Security

mDash service is using industry-standard TLS1.2 transport protocol for protecting network traffic. There are two network protocols provided by mDash, both are wrapped into TLS1.2:

  • MQTT - for connected devices
  • HTTP/RESTful - for management connections

Both MQTT and HTTP clients are authenticated using unique keys (passwords):

  • An MQTT key is used for MQTT authentication, and gives access to the whole MQTT namespace for the account: e.g. if a one device publishes a message, another device can subscribe to it.
  • Master REST key is used to give root access to the REST API
  • Device REST key gives access to the given device only, and only to. view or modify a subset of device shadow.

A connected device can be a network client, or network server, or both. For example, if a device provides a RESTful interface, it acts as a network server. If a device connects to an MQTT server, it acts as a network client.

Avoid running a network server on your device for the following reasons:

  • It is easy to DoS the device by creading many network connections. Say, a device has 40k of free RAM, and each connection takes 10k, then 4 connections is enough for the denial of service
  • A device must implement authentication and authorisation mechanisms that are potentially vulnerable
  • A network service code may be vulnerable
  • If TLS is used for communication, the connection setup time could be large because of the slow CPU, leading to delays and bad user experience
  • TLS certificate management for the local communication could be non-trivial

On the other hand, when a device acts as a client, these problems disappear:

  • It is impossible to hack into the device directly because it does not expose any network endpoint
  • A device does not care about authentication and authorisation - it is all handled on the cloud side, and secure services like Google IoT Core or AWS IoT would be a good choice for the cloud backend
  • The only entity a device should trust is a cloud backend, which is handled by the industry-standard TLS
  • No need to keep many network connections, cause a single secure connection to the cloud backend is enough for both management and data flows. This saves precious resources