Recently, the number of smart things has been constantly growing, such as cameras, various sensors, smart bulbs, switches and much more. These things have constant access to the Internet and actively exchange data for analytics with applications. In fact, there are more strategically important data such as sensor readings about patient health. A very logical question arises of how to protect data of this kind, which in real time (without the user's discretion) is sent to third-party devices. The fact is that it is very difficult to design and build a unique and one hundred percent secure IoT (Internet of things) system, due to the fact that the devices have different operating systems, purposes and scales - some work within your room, and some, for example , should cover the city area video surveillance system.
In this article we will look at various authentication mechanisms - by username and password, by token, using OTP (one-time password) and, finally, certificates. For example, at the household level, this allows you to protect electricity meters from unauthorized access, and protect data from substitution.
The best place to start is with a very fundamental thing for an IoT platform. The IoT platform is a tool that unites "things" and the "Internet" and, in fact, is the basis for building new solutions in the IoT. The platform market is growing very rapidly and it makes no sense to consider all of them and, moreover, is not the purpose of this article. Since this does not break the generality, as an example, consider a platform from IBM (International Business Machines).
To understand when authentication mechanisms should work, let's look at the structure of a standard IoT application based on the IBM Watson IoT Platform and the IBM Bluemix cloud platform.
We won't go into details of the structure, but in short: devices publish sensor data to the IBM Watson IoT Platform, which communicates with the IoT application (on Bluemix) using the Message Queuing Telemetry Transport Protocol (MQTT). The devices then receive instructions from applications to perform control functions.
, , ( ) . - , , , .
, - 1. - , , , IoT - . .
, ( ), , CONNECT. , .
CONNACK, Return Code, . SUBSCRIBE .
MQTT SUBACK .
, .
CONNECT. password. , .
(OTP)
. , IOT-, OTP-request. , , . , . OTP- , .
. , . MQTT TCP/IP - TLS(Transport Layer Sequrity), TLS, .
, TLS . , , , . - . , .
? Client Hello, TLS, Clent Random - , . Server Hello, TLS, , Server Random( ). , , , . - , . , . Server Key Exchange, ( , , ). Server Hello Done, .
- Client Key Exchange, ( , , ). RSA , , pre-master secret( , ). , pre-master secret Client Key Exchange. , pre-master secret. (pre-master secret), , Client Random Server Random. Change Ciper Spec Finished( ), .
! IOT. ! Server Hello Done . , , . , , , , , CONNECT .
, , - , .
IoT. - - , . IoT, , , .
1. http://blog.catchpoint.com/2017/05/30/protocol-for-internet-of-things/
2. https://developer.ibm.com/articles/iot-trs-secure-iot-solutions1/
3. https://iot-analytics.com/5-things-know-about-iot-platform/