your control, don’t trust them unconditionally
  • 25. Copyright © by HiveMQ. All Rights Reserved. Transport Encryption ● MQTT is based on TCP / IP Stack ● Listens on Port 1883 for communication / TLS ● TCP connection can be secured by TLS ● Listens on Port 8883 for secure communication
  • 26. Copyright © by HiveMQ. All Rights Reserved. TLS - Transport Layer Security Cryptographic protocol Secure communication and authenticated channel between server and clients TLS Handshake initiates TLS session TLS secured communication can’t be eavesdropped by anyone Prevents Man-in-the-Middle attacks
  • 27. Copyright © by HiveMQ. All Rights Reserved. Provision and Revocation of Certificates Provision of certificates ● Needs a planned provisioning and certificate lifecycle process ● Deployed PKI (public key infrastructure) Revocation of certificates ● Needed as soon as certificates can’t be trusted anymore ● Certificate Revocation List (CRL) ● OCSP for online certificate validation ● Use a management system like Hashicorp Vault
  • 28. Copyright © by HiveMQ. All Rights Reserved. Transport Encryption - Best Practices ● Use transport encryption (TLS) ● Use certificates from trusted CAs ● Use highest TLS version and secure cipher suites
  • 29. Copyright © by HiveMQ. All Rights Reserved. Cipher Suites TLS_AES_256_GCM_SHA384 ● High bit length (big numbers) ● Proven Algorithms (AES) ● Safe Modes (GCM) For TLS <= 1.2 ● Ephemeral Diffie Hellman key exchange (e.g. TLS_ECDHE_…)
  • 30. Copyright © by HiveMQ. All Rights Reserved. Transport Encryption - Example
  • 31. Copyright © by HiveMQ. All Rights Reserved. Payload Encryption ● Use payload encryption instead ● At least hash or encrypt password of connecting client ● Every clients needs to have key & secret ● BUT!: It leaks metadata On very constrained devices transport encryption could be not possible!
  • 32. Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication Authentication verifies whether a person, device or application is who they say they are Authentication can take place on the Transport Layer and on the Application Layer
  • 33. Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication using Certificates Transport Layer Authentication ● Mutual Authentication of broker and client using the presented certificate at TLS handshake ● Authentication takes place before a secure communication channel is established Application Layer Authentication / Authorization ● Client is granted permissions based on certificate information
  • 34. Copyright © by HiveMQ. All Rights Reserved. Client Authentication (Identity and Access Management Systems) ● Different external systems can be used to authenticate clients at a broker ● Client provides authentication data in the CONNECT packet ● Broker looks up the authentication data in the connected external systems ● External authentication systems: ○ LDAP ○ OAuth2.0 ○ Databases ○ ACL ○ ... Caution: Not all brokers support a pluggable authentication and authorization system!
  • 35. Copyright © by HiveMQ. All Rights Reserved. Mutual Authentication - Example
  • 36. Copyright © by HiveMQ. All Rights Reserved. Subscriber Authorization Authorization provides access rights to a resource ● Without authorization every client is allowed to subscribe to all topics ● Clients should only get the data they are allowed to get ● Permission structure must match topic structure ● Tip: Use client identifiers in topics where possible ● Be careful with wildcard subscriptions!
  • 37. Copyright © by HiveMQ. All Rights Reserved. Subscriber Authorization Permission includes: ● Allowed Topic (exact topic or topic filter including wildcards) ● Allowed Operation (Subscribe, Publish, both) ● Allowed QoS (0, 1, 2, 0-1, 1-2, all) ● Allowed specific operations (retained messages, shared subscriptions) class MQTT_Permissions { String topic; Boolean publish_allowed; Boolean subscribe_allowed; Boolean qos_0_allowed; Boolean qos_1_allowed; Boolean qos_2_allowed; Boolean shared_sub_allowed; String shared_group;}
  • 38. Copyright © by HiveMQ. All Rights Reserved. Integrity Integrity Information can only be put into the system or changed by authorized parties (and no one else) ● Devices make decisions based on data. ● Customers expect correct data. ● Deployment teams take actions based on data.
