Compliance Evaluation of Cryptographic Security Requirements on IoT Gateways

Resumo

The Internet of Things is one of the new trends that has been drawing attention due to its rapid dissemination and acceptance. However, not knowing whether personal data and information are secure can hamper a more widespread acceptance of this technology by users. In this context, the security of one of the main components of the IoT system, the gateway, becomes even more relevant, as it is essential in connecting heterogeneous IoT devices. The IoT gateway ends up centralizing communication and system management, thus becoming a high-value target in terms of security. To improve confidentiality, IoT gateways should use cryptographic services implemented with appropriate configurations based on organizations or technical standards accepted by the scientific community. In this context, the main objective of this paper is to evaluate the security level of IoT gateways considering encryption requirements. For this, a subset of encryption requirements suggested by international technical organizations, such as IoTSF and OWASP, is selected. This evaluation was carried out in the security assessment of four IoT gateways considering cryptographic requirements. None of the gateways achieved more than 80% compliance with the selected requirements, which raises concerns regarding the security of their users’ data.