MQTT stands for “Message Queuing Telemetry Transport”. This protocol was designed 1999 for machine-to-machine telemetry in low bandwidth environments for TCP/IP networks. MQTT started as a proprietary protocol, it was released Royalty free in 2010 and became OASIS standard in 2014. MQTT was fast becoming one of the main protocols of IOT (internet of things) deployments. MQTT v3.1.1 is in Common Use, the new version MQTT v5 has been approved in Jan 2018 and is currently in Limit use. This web-seminar gives an overview of security threats and common vulnerability patterns of the MQTT v3.1.1 protocol if you don’t use today’s state-of-the-art security features of TCP/IP. The web-seminar shows methods to put security into MQTT v3.1.1 protocol and pinpoints the advantages and disadvantages for each case that will be discussed. The target audience of this web-seminar are developers with a good understanding of TCP/IP and MQTT-protocol. As preparation we suggest reading Section 4.5.2 of 5GCroCo Deliverable D3.2

 Speaker Bio

Erik Wegscheider was engaged in military projects (DOD-STD-2167A) and was working most of the time for customers with attentions in data security (PII-data, health data). He has more than 25 years’ security experience with IT-Network architecture with deep Knowledge of IP protocols, in particular with Firewalls and other security appliances. Erik has best practice with security in data centers and field experience as auditor for IT-Security-Audits.