  • 39. Copyright © by HiveMQ. All Rights Reserved. ● Transport Encryption Integrity ● Mutual Authentication ● Publisher Authorization ● Broker / Device access security
  • 40. Copyright © by HiveMQ. All Rights Reserved. Publisher Authorization 🚫 Blocklist ● Everything that is not explicitly denied, is allowed ● Offers protection as long as all restrictions are known for all clients ● Threats are only stopped after list has been updated 🔆 Whitelist ● Everything that is not explicitly allowed, is denied ● High maintenance effort ● Access is only granted after list has been updated
  • 41. Copyright © by HiveMQ. All Rights Reserved. Authorization of Publishers - Example
  • 42. Copyright © by HiveMQ. All Rights Reserved. Access Security (Operating System) ● Keep libraries and software updated ● Every connection should pass at least one Firewall ● Disallow root access and use SSH keys for SSH ● Use file system permissions (chmod -R X00 ...) ● Install a intrusion detection and prevention system ● Use SELinux
  • 43. Copyright © by HiveMQ. All Rights Reserved. Access Security (Tamper proofing devices) ● Remove JTAG access ● Use signed firmware ● Secure access to X.509 Certificates (read only) ● Endpoint Security ● …
  • 44. Copyright © by HiveMQ. All Rights Reserved. Availability Availability The system can be accessed by authorized parties at any time ● Excursion: A cautious tale of the most secure software system. ● Only a used system generates any value ● Customers pay for the availability of a system
  • 45. Copyright © by HiveMQ. All Rights Reserved. Availability ● Incident management ● Support systems ● MQTT software selection
  • 46. Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right MQTT Broker ● Performant, scalable and high available broker ● Track Record and Reputation of the broker vendor ● Longevity: Long Term Support for broker software ● Compliance to the entire MQTT specification ● Monitoring of broker and tracing of devices ● Pluggable authentication & authorization system ● (D)DoS Detection ● Overload Protection ● Support of TLS ● Professional support
  • 47. Copyright © by HiveMQ. All Rights Reserved. Overload Protection - Example
  • 48. Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right MQTT Client ● Efficient and reliable implementation of the whole standard ● Supports all MQTT security features ● Longevity: Long Term Support for client software
  • 49. Copyright © by HiveMQ. All Rights Reserved. Criteria for selecting the right Integration Systems ● Highly proven and production grade third party systems ● Track Record and Reputation of the vendor ● Longevity: Long Term Support for software
  • 50. Copyright © by HiveMQ. All Rights Reserved. Incident Management Clear responsibilities for incident management inside your organisation Defined processes with a multi tiered escalation Direct access to subject matter experts via vendor support contracts. Regular trainings and rehearsals High skill level of responsible team Regular Backups of the system
  • 51. Copyright © by HiveMQ. All Rights Reserved. Support Systems Load Balancers Scalable Infrastructure Automated monitoring and flexible logging handling Alerting Systems IDS / IPS System with the right data source (Access Log, ip based)
  • 52. Copyright © by HiveMQ. All Rights Reserved. Other Pillars Authenticity Information is associated with a source -> Payload Signing Non-Repudiation Actions is associated with a source after the fact -> Audit Log Auditability The system generates and stores a paper trail -> Access Log Privacy Personal data is not leaked -> Must be implemented in the infrastructure
  • 53. Copyright © by HiveMQ. All Rights Reserved. Security is a key concern for any IoT application. HiveMQ implements the security features required for safe and secure enterprise IT and OT deployments.
  • 54. Copyright © by HiveMQ. All Rights Reserved. HiveMQ Security Architecture
  • 55. Copyright © by HiveMQ. All Rights Reserved. HiveMQ Security Architecture ● Pluggable Authentication and Authorization System ● Prebuilt Security Extension ● TLS secured communication ● Overload Protection and (D)DOS detection ● Fine grained permission system for MQTT clients and HiveMQ Control Center users ● Chaining of auth mechanisms ● Default Deny-All behaviour ● Integrated monitoring system and over 800 metrics ● 24/7 professional support
  • 56. Copyright © by HiveMQ. All Rights Reserved. HiveMQ Enterprise Security Extension ● Central management for IoT device and HiveMQ Control Center authentication and authorization ● Flexible and easy integration with multiple external authentication systems and data sources (e.g. databases, LDAP, OAuth 2.0) ● High Scalability and reliability ● Default Whitelisting Concept ● Access log (rolling on daily basis) ● Provides maximum flexibility in defining authorization rules
  • 57. ANY QUESTIONS? Reach out to community.hivemq.com
  • 58. THANK YOU Stay updated on upcoming webinars Subscribe to our Newsletter!