Security Model
At Hestia Labs, security is not just a feature—it is the foundation of everything we build. We operate on a Zero-Trust model, which means that every single message sent between a device and the cloud is treated as potentially suspicious until it proves its identity.
Authentication and Identity
The Chain of Trust
To keep your world safe, we use a specialized security system that works like a high-security vault. It starts with the Device Identity.
Device Identity (Ed25519)
In HxTP/3.1, every device is the root of its own trust. Instead of being assigned a password by the cloud, the device generates its own Ed25519 keypair internally.
- Self-Generation: The private key is generated on the hardware and NEVER leaves the device.
- Public-Key Identity: The device's Public Key becomes its root identity on the Hestia Cloud.
- Zero-Secret Provisioning: Since there are no shared secrets, there is no risk of a central "master key" being stolen.
- Cryptographic Proof: Every message is signed with the private key, providing mathematical proof of origin.
Message Signing (The Digital Seal)
All HxTP communications are authenticated using Ed25519 signatures. This acts like a "Digital Seal" that is virtually impossible to forge.
// On the Cloud (sending a command)
const signature = crypto.signEd25519(cloudRootPrivateKey, canonicalString);
// On the Device (sending telemetry)
const signature = crypto.signEd25519(devicePrivateKey, canonicalString);
Trust Segregation
We strictly separate Transport Security from Protocol Trust:
- Layer 1: MQTT Session Tokens: Short-lived tokens that only authorize access to the message broker.
- Layer 2: HxTP Handshake: Mandatory Ed25519 handshakes (the
HELLOmessage) that authorize the device to enter theACTIVEstate.
Authorization and Access Control
Role-Based Access Control (RBAC)
We use a strict permission system to ensure that users only have access to what they need.
| Role | Device Discovery | Command Dispatch | Provisioning | Management |
|---|---|---|---|---|
| User | Read-Only | Restricted | Unauthorized | Unauthorized |
| Admin | Full Access | Full Access | Authorized | Authorized |
The Smart Shield (Safety Gateway)
Our Safety Gateway acts like a digital bodyguard, checking every request against a strict set of rules before it reaches your hardware.
Protection Against Common Threats
We've designed HxTP to be resilient against the most common types of digital attacks.
| Threat Category | Mitigation Strategy | Simple Explanation |
|---|---|---|
| Replay Attacks | Deterministic Nonce + Sequence | An intruder can't "record" a command and play it back later. |
| Eavesdropping | Mandatory TLS 1.3 | All data is scrambled so only you and the cloud can read it. |
| Identity Theft | Ed25519 Private Key Isolation | The device identity is locked in the hardware and cannot be extracted. |
| Privilege Escalation | Granular RBAC Enforcement | Permissions are checked at every single step. |
| Overload | Distributed Rate Limiting | We block anyone trying to flood your devices with requests. |