Nexto Series PLCs offer support to TLS 1.2 for MQTT messages encryption

Nexto Series PLCs offer support to TLS 1.2 for MQTT messages encryption

08 Jul 2020

As we previously reported, we have been adding functionalities to the Nexto Xpress solution, our latest line of compact PLCs, capable of further increasing the level of connectivity of  IoT ready products. In the last few months, we have made available several features, such as support for the MQTT protocol, expansion of inputs and outputs via the CAN interface, the new XP340 model and, recently, support to the IEC 60870-5-104 Server protocol. Now, to increase security when using MQTT, NX3003, NX3004, NX3005 CPUs and Nexto Xpress PLCs with protocol support will now offer TLS 1.2 communication.

What is the TLS protocol?

Transport Layer Security (TLS) is a protocol that provides a secure communication channel between a client and a server. In other words, it is an encrypted protocol that uses a handshake mechanism to negotiate various parameters and create a secure connection between two points. Upon completion of the handshake, encrypted communication is established between these points and no attacker can access any part of the communication. TLS servers provide an X509 certificate (usually issued by a trusted authority), an item that clients use to verify the identity of the server.

Why use TLS with MQTT

Encryption is necessary to communicate securely over the internet: if your data is not encrypted, anyone can examine your packages and read confidential information. Imagine that you are sending a letter. It is clear who the recipient is, and the postman will ensure that the envelope reaches this person, but nothing prevents the postman from reading the letter`s contents. In fact, everyone involved in delivery can read or change the contents of the package!

The essence of this scenario is also true for the Internet or computer networks in general. We can analyze the use of TCP / IP as the letter sending process. The TCP packet passes through many infrastructure components (routers, firewalls, Internet Exchange Points) before reaching the destination. Every participant along the way can read the contents of the package in clear text, until they modify it.

MQTT depends on the TCP transport protocol and, by default, TCP connections do not use encrypted communication. To encrypt all MQTT communication, many intermediaries allow the use of TLS instead of simple TCP. TLS provides a secure communication channel so that your message reaches the recipient intact, ensuring that the content of your communication cannot be read or altered by third parties.

Altus products with MQTT TLS 1.2 support

To start using the TLS 1.2 protocol support on enabled CPUs, simply update the MasterTool IEC XE programming software to the latest version available on the Altus website. To apply it, you will need an MQTT broker, such as Eclipse Mosquitto, available for free download here.