Book Image

Mastering Internet of Things

By : Peter Waher
Book Image

Mastering Internet of Things

By: Peter Waher

Overview of this book

The Internet of Things (IoT) is the fastest growing technology market. Industries are embracing IoT technologies to improve operational expenses, product life, and people's well-being. Mastering Internet of Things starts by presenting IoT fundamentals and the smart city. You will learn the important technologies and protocols that are used for the Internet of Things, their features, corresponding security implications, and practical examples on how to use them. This book focuses on creating applications and services for the Internet of Things. Further, you will learn to create applications and services for the Internet of Things. You will be discover various interesting projects and understand how to publish sensor data, control devices, and react to asynchronous events using the XMPP protocol. The book also introduces chat, to interact with your devices. You will learn how to automate your tasks by using Internet of Things Service Platforms as the base for an application. You will understand the subject of privacy, requirements they should be familiar with, and how to avoid violating any of the important new regulations being introduced. At the end of the book, you will have mastered creating open, interoperable and secure networks of things, protecting the privacy and integrity of your users and their information.
Table of Contents (24 chapters)
Title Page
Copyright and Credits
Packt Upsell

Security considerations

Since MQTT is very simple to get started with, both from an application user perspective and a protocol developer perspective, it has become very popular for use in IoT. But the simplicity has its drawbacks. MQTT has some serious vulnerabilities that any developer using it must be made aware of.

Managing authentication

One of the biggest vulnerabilities is its management of passwords. They are sent in clear text in the protocol. And MQTT does not use a pluggable authentication architecture like the Simple Authentication and Security Layer (SASL) either. This causes a whole range of problems. If passwords are to be used, the application must persist them. If SASL would have been used, a hash would most likely have been sufficient. This creates a whole new set of vulnerabilities for the application layer.

The common solution is to use either encryption or out-of-band authentication, or a combination of both instead. But out-of-band authentication is not a standardized...