25 Dec 2022
MQTT Have yourself a merry little webcamFormal definition of IoT may change depending on who is setting it, but can be best used as a broad categorization of “a device that sends and receives data to communicate with other devices and systems.” IoT categorizes unique devices, i.e. smart fridges, that dont match other categories, such as mobile devices. Tend to be lightweight, only essential functionality and features included. Of the modern features that may be left out or overlooked is security.
Devices are interconnected and often involve no human interaction. Devices must not only be designed to communicate data effectively but also negotiate a secure means of communication where no human interaction is required (i.e. using a password).
Devices designed to all be interconnected. If device a using x protocol and device b using y protocol, there’s a big problem. Same concept can be applied to security. if security protocols are incompatible, will they fall back to insecure communication.
“IoT protocol” categorizes any protocol used by an IoT device for machine-to-machine, machine-to-gateway, or machine-to-cloud communication. Protocol’s objectinve should be efficient, reliable, and secure data comms. Protocols can be broken into IoT data protocol and IoT network protocols. Difference is how and where the communication occurs. Data protocols typically rely on tcp/ip model, network protocols rely on wireless technology (WiFi, Bluetooth, ZigBee, Z-Wave).
Data protocols commonly take form of a messaging protocol, sending/receiving a message/payload between two parties. Messaging protocols communicate through an independant server (“middleware”) or by negotiating a method amongst themselves. Lightweightand efficiency of IoT devices commonly results in using middleware, allows use of protcols being able to be translated for different devices. Popular messaging protocols:
| Protocol | Comm Method | Description |
|---|---|---|
| MQTT (Messaging Queuing Telemetry Transport) |
Middleware | Lightweight protocol relies on publish/subscribe model |
| CoAP (Constrained Application Protocol) |
Middleware | Translates HTTP to a usable medium for leightweight devices |
| AMQP (Advanced Messaging Queuing Protocol) |
Middleware | Transactional protocol to receive, queue, and store messages/payloads between devices |
| DDS (Data Distribution Service) | Middleware | Scalable protocol that relies on publish/subscribe model |
| HTTP | Device-to-Device | Comm method from traditional devices to lightweight devices for large data comms |
| WebSocket | Device-to-Device | Relies on client-server model to send data over TCP connection |
Relies on a broker to negotiate “published” messages and “subscription” queries. Multiple publishers can use same broker through topic method. Topic, commonly formatted as `
MQTT broker default is assign all connected devices read/write access to all topics. May be fine at first, but data shoud;n’t be read or manipulated by unauthorized sources, and should be accessible to authorized users. Authetication and authorization should be implemented per best prectices of CIA (Confidentiality, Integrity, and Availablility).
Device behavior can be learned by:
Mosquitto is a suite of MQTT utilities that include a broker, and publish/subscribe clients that can be used from command line.
mosquitto_sub -t device/ping Localhost broker topic device/ping mosquitto_sub -h example.thm -t device/thm Remote broker example.thmmosquitto_pub -h emample.thm -t device/info -m "This is and example"Notable flags
-d: Enables debig messages-i or -id: Specifies ID to identify the client to server-p or -port: specifies port the broker is using, default 1883-u or -username: specifies username for authentication-P or -password: Specifies password for authentication-url: specifies username, password, host, port, and topic in one urlGain info on the webcam’s broker and redirect the feed to get the flag.
Flag gotten, but three tasks to get done in 2 days. Hopefully the schedule will cooperate.