Question

From Azure development guide https://azure.microsoft.com/en-us/documentation/articles/iot-hub-devguide, there is a small section (shown as below) talking about device anti-spoofing. It is not clear for me, it says IoT hub stamps every message with properties, but for me device anti-spoofing is that IoT hub to stop receiving messages sent from any spoofed device. Please help to explain how does this work?

Anti-spoofing properties

To avoid device spoofing in device-to-cloud messages, IoT Hub stamps all messages with the following properties:

• ConnectionDeviceId
• ConnectionDeviceGenerationId
• ConnectionAuthMethod

Answer 1

In IoT Hub there is a device registry that is used to authorize devices to the gateway. After authentication the device is checked against the registry.

When a device is registered with IoT Hub, the device's identity and key are saved in the device registry. This device and key is what the device uses to authenticate to the service.

The generation ID is a key part of this too. When the device is first registered with IoT Hub, a generation ID is assigned to the device. The purpose of this is to distinguish between identity registrations of the same device ID (added, removed, and then later added).

If you're interested in a deeper dive into the IoT Hub architecture see Clemen's 2015 Build talk here.