XMPP.org defines publish/ subscribe (in short, pub/sub) as a communication pattern that describes how messages between two different entities are transported in the network to accomplish certain tasks. The Pub/Sub pattern allows for mass distribution of information to interested parties in an efficient manner.
Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) are two of the most popular pub/sub machine-to-machine (M2M) protocols. Both are very easy to use, adaptable and lightweight protocols suitable for effectively connecting a large array of devices over the Internet. They are designed for resource-constrained, M2M use cases (e.g. low power, high latency, limited bandwidth).
A report “The Fragility of Industrial IoT’s Data BackBone: Security and Privacy Issues in MQTT and CoAP Protocols” from Trend Micro back in Dec 2018 puts the issue of M2M security vulnerabilities right in the front and center. The report highlights how attackers have been able to locate exposed IoT servers and brokers, and leak over 200 million MQTT messages and 19 million CoAP messages. Attackers can then weaponize these in industrial espionage, denial-of-service attacks, and targeted attacks.
There are two major areas of vulnerability which have been well documented:
Although M2M is based on TCP, there are situations where the MQTT protocol may be unsafely used with the applications for processing messages. Tainted data and command-insertion during regular exchanges of telemetry data can allow access to sensitive data and records. Hackers can exploit open opportunities with fake devices insertion, DoS attack, or remote code execution attack.
Another common area of concern is over-the-air upgrades over MQTT, which are the most critical. Here, the security risk comes from the fact that an attacker could intercept such upgrades to take complete and persistent control of an endpoint.
What if there’s an edge compute friendly, modular, security network infrastructure that, despite running over an untrusted host and over any last-mile access connectivity layer, enables IoT devices to securely connect online from dispersed locations and is multi-cloud friendly at the same time. The devices and data attached to such a network remain invisible to the public Internet. Enterprises must also be able to take advantage of such a network-centric, security architecture that comes built in with the programmable-over-the-air (POTA) feature. Such a network should ideally be able to shield any open space for malicious data insertion by having the network darklisted in its foundation. Lastly, such a security architecture must be able to offer a user-friendly interface to facilities operators for seamless manageability and usability.
Industrial enterprises with dispersed assets and diverse data sources are increasingly realizing that relying on standard Pub/Sub cloud brokers is simply futile. Primary reasons are: Pub/Sub methods such as MQTT/CoAP are riddled with too many security loopholes particularly, in the border cases. Moreover, enterprises would need bandaid solutions on top of such methods to bring scale and interoperability across public cloud vendors, leading to increasing recurring costs. What such a digital enterprise of tomorrow needs is an identity-centric, multi-cloud friendly, network security based model that is akin to a global virtual LAN. Pub/Sub methods can, however, seamlessly run on top of this new network model while now being fortified with an underlying security layer that remains invisible from the public Internet.