Security
The EDGEHOG platform provides the highest possible degree of security for the customer-connected solution using industry-standard encryption mechanisms to fully encrypt data exchange between devices and the cloud.
All communications between the devices and the server are fully encrypted using TLS.
TLS is widely adopted and is an industry-standard encryption scheme and most commonly used by browsers to encrypt https data.
All communications are routed through the MQTT over TLS or HTTPS protocols to ensure the highest data security. Basically, no data is transmitted unencrypted between the connected devices and the EDGEHOG server.
Each connected device must have a credential in the form of a valid and unique certificate to access the message broker.
The registration of a new gateway is also encrypted over TLS.
EDGEHOG Device Manager Client creates an RSA 2048bit key pair (public and private) and it creates the CSR from the private key, which also contains the public key. The CSR is sent to the server, which returns to the client the certificate that must be used to connect to the MQTT. Each device, therefore, has its own id which is associated with only one certificate.
Security is serious. EDGEHOG uses AWS IoT as its default infrastructure provider. Amazon Web Services meets modern IT and physical security requirements for data protection. All data is stored using the functionality of the persistent DynamoDB disk, which encrypts all data in transit and at rest. Please refer to their security documentation for full details.
All the operations available on the EDGEHOG Cloud Web Application can also be performed via APIs REST using HTTPS.
API access is controlled and authorized by the industry-standards OAuth 2.0 and JSON Web Token (JWT). The APIs are documented through Swagger files provided.
Check the APIs page security section for more info.
