PUB/SUB

XMPP.org defines publish/subscribe (in short, pub/sub) as a communication pattern that describes how messages between two different entities are transported in the network to accomplish certain tasks. The Pub/Sub pattern allows for the mass distribution of information to interested parties in an efficient manner.

Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) are two of the most popular pub/sub machine-to-machine (M2M) protocols. Both are very easy to use, adaptable, and lightweight protocols suitable for effectively connecting a large array of devices over the Internet. They are designed for resource-constrained, M2M use cases (e.g. low power, high latency, limited bandwidth).

What Isn’t Working

A report “The Fragility of Industrial IoT’s Data BackBone: Security and Privacy Issues in MQTT and CoAP Protocols” from Trend Micro back in Dec 2018 puts the issue of M2M security vulnerabilities right in the front and center. The report highlights how attackers have been able to locate exposed IoT servers and brokers, thereby leaking over 200 million MQTT messages and 19 million CoAP messages. Attackers can then weaponize these in industrial espionage, denial-of-service attacks, and targeted attacks. There are two major areas of vulnerability which have been well documented:

1. Although M2M is based on TCP, there are situations where the MQTT protocol may be unsafely used with the applications for processing messages. Tainted data and command-insertion during regular exchanges of telemetry data can allow access to sensitive data and records. Hackers can exploit open opportunities with fake device insertions, DoS attacks, or remote code execution attacks.
2. Another common area of concern is over-the-air upgrades over MQTT, which are the most critical. Here, the security risk comes from the fact that an attacker could intercept such upgrades to take complete and persistent control of an endpoint.

The Way Going Forward

The ideal solution is an edge compute friendly, modular, security network infrastructure that, despite running over an untrusted host and any last-mile access connectivity layer, enables edge devices to securely connect online from dispersed locations and is multi-cloud friendly at the same time. The devices and data attached to such a network remain invisible to the public Internet. Enterprises must also be able to take advantage of such a network-centric, security architecture that comes with built-in programmable over-the-air (OTA) capability. Such a network should ideally be able to shield any open space for malicious data insertion by having the network darklisted in its foundation. Lastly, such a security architecture must include a user-friendly interface for facilities operators to implement seamless manageability and usability.

Key Takeaway

Industrial enterprises with dispersed assets and diverse data sources are increasingly realizing that relying on standard Pub/Sub cloud brokers is simply futile. Pub/Sub methods such as MQTT/CoAP are riddled with too many security loopholes particularly, in the border cases. Moreover, enterprises would need bandaid solutions on top of such methods to bring scale and interoperability across public cloud vendors, leading to increasing recurring costs. The digital enterprise of tomorrow needs an identity-centric, multi-cloud friendly, network security based model that is akin to a global virtual LAN. Pub/Sub methods can, however, seamlessly run on top of this new security layer that remains invisible from the public Internet.