Cited By
View all- Gomes DLins FNóbrega OFelix EJesus BVieira M(2023)Security Evaluation of Authentication Requirements in IoT GatewaysJournal of Network and Systems Management10.1007/s10922-023-09754-z31:4Online publication date: 21-Jul-2023
Compliance Evaluation of Cryptographic Security Requirements on IoT Gateways
Authors: 
Eduardo F. Felix, Fernando A. A. Lins, Obionor O. Nóbrega, Diego R. Gomes, Bruno A. Jesus, Marco VieiraAuthors Info & Claims
Eduardo F. Felix, Fernando A. A. Lins, Obionor O. Nóbrega, Diego R. Gomes, Bruno A. Jesus, Marco VieiraAuthors Info & ClaimsPages 67 - 72
Abstract
The Internet of Things is one of the new trends that has been drawing attention due to its rapid dissemination and acceptance. However, not knowing whether personal data and information are secure can hamper a more widespread acceptance of this technology by users. In this context, the security of one of the main components of the IoT system, the gateway, becomes even more relevant, as it is essential in connecting heterogeneous IoT devices. The IoT gateway ends up centralizing communication and system management, thus becoming a high-value target in terms of security. To improve confidentiality, IoT gateways should use cryptographic services implemented with appropriate configurations based on organizations or technical standards accepted by the scientific community. In this context, the main objective of this paper is to evaluate the security level of IoT gateways considering encryption requirements. For this, a subset of encryption requirements suggested by international technical organizations, such as IoTSF and OWASP, is selected. This evaluation was carried out in the security assessment of four IoT gateways considering cryptographic requirements. None of the gateways achieved more than 80% compliance with the selected requirements, which raises concerns regarding the security of their users’ data.
References
[1]
FIPS PUB 46. 1977. Data Encryption Standard (DES). NIST, Springfield VA, USA(1977).
[2]
Elaine Barker and Quynh Dang. 2016. NIST Special Publication 800-57 part 1, revision 4. NIST, Tech. Rep 16(2016).
[3]
Elaine Barker and Allen Roginsky. 2011. NIST Special Publication 800-131A. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (2011).
[4]
Eclipse Kura 2015. Eclipse Kura Documentation. Retrieved Mar 27, 2021 from http://eclipse.github.io/kura/
[5]
Donald L Evans 2002. FIPS PUB 140-2 Change Notices (Dec. 3, 2002) Security Requirements for Cryptographic Modules Category: Computer Security Subcategory: Cryptography. Mar 12 (November 2002), 1–2.
[6]
G. Hansch, P. Schneider, K. Fischer and K. Böttinger. 2019. A Unified Architecture for Industrial IoT Security Requirements in Open Platform Communications. 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (2019), 325–332.
[7]
IoTSF 2009. NIST - IoT Security Foundation – make it safe to connect. Retrieved Fev 02, 2022 from https://www.nist.gov/
[8]
IoTSF 2015. IoTSF - IoT Security Foundation – make it safe to connect. Retrieved Fev 19, 2019 from https://www.iotsecurityfoundation.org/
[9]
IoTSF 2021. IoT Security Foundation – The Global Home of IoT Cybersecurity. Retrieved June 20, 2022 from https://www.iotsecurityfoundation.org/
[10]
ISAIEC [n. d.]. ISA/IEC 62443 Cybersecurity | ISA São Paulo Section. Retrieved March 3, 2022 from http://isasp.org.br/isa-iec-62443-cybersecurity/
[11]
J.-I. Choi, Y.-S. Oh, D. Kim, EY Choi and S.-H. Seo. 2018. Analysis of IoT Open-Platform Cryptographic Technology and Security Requirements. KIPS Tr. Comp. and Comm. Sys 7, 7 (2018), 183–194. https://doi.org/10.3745/KTCCS.2018.7.7.183
[12]
JD Parra Rodriguez, D. Schreckling and J. Posegga. 2016. Addressing Data-Centric Security Requirements for IoT-Based Systems. 2016 International Workshop on Secure Internet of Things (SIoