Devices are authenticated using X.509 certificates. The system performs both device authentication with the server, as well as server authentication with the device. Device keys are pre-loaded during the manufacturing process and are tied to a unique device ID. In some cases devices can’t be loaded with a key during the manufacturing process. In these cases, the association is done ad-hoc in the field and requires a privileged logged in user to ensure reliance.
All communication with the devices is encrypted over TLS.
All communication to the IoT broker is done using MQTT, all other protocols are blocked and all ports are closed.
MQTT messages are inspected for integrity and any message that does not conform to integrity will not be handled.
All Microservice applications are logged and audited. This includes:
- Lambda Functions.
- RDS errors.
- User Activity via User Audit Service.
- Event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
Updated 8 months ago