SpringerLink
Log in

Security Evaluation of Authentication Requirements in IoT Gateways

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

In the Internet of Things (IoT) context, gateways are devices that play a strategic role in the communication of things with the external environment. Gateways help with the problem of heterogeneity, acting to carry out the communication of the devices even if they use different protocols. Their centralized and strategic position in an IoT network makes security a key concern, as an attack on this device may leave the entire system vulnerable. Considering the security requirements in IoT, authentication is essential since devices should be authenticated before being inserted into the environment. The main contribution of this paper is the evaluation of the authentication compliance levels of currently used IoT gateways. A methodology is proposed to assess authentication requirements in IoT gateways, making it possible to analyze and select various authentication requirements published by recognized technical organizations such as IoTSF and OWASP. Several gateways currently used were chosen, installed, and configured, and a requirements inspection process was performed. In terms of results, it is possible to observe that, in their default configuration, the current gateways can only meet approximately 66% of the authentication requirements proposed by technical organizations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availability

The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Notes

  1. The list of prioritized authentication requirements can be found at https://bit.ly/3HD7rYy.

  2. Gateway Authentication Requirements Evaluation Report. Available at https://bit.ly/3O3Kmk9.

References

  1. Nandy, T., Idris, M.Y.I.B., Noor, R.M., Kiah, L.M., Lun, L.S., Juma’at, N.B.A., Ahmedy, I., Ghani, N.A., Bhattacharyya, S.: Review on security of internet of things authentication mechanism. IEEE Access 7, 151054 (2019)

    Article  Google Scholar 

  2. Lins, F.A.A., Vieira, M.: Security requirements and solutions for iot gateways: A comprehensive study. IEEE Internet Things J. 8(11), 8667 (2020)

    Article  Google Scholar 

  3. AT &T. Intelligent Business. https://www.business.att.com/learn/research-reports/att-intelligent-business-report.html (2021). Accessed 3 Sept 2021

  4. IoT Security Foundation. Secure Design Best Practice Guides—Release v2. https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf (2019). Accessed 14 July 2022

  5. Narayanaswamy, S., Kumar, A.V.: Application layer security authentication protocols for the internet of things: a survey. Adv. Sci. Technol. Eng. Syst. J. 4(1), 317 (2019)

    Article  Google Scholar 

  6. Prathibha, L., Fatima, K.: 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS), pp. 673–678. IEEE, New York (2018)

  7. IoTSF IoT Security Compliance Framework Release 2.1 May 2020. https://www.iotsecurityfoundation.org/tag/release-2-1/. Accessed 14 July 2022

  8. OWASP IoT Security Verification Standard. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf. Accessed 16 May 2021

  9. v2 Authentication verification requirements—OWASP Annotated Application Security Verification Standard 3.0.0 documentation. https://owasp-aasvs.readthedocs.io/en/latest/v2.html. Accessed 16 May 2021

  10. ENISA, E.: European Union Agency for Cybersecurity Heraklion, Greece (2017)

  11. IoT Security & Privacy Trust Framework. https://internetsociety.org/wp-content/uploads/2018/05/iot_trust_framework2.5a_EN.pdf. Accessed 6 June 2021

  12. Cyber Security for Consumer Internet of Things—Baseline Requirements 2020. https://etsi.org/deliver/etsi_en/303600_303699/303645/02.01.00_30/en_303645v020100v.pdf. Accessed 7 June 2021

  13. CSA IoT Security Controls Framework Version 2. https://cloudsecurityalliance.org/artifacts/csa-iot-security-controls-framework-v2/. Accessed 6 June 2021

  14. GSMA IoT Security Assessment Checklist https://gsma.com/security/resources/clp-17-gsma-iot-security-assessment-checklist-v3-0/. Accessed 8 Apr 2021

  15. Donzia, S.K.Y., Kim, H.K., Hwang, H.J.: International Conference on Computational Science/Intelligence and Applied Informatics, pp. 49–58. Springer, Heidelberg (2018)

  16. Dickel, H., Podolskiy, V., Gerndt, M.: 2019 IEEE 12th Conference on Service-Oriented Computing and Applications (SOCA), pp. 17–24. IEEE, New York (2019)

  17. Poess, M., Nambiar, R., Kulkarni, K., Narasimhadevara, C., Rabl, T., Jacobsen, H.A.: 2018 IEEE 34th International Conference on Data Engineering (ICDE), pp. 1519–1530. IEEE, New York (2018)

  18. Ali, O., Ishak, M.K., Wuttisittikulkij, L., Maung, T.Z.B.: 2020 International Conference on Electronics, Information, and Communication (ICEIC), pp. 1–5. IEEE, New York (2020)

  19. M. Quiñones-Cuenca, H.P. Pachar Bravo, J. Martínez-Curipoma, L. Quiñones, R. Torres: Desarrollo y evaluación de un gateway móvil IoT para redes 4G LTE. Enfoque UTE 11(4), 16 (2020)

