Security

There are options for securing the communication. A TLS connection on the basis of X.509 certificates or a PreSharedKey (PSK) can be used for this.

It is recommended that communication be secured with TLS especially when communicating over non-trustworthy networks (e.g. the Internet). The broker itself must be operated in a trustworthy environment, since all messages are unsecured there.

	Compromising of the virtual ADS network Even when communication between the devices and the broker takes place in encrypted form via TLS, the devices are not secured among one another. The ADS commands are present on the broker in unencrypted form. If a device is compromised, the attacker can execute all ADS commands via the rights gained. These commands also include file reading operations or operations for starting processes.

Further Information

TLS / PreSharedKey (PSK)
TLS / certificates