Secure your Arduino IoT network using Raspberry Pi and Nginx. via abarbanell.de
As a general rule, all API calls to your backend should always be encrypted with https (SSL/TLS), this applies for IOT scenarios just the same as for internet traffic in general. However, if you use cost-effective microcontrollers like Arduino or ESP8266, there is not enough computing horsepower to encrypt the traffic, or even enough memory to store the code for proper SSL/TLS handshake algorithms. So you loose out or you need to move to more expensive hardware.
This problem is listed as number 4 in the top 10 security vulnerabilities for IOT on the OWASP website, so I did not want to send the data from my home sensors unencrypted into the world.
Here I will describe a nice and elegant solution which solved this problem for me.
Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!