The Dummies Guide to IoT Pt.2
All About Encryption
Last week, we introduced you to MQTT in AIKEA. This week, we’ll be giving you a breakdown on all the ways your data can be secured.
Securing MQTT is like handing a message to your concierge at a fancy hotel. The AI in AIKEA would be like a bike messenger, leaving a message for you at the desk. And your RPi, would be the one handing you the message.
If you wanted to secure your message, you could get by passing your message all in code, i.e. from the AI to the broker on the RPi. But you could do so much more.
MQTT security could be separated into 3 levels:
Network Level
This would be like locking down the hotel.
By securing your WiFi router (and also if you remember our our other Medium post on Smart Cameras, the Nests were hacked), you can ensure only people you trust can get into the hotel and potentially see your messages.
Unfortunately, as this is dependent on your router and how good your security habits are, we and AIKEA can’t do too much about it. But we can however, give helpful tips on how to secure your internet connection. That means, make sure your WiFi has a password, and don’t open up any guest WiFi access!
Transport Level
This would be like locking your messages in a briefcase before passing it to the concierge. Ensuring the bike messenger nor anyone in between can take a peek at it.
When MQTT was created, it was at the dawn of a new age. AOL, dial-up, and computing power were sold at a premium.
Partly due to the cost of bandwidth and partly due to the sometimes spotty network coverage, MQTT had to be lightweight.
Fortunately, as AIKEA is meant to be used at home and in this century, none of these are issues. In fact, because of how lightweight the transmission is, we can add another layer of encryption on our publish and subscribe messages so that even if they were intercepted, cracking your AIKEA detection results would be a slim prospect at best for any would-be hacker.
Application Level
Imagine if you opened up the letter, and it was all written in code! So in the event someone shady does get their mitts on it, they gotta have the right decoder if they plan on reading your messages sometime in the next several thousand years or so.
On the application level, MQTT has a built in security feature requiring you to log in with a username and password before changing any publish or subscribe settings. Adding another layer of security on an already very secure messaging protocol.
