0

Considering some IoT devics may not be powerful enough to handle TLS (e.g. Arduino based), what is the intended security (authentication) method?

Having plain connection (MQTT or HTTP) a static password is out of question. So I am considering to have an HMAC based digest for the password. What is the MQTT authentication user registry?

I see an article http://wso2.com/library/articles/2016/06/article-the-basics-of-mqtt-and-how-wso2-products-support-mqtt-protocol/ where a custom broked authenticator can be defined. Would a custom IAuthenticator implementation (e.g. HMAC based password) be enough?

I know it may not be foolproof until each message is not authenticated

Community
  • 1
  • 1
gusto2
  • 11,210
  • 2
  • 17
  • 36

1 Answers1

0

MQTT broker in IoTS has an extension for authentication and authorization. By default, we have enabled OAuth as the authentication mechanism. Please refer [1] & [2] to understand how custom auth mechanism can be used.

[1] https://medium.com/@ayyoobhamza/authentication-and-authorization-extension-for-mqtt-wso2-message-broker-2495fb2fa56e

[2] https://medium.com/@ayyoobhamza/oauth-authentication-and-authorization-with-mqtt-for-iot-devices-a42019187a05

exterminator
  • 250
  • 4
  • 11