Device – Cloud Security

Device Authentication

Devices are authenticated using X.509 certificates. The system performs both device authentication with the server, as well as server authentication with the device. Device keys are pre-loaded during the manufacturing process and are tied to a unique device ID. In some cases devices can’t be loaded with a key during the manufacturing process. In these cases, the association is done ad-hoc in the field and requires a privileged logged in user to ensure reliance.

Secure Connectivity

All communication with the devices is encrypted over TLS.

All communication to the IoT broker is done using MQTTMQTT - MQTT is an OASIS standard messaging protocol for the Internet of Things (IoT)., all other protocols are blocked and all ports are closed.

Protecting from protocol vulnerabilities and device side attacks

MQTT messages are inspected for integrity and any message that does not conform to integrity will not be handled.

Auditing

All Microservice applications are logged and audited. This includes:

  • Lambda Functions.
  • RDS errors.
  • User Activity via User Audit Service.
  • Event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Did this page help you?