Connections between different devices are made up of different layers, as was shown in the OSI model standard below. The model dictates the 7 different layers which contribute to the transmission of data in a network system.
One of the layers shown above is the transport layer. In this layer, the transmission of data is monitored and secured. There are different security protocols implemented within different data transfer protocols: MQTT, AMQP, CoAP, XMPP, and DDS. You should read that blog first before diving into the security protocols below since which one your product uses depends on the data transfer protocol you choose.
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are two of the most common security protocols used for network communications. The security system implements the method of encryption. In which encryption, by definition, is the method of scrambling data so it would be meaningless when tampered with (or collected over the air). Both SSL and TLS work in a similar fashion, with TLS being the updated version of SSL.
SSL 1.0 was first developed in 1995 and its development has come to a halt in 1998. TSL comes from a similar development background and many companies use it alongside or in place of SSL 3.0. SSL 3.0 has some security flaws so we suggest you use TSL instead.
To establish a connection with another device, the server with SSL/TLS security first sends a cryptographic key to the identified partner. The key provided can be classified into 3 types, a session key, a public key, and a private key. When the connection between devices is first established, the private and public key helps initiate the session key. This session key will last throughout the session and will be terminated when the connection is terminated.
SSL/TSL has 2 types of encryption, asymmetric and symmetric. When you apply symmetric encryption, the system only uses a pair of public keys for encrypting and decrypting. On the other hand, when you apply asymmetric encryption, the system uses the public and private key set throughout the encryption process.
The public key, which is visible to all users, is in charge of encrypting (randomizing) the data to be sent across. The corresponding private key, which is only known to the recipient, is in charge of decrypting the sent data. With these public-private key pairs, the encryption and identification of the data transmission process are maintained.
An example of the data layer protocol which implements SSL/TLS security is the MQTT protocol. The MQTT data transmission technique itself has several advantages over other means of transmission, which includes:
Datagram TLS is an improved version of TLS. On top of the data encryption that TLS provides, the DTLS also manages data package retransmission when the packet data is lost and assigns sequence numbers within the handshake process.
This security protocol was created by CoAP. CoAP itself has 4 types of security mechanisms, which include:
Simple Authentication and Security Layer. SASL has several command mechanisms, and the 2 most commonly used are anonymous and plain.
When the anonymous is called, the connection is established between a client and queue manager without having any credentials passed. This allows unauthenticated guest access.
On the other side, when the plain command is called, the queue manager requests a username and password from the client for the authentication process.
The AMQP and XMPP protocols implement the SASL security system along with the SSL/TSL encryption system for additional security.
The DDS protocol has its own security service technique. It’s developed more recently than DTLS or TLS, and is made up of 5 SPIs (Service Plugin Interfaces), which provide information assurance to the DDS system. The SPIs include: