You are about connecting new field devices to your IoT infrastructure.
In order to restrict and control access to IoT Hub's resources, as a security solution you are going to use SAS tokens based on symmetric keys.
Which one of the following is not required to generate a SAS token?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Option A is incorrect because to get authorized to connect to IoT Hub, devices use their primary key stored in the hub's identity registry.
Option B is incorrect because security tokens are limited in time validity, therefore an expiry time must be set.
Option C is CORRECT because using X.509 certificates is a different way of authenticating devices with IoT Hub, and it is based on asymmetric keys, while you are going to use symmetric keys.
Option D is incorrect because security tokens are limited in scope (they grant access only to selected IoT Hub resources), therefore the uri of the given resources must be given.
Diagram:
# sample token generator
<pre class="brush:java;">def create_sas_token(uri, key, policy, expiry=7200):
ttl = time() + expiry.
signing_key = "%s\n%d" % ((parse.quote_plus(uri)), int(ttl))
signature = b64encode(HMAC(b64decode(key), signing_key.encode('utf-8'), sha256).digest())
raw_token = {
'sr' :uri,
'sig': signature,
'se' : str(int(ttl))
}
if policy is not None:
raw_token['skn'] = policy.
return 'SharedAccessSignature ' + parse.urlencode(raw_token)
</pre>
Reference:
The correct answer is C. X.509 certificate.
SAS (Shared Access Signature) tokens are used for providing temporary, limited access to resources in an Azure IoT Hub. They can be used to restrict access to specific devices or specific operations within the IoT Hub. SAS tokens can be generated based on symmetric keys or X.509 certificates.
When generating a SAS token based on symmetric keys, the following information is required:
A. Device's symmetric key: Each device connected to the IoT Hub has a unique symmetric key. This key is used to generate a SAS token that allows the device to authenticate with the IoT Hub.
B. Time of expiry: The SAS token needs to have a limited lifespan to ensure that it cannot be used indefinitely. The time of expiry is set when the token is generated.
D. Resource URI: The resource URI specifies the endpoint that the token will be used to access. For example, a SAS token could be generated for a specific device or for a specific operation within the IoT Hub.
Therefore, the correct answer is C. X.509 certificate, which is not required to generate a SAS token based on symmetric keys. X.509 certificates are used to authenticate devices using a different mechanism than symmetric keys, and they are not required when generating SAS tokens based on symmetric keys.