  20. Imdad, M., Jacob, D.W., Mahdin, H., Baharum, Z., Shaharudin, S.M., Azmi, M.S.: Internet of things (IoT); security requirements, attacks and counter measures. Indones. J. Electr. Eng. Comput. Sci. 18(3), 1520 (2020)

    Google Scholar 

  21. Hansch, G., Schneider, P., Fischer, K., Böttinger, K.: In 2019 24th ieee international conference on emerging technologies and factory automation (etfa), pp. 325–332. IEEE, New York (2019)

  22. Ankele, R., Marksteiner, S., Nahrgang, K., Vallant, H.: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–8. ACM, New York (2019)

  23. Papcun, P., Kajati, E., Cupkova, D., Mocnej, J., Miskuf, M., Zolotova, I.: Edge‐enabled IoT gateway criteria selection and evaluation. Concurr. Comput. Pract. Exp. 32(13), e5219 (2020)

    Article  Google Scholar 

  24. Kamalrudin, M., Ibrahim, A.A., Sidek, S.: Asia Pacific Requirements Engineering Conference, pp. 87–96. Springer, Cham (2017)

  25. Kebande, V.R., Menza, N.K., Venter, H.S.: Digital forensic readiness framework for smart homes. Int. J. Adv. Sci. Eng. Info. Technol. 8, 342 (2018)

    Google Scholar 

  26. Ali, W., Dustgeer, G., Awais, M., Shah, M.A.: 2017 23rd International Conference on Automation and Computing (ICAC), pp. 1–6. IEEE, New York (2017)

  27. Oh, S.R., Kim, Y.G.: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6. IEEE, New York (2017)

  28. Jaiswal, S., Gupta, D.: Proceedings of International Conference on Communication and Networks, pp. 419–427. Springer, Cahm (2017)

  29. Rodriguez, J.D.P., Schreckling, D., Posegga, J.: 2016 International Workshop on Secure Internet of Things (SIoT), pp. 1–10. IEEE, New York (2016)

  30. Zbořil, J., Hujňák, O., Malinka, K.: 2023 International Conference on Information Networking (ICOIN). IEEE, New York (2023). https://doi.org/10.1109/icoin56518.2023.10049047

  31. Amar, Y., Haddadi, H., Mortier, R., Brown, A., Colley, J.A., Crabtree, A.: An analysis of home IoT network traffic and behaviour. Preprint at https://arxiv.org/abs/1803.05368 (2018)

  32. Mukalazi, A., Boyacı, A.: 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pp. 1–8. (2022)

  33. Felix, E.F., Lins, F.A.A., Nóbrega, O.O., Gomes, D.R., Jesus, B.A., Vieira, M.: Proceedings of the 11th Latin-American Symposium on Dependable Computing. ACM, New York (2022). https://doi.org/10.1145/3569902.3569915

  34. Zuway, M.A.E., Farkash, H.M.: 2022 IEEE 21st International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA)). IEEE, New York (2022). https://doi.org/10.1109/sta56120.2022.10019124

  35. Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/. Accessed 11 May 2023

  36. OWASP®Zed Attack Proxy (ZAP). https://www.zaproxy.org/. Accessed 11 May 2023

  37. OMG: Business Process Model and Notation (BPMN), Version 2.0 (2011). http://www.omg.org/spec/BPMN/2.0

  38. Eclipse Kura Documentation. http://eclipse.github.io/kura/. Accessed 27 Mar 2021

  39. ThingsBoard IoT Gateway Documentation. https://thingsboard.io/docs/iot-gateway/. Accessed 21 Mar 2021

  40. WebIOPi Gateway Documentation. http://webiopi.trouch.com/. Accessed 21 Mar 2021

  41. WebThings Documentation. https://webthings.io/docs/. Accessed 20 Mar 2021

Download references

Author information

Author notes

  1. Fernando A. Aires Lins & Eduardo F. Felix

    Present address: Department of Computing, Federal Rural University of Pernambuco, Recife, Brazil

  2. Bruno A. Jesus & Marco Vieira

    Present address: Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal

Authors and Affiliations

  1. Department of Computing, Federal Rural University of Pernambuco, Recife, Brazil

    Diego R. Gomes & Obionor O. Nóbrega

Authors
  1. Diego R. Gomes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fernando A. Aires Lins
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Obionor O. Nóbrega
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eduardo F. Felix
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bruno A. Jesus
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Marco Vieira
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors reviewed the manuscript.

Corresponding author

Correspondence to Diego R. Gomes.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Ethical Approval

Not Applicable.

Research Involving in Human and Animal Participants

The authors also inform that no human participants or animals were involved in the research.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gomes, D.R., Lins, F.A.A., Nóbrega, O.O. et al. Security Evaluation of Authentication Requirements in IoT Gateways. J Netw Syst Manage 31, 67 (2023). https://doi.org/10.1007/s10922-023-09754-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-023-09754-z

Keywords

Search

Navigation