MQTT security strategy for multi-client broker

I am designing a MQTT broker which will serve as a landing zone for many photon devices which are MQTT clients. Each device is associated with an individual (human) customer. Naturally, I don’t want to have customer data be mixed up and thought of using the Photon’s device id as the MQTT client id/top level topic. This would give me a unique landing zone for each customer and also bake in anonymity. Of course there will be a TLS security layer also.

Is this generally a good scheme or am I exposing data that shouldn’t be exposed by doing this? Any other complications you see with this sort of method, anything better you can recommend?

  1. Does having a passive attacker sniffing the traffic and knowing which device co-relates to a customer matter?
  2. With TLS implementation, do you mean that the MQTT traffic between the Photon and broker is encrypted?

@kennethlimcp:

  1. The sniffer would need to have access to the data stream close to the MQTT server would it not? If it were to be located at the customer’s network, they would already no the customer’s location. But anyhow, if the attacker could obtain the device id somehow, the next step would be to associate this with a customer i.e., location. The particle console connects only device id with email so that connection would be difficult to make, no?
  2. Yes TLS encrypts the traffic. So that device id should (at least in theory) not be sniffable with e.g. WireShark or products like that.