To implement end-to-end trust, it is important that IoT messaging protocols support identity and access controls. In this section, identity controls in the most commonly used IoT messaging protocols are briefly described. Chapter 5, Securing Connectivity and Communications, provides a more in-depth assessment of the security capabilities of the protocols at various layers of the IIoT connectivity stack.
MQTT allows sending a username and password. Until recently, the specification recommended that passwords be no longer than 12 characters. The username and password are sent in the clear as part of the CONNECT message. As such, it is critical that TLS be employed when using MQTT to prevent man-in-the-middle attacks on the password. Ideally, end-to-end TLS connectivity between the two endpoints (or gateway-to-gateway), along with certificates to mutually authenticate the TLS connection, are advisable controls.