O'Reilly logo

Mastering Internet of Things by Peter Waher

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managing authorization

Authorization is the ability to determine who has access to what or who can do what. Authorization requires authenticated identities. MQTT does not forward the identities of publishers. This makes authorization a big problem. How do you know if a packet is valid, or if the sender is authorized to send it? Since anybody can publish packets on any topic, by default, injection a great problem.

As with the problem of privacy, this vulnerability can be solved using ACL. It can also be solved by cryptographic means, for instance by signing packets using a PKI encryption method, such as RSA. Signatures using PKI work well in a Publish/Subscribe setting. It is only the sender that needs the private key. Recipients only require ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required