Introduction to Mosquitto MQTT Broker
In today’s digitalized world, working with an MQTT broker for any machine-to-machine communication is very common. It is a lightweight protocol that exchanges data between multiple IoT devices. However, MQTT is not only used in IoT use cases but can be also found in software products and other applications, such as the Facebook Messenger application, as it takes advantage of MQTT’S low data and energy usage.
There are several brokers you can use as servers for MQTT. One of these is Mosquitto, an open-source software implementing this MQTT messaging protocol.
Mosquitto is an open-source implementation of a server for versions 5.0, 3.1.1, and 3.1 of the MQTT protocol. It also includes a C and C++ client library, and the mosquitto_pub and mosquitto_sub utilities for publishing and subscribing. You can either run Mosquitto broker on your PC, allowing you to exchange data between different IoT devices that are all connected to the same network. You can also run Mosquitto MQTT broker in the cloud, which then allows you to connect IoT devices irrespective of their location and network.
Enclaive Mosquitto — Confidential Compute Enterprise Enclave 4 SGX
However, one of the biggest drawbacks of the MQTT protocol is the fact that it is unencrypted. Because MQTT is trying to leverage its lightweight properties, security and authentication were never the features they were focusing on. Check out our Introduction Article on Mosquitto to learn more about the benefits and the downsides of MQTT.
However, enclaive provides you with a super secure solution for your Mosquitto broker.
Enclaive Mosquitto – Confidential Compute Enterprise Enclave 4 SGX Protects IoT Data from Insider Attacks
Businesses can now benefit from complete end-to-end container encryption of their Mosquitto MQTT broker. At any given moment in time, the code and data are fully secure and stay anonym. By leveraging confidential computing technology we ensure that your IoT Data is run securely and isolated from the moment it is created. From the inside, an enclaive Mosquitto-SGX is exactly the same: gathering the messaging protocol from the requesters and filtering it for the subscribers. However, from the outside, Mosquitto-SGX is a black box, fully encrypted, writing only encrypted data and sending this over encrypted channels to the subscribers.
And how are we doing this?
How we boost your Mosquitto MQTT broker
Tailor-made for confidential computing
By leveraging Intel® SGX-enabled CPUs and enclaive’s Enterprise Enclaves software, we provide you with a fully encrypted Mosquitto broker. With a single command, enclaive automatically creates a secure enclave that isolates and encrypts all application resources in runtime, at rest, and on the network to achieve the strongest end-to-end data protection available.
The focus of SGX is to protect sensitive data against untrusted users, even on already compromised systems. How is this achieved? With the help of hard implemented security and crypto mechanism inside the CPU itself. These enclaves are only accessible from inside themselves and plain text is only visible during the processing inside the CPU. Therefore, keeping the stored information safe at any given moment.
Security and performance combined
Mosquitto MQTT brokers are open-source implementations and are widely used for IoT data communication. However, Mosquitto broker is also a lightweight protocol, meaning security and authentication were never the features they were focusing on. It stores data in plain text in memory and an insider can easily scan memory using public scanning tools to gain unfettered access to any sensitive information stored in memory. Not with enclaive Mosquitto-SGX though. Our containers protect that data and the application itself from any insider attacks, even when the host is completely compromise. And if someone stops or interrupts a running enclave, any context information like registers is removed from the CPU. Therefore by interrupting the enclave an attacker cannot gain any information from the enclave. And you can run the most secure Mosquitto-broker out there without compromising on performance.
Easy deployment
Furthermore, enclaive Mosquitto-SGX containers are highly secure and built to work right out of the box. You don’t need to change the application code or SDKs. Because our intuitive and self-contained docker containers make infrastructure configuration easier. You need just a few clicks and you are ready to use our confidential docker containers.
Remotely attestable
By leveraging Mosquitto-SGX you are automatically protecting every single personally identifiable information processed through the MQTT broker. Our containers satisfy every privacy legislation: we keep your data always encrypted, in every part of the data lifecycle, making sure your business stays GDPR-compliant. Any user or legal auditor may attest at any moment to the integrity and confidentiality of both code and data. Any private or personal data shared through the Mosquitto broker will now be completely encrypted within this “black box”. Therefore, no data leakage can occur during the data processing time span and you can always get proof that the data is fully secure against unauthorized access.
Are you curious about trying SGX powered Mosquitto broker?
This sounds interesting to you, but you don’t want to use the entire next week to completely change your implementation? No worries: Mosquitto-SGX provides a pre-configured instance and step-by-step instructions that help you to quickly get a fully secure Mosquitto running in an enclave on all instances.
So why are you still reading? Try it out now here. Free of charge, of course!