Azure IoT Hub anti-spoofing

自作多情 提交于 2019-12-12 04:34:55

问题


Just read this thread

What I am still asking myself though is whether the IoT Hub does detect that there are multiple active connections that use the same deviceid and credentials? This could be the case if an attacker would steal the device auth key or the SAS token.

The anti-spoofing property ConnectionDeviceGenerationId does not seem to be used for this since:

generationId - An IoT hub-generated, case-sensitive string up to 128 characters long. This value is used to distinguish devices with the same deviceId, when they have been deleted and re-created.


回答1:


What I am still asking myself though is whether the IoT Hub does detect that there are multiple active connections that use the same deviceid and credentials?

For AMQP and HTTP, when sending Device-To-Cloud messages,multiple active connections using the same device id are able to work properly. But when receiving Cloud-To-Device messages it doesn't work.

But for MQTT, IoT Hub only supports one active MQTT connection per device. Any new MQTT connection on behalf of the same device ID causes IoT Hub to drop the existing connection.

Update:

IoT Hub allows devices to use MQTT, MQTT over WebSockets, AMQP, AMQP over WebSockets, and HTTP protocols for device-side communications. The following table provides the high-level recommendations for your choice of protocol:

  • MQTT(MQTT over WebSocket)

    Use on all devices that do not require to connect multiple devices (each with its own per-device credentials) over the same TLS connection.

  • AMQP (AMQP over WebSocket)

    Use on field and cloud gateways to take advantage of connection multiplexing across devices.

  • HTTP

    Use for devices that cannot support other protocols.



来源:https://stackoverflow.com/questions/42483084/azure-iot-hub-anti-spoofing

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!