Security is critical when deploying and managing an IoT network. Cloud IoT Core has several security features to protect your IoT network.
- Devices are authenticated individually. Which means if there is an attack on your IoT network it is limited to one device and not the whole fleet.
- There are four public key formats available for devices: RS256 and RSA256_X509, and ES256 and ES256_X509. You specify the key format when creating the device.
- You can also define an expiration time for each device credential (public key). After it expires, the key is ignored but not automatically deleted. If you don’t specify an expiration time for a key, it will not expire.
- The connection to the cloud is an TLS 1.2 connection, using root certificate authorities (required for MQTT).
- Cloud IoT Core supports up to 3 active keys per device. The service tries to verify the device with each of the active keys and accepts a connection if any active key matches.
Cloud IoT Core API access is controlled by Cloud Identity and Access Management (IAM) roles and permissions.