> For the complete documentation index, see [llms.txt](https://mediam.gitbook.io/mediam/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mediam.gitbook.io/mediam/prototypes/technical-issues-today.md). # Technical issues today ## Existing issues with current architectures IoT devices operate by exchanging messages, with cloud services and other connected machines. So we must ensure that the messages that carry configuration data, sensor readings, control instructions and firmware updates (see the review of requirements in D1). The current weaknesses are usually due to the following reasons: * implicit trust in network boundaries (e.g. segmentation of connected devices versus the rest of the IT infrastructure), without authenticating the sender or validating the integrity of the message. * most IoT systems optimize for one-way authentication, without managing unique credentials for the fleet of devices * every IoT development team ends up hand rolling mechanisms for provisioning keys, activating devices and bootstrapping trust, which is a source of mistakes like default passwords or hard coded secrets * most IoT message transport protocols support some way to establish a secure channel. However, such secure channel protocols have traditionally been tightly coupled to their corresponding transport protocols, and they are only connection based. Therefore security over multiple hops cannot be established, enabling too curious observers or even attacks at interception points. * there's a separation between IoT transport protocols (e.g. MQTT, CoAP) and IP protocols, which creates vulnerabilities in end to end solutions * remote updates are mostly ad-hoc * authorization protocols such as OAuth2 have lacked adoption for IoT, despite their [potential](https://nordicapis.com/why-oauth-2-0-is-vital-to-iot-security/), because the security model is hard to implement (mutual TLS often seems easier for developers, although that requires advanced networking setup). Those choices are flawed trade-offs, because if customers/patients are relying on the information collected by these sensors, then an attacker can easily tamper or forge that information. ![Potential attack when multiple hops don't implement end to end encryption](/files/-MaTzNTn3iC5l3eu2bOm) ## Hidden complexity costs of current architectures Ockam.io provides a complementary use case in the following video: which shows how the current architectures make it very hard to protect its infrastructure that requires integration with many different vendors. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mediam.gitbook.io/mediam/prototypes/technical-issues-today.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.