Secure communication in the cloud normally involves the following:
- Data encryption: hiding what is sent
- Data integrity: protecting data from being tampered with
- Authentication: validating the identity of the parties in the communication
Using a cryptographic protocol such as the TLS takes care of data encryption and integrity, and also allows the client to validate the identity of the server by validating its digital certificate.
For IoT devices, validating the identity of the client
presents a unique challenge. Unlike traditional consumer devices such as PCs and phones, IoT devices are typically not operated by humans who can enter a password, recognize a picture or solve a CAPTCHA.
In this post, we will look at how to write apps for Windows IoT Core that can authenticate to Azure, while protecting the security-sensitive information on the device.