Improving IoT Security with Access Control List Substitution Variables

Many IoT applications will see very large numbers of clients connecting to Solace message routers via insecure public networks. For example, vehicles in a fleet may communicate with the company’s Solace routers over the Internet using MQTT. In such a scenario the company’s system administrators may want to implement Access Control Lists (ACLs) so each vehicle can only publish to topics containing their own MQTT client-username. This would prevent, for example, one vehicle from impersonating another.

But client connection counts can be quite large in IoT applications, making it impractical to create a unique ACL profile for each client. In the recent 8.3.0 release of the Solace Virtual Message Router, we added substitution variables for client-usernames in topic strings to ACL profiles, which means you can now apply a single ACL profile to many client connections. When the MQTT client-username substitution variable appears in an ACL rule being applied to a client, the router replaces that variable with the corresponding client-username for the client connection when performing an ACL check.… Read the rest

Can Blockchain Secure the Internet of Things?

In December, a group of companies interested in using blockchain as a tamper-proof method in IoT applications held a meeting, New Horizons: Blockchain x IoT Summit, in Berkeley, California. The goal was to define the scope and implementation of a “smart contracts” IoT protocol layer. This consortium includes startups like Ambisafe, BitSE, Chronicled, ConsenSys, Distributed, Filament, Hashed Health, Ledger, Skuchain, and, along with a few large companies like BNY Mellon, Bosch, Cisco, Gemalto and Foxconn.

The consortium agreed thatsecurity, trust, identity and registration and verification would be the cornerstones of any common protocol, while also acknowledging the need for integration and interoperability across multiple chip types, communication protocols, proprietary platforms, cloud service providers, and blockchain systems.

Currently participation in the group is voluntary without any formal membership or governance structures, emphasizing fast-moving open source collaboration.… Read the rest