Looking for enclaive's confidential multi-cloud solution. Click here.


How to boost your Mosquit­to Broker

Intro­duc­tion to Mosquit­to MQTT Broker

In today’s dig­i­tal­ized world, work­ing with an MQTT bro­ker for any machine-to-machine com­mu­ni­ca­tion is very com­mon. It is a light­weight pro­to­col that exchanges data between mul­ti­ple IoT devices. How­ev­er, MQTT is not only used in IoT use cas­es but can be also found in soft­ware prod­ucts and oth­er appli­ca­tions, such as the Face­book Mes­sen­ger appli­ca­tion, as it takes advan­tage of MQTT’S low data and ener­gy usage.

There are sev­er­al bro­kers you can use as servers for MQTT. One of these is Mosquit­to, an open-source soft­ware imple­ment­ing this MQTT mes­sag­ing protocol.

Mosquit­to is an open-source imple­men­ta­tion of a serv­er for ver­sions 5.0, 3.1.1, and 3.1 of the MQTT pro­to­col. It also includes a C and C++ client library, and the mosquitto_pub and mosquitto_sub util­i­ties for pub­lish­ing and sub­scrib­ing. You can either run Mosquit­to bro­ker on your PC, allow­ing you to exchange data between dif­fer­ent IoT devices that are all con­nect­ed to the same net­work. You can also run Mosquit­to MQTT bro­ker in the cloud, which then allows you to con­nect IoT devices irre­spec­tive of their loca­tion and network.

Enclaive Mosquit­to — Con­fi­den­tial Com­pute Enter­prise Enclave 4 SGX

How­ev­er, one of the biggest draw­backs of the MQTT pro­to­col is the fact that it is unen­crypt­ed. Because MQTT is try­ing to lever­age its light­weight prop­er­ties, secu­ri­ty and authen­ti­ca­tion were nev­er the fea­tures they were focus­ing on. Check out our Intro­duc­tion Arti­cle on Mosquit­to to learn more about the ben­e­fits and the down­sides of MQTT.

How­ev­er, enclaive pro­vides you with a super secure solu­tion for your Mosquit­to broker.

Enclaive Mosquit­to – Con­fi­den­tial Com­pute Enter­prise Enclave 4 SGX Pro­tects IoT Data from Insid­er Attacks

Busi­ness­es can now ben­e­fit from com­plete end-to-end con­tain­er encryp­tion of their Mosquit­to MQTT bro­ker. At any giv­en moment in time, the code and data are ful­ly secure and stay anonym. By lever­ag­ing con­fi­den­tial com­put­ing tech­nol­o­gy we ensure that your IoT Data is run secure­ly and iso­lat­ed from the moment it is cre­at­ed. From the inside, an enclaive Mosquit­to-SGX is exact­ly the same: gath­er­ing the mes­sag­ing pro­to­col from the requesters and fil­ter­ing it for the sub­scribers. How­ev­er, from the out­side, Mosquit­to-SGX is a black box, ful­ly encrypt­ed, writ­ing only encrypt­ed data and send­ing this over encrypt­ed chan­nels to the subscribers.

And how are we doing this?

How we boost your Mosquit­to MQTT broker

Tai­lor-made for con­fi­den­tial computing

By lever­ag­ing Intel® SGX-enabled CPUs and enclaive’s Enter­prise Enclaves soft­ware, we pro­vide you with a ful­ly encrypt­ed Mosquit­to bro­ker. With a sin­gle com­mand, enclaive auto­mat­i­cal­ly cre­ates a secure enclave that iso­lates and encrypts all appli­ca­tion resources in run­time, at rest, and on the net­work to achieve the strongest end-to-end data pro­tec­tion available.

The focus of SGX is to pro­tect sen­si­tive data against untrust­ed users, even on already com­pro­mised sys­tems. How is this achieved? With the help of hard imple­ment­ed secu­ri­ty and cryp­to mech­a­nism inside the CPU itself. These enclaves are only acces­si­ble from inside them­selves and plain text is only vis­i­ble dur­ing the pro­cess­ing inside the CPU. There­fore, keep­ing the stored infor­ma­tion safe at any giv­en moment.

Secu­ri­ty and per­for­mance combined

Mosquit­to MQTT bro­kers are open-source imple­men­ta­tions and are wide­ly used for IoT data com­mu­ni­ca­tion. How­ev­er, Mosquit­to bro­ker is also a light­weight pro­to­col, mean­ing secu­ri­ty and authen­ti­ca­tion were nev­er the fea­tures they were focus­ing on. It stores data in plain text in mem­o­ry and an insid­er can eas­i­ly scan mem­o­ry using pub­lic scan­ning tools to gain unfet­tered access to any sen­si­tive infor­ma­tion stored in mem­o­ry. Not with enclaive Mosquit­to-SGX though. Our con­tain­ers pro­tect that data and the appli­ca­tion itself from any insid­er attacks, even when the host is com­plete­ly com­pro­mise. And if some­one stops or inter­rupts a run­ning enclave, any con­text infor­ma­tion like reg­is­ters is removed from the CPU. There­fore by inter­rupt­ing the enclave an attack­er can­not gain any infor­ma­tion from the enclave. And you can run the most secure Mosquit­to-bro­ker out there with­out com­pro­mis­ing on performance.

Easy deploy­ment

Fur­ther­more, enclaive Mosquit­to-SGX con­tain­ers are high­ly secure and built to work right out of the box. You don’t need to change the appli­ca­tion code or SDKs. Because our intu­itive and self-con­tained dock­er con­tain­ers make infra­struc­ture con­fig­u­ra­tion eas­i­er. You need just a few clicks and you are ready to use our con­fi­den­tial dock­er containers.

Remote­ly attestable

By lever­ag­ing Mosquit­to-SGX you are auto­mat­i­cal­ly pro­tect­ing every sin­gle per­son­al­ly iden­ti­fi­able infor­ma­tion processed through the MQTT bro­ker. Our con­tain­ers sat­is­fy every pri­va­cy leg­is­la­tion: we keep your data always encrypt­ed, in every part of the data life­cy­cle, mak­ing sure your busi­ness stays GDPR-com­pli­ant. Any user or legal audi­tor may attest at any moment to the integri­ty and con­fi­den­tial­i­ty of both code and data. Any pri­vate or per­son­al data shared through the Mosquit­to bro­ker will now be com­plete­ly encrypt­ed with­in this “black box”. There­fore, no data leak­age can occur dur­ing the data pro­cess­ing time span and you can always get proof that the data is ful­ly secure against unau­tho­rized access.

Are you curi­ous about try­ing SGX pow­ered Mosquit­to broker?

This sounds inter­est­ing to you, but you don’t want to use the entire next week to com­plete­ly change your imple­men­ta­tion? No wor­ries: Mosquit­to-SGX pro­vides a pre-con­fig­ured instance and step-by-step instruc­tions that help you to quick­ly get a ful­ly secure Mosquit­to run­ning in an enclave on all instances.

So why are you still read­ing? Try it out now here. Free of charge, of course!

Contact us

Cookie Consent with Real Cookie Banner