0

Through the use of MQTT protocol and SAS (shared access signature) tokens, my device is connected to AZURE IoT HUB. I would like to set the SAS token's expiry time to 5 years because it is hardcoded into the device firmware. The device will be connected to IoT Hub then a message will be routed to Azure Storage using a custom endpoint.

What will the risks be?

Due to these devices' remote location, SAS tokens or firmware cannot be updated frequently.

Maurice
  • 11,482
  • 2
  • 25
  • 45
SKARVA Bodavula
  • 903
  • 11
  • 17

1 Answers1

1

Unless you are running highly sensitive use case which can be affected by another device impersonating its identity, it should not matter. MQTT protocol by design does not allow two connections with the same identity (it disconnects the device if it gets another CONNECT request).

The key or token will need to be in the firmware with physical access to the attacker. In most cases losing physical access to the device will be worse than losing the key or token to impersonate that device. If the key or token is stored in a secure element then it will be more secure.

If you need longer than 5 years, just store the symmetric key and generate token as needed.

humblejay
  • 337
  • 1
  • 2
  • https://stackoverflow.com/users/11065231/humblejay Testing scenario: when I tried to connect IoT hubs with the same identity from different OPC UA server, the first connection was dropped and the second one became active. In that case, the hacker is attempting to impersonate the ability to communicate to IoT Hub, isn't it? – SKARVA Bodavula Jun 03 '22 at 14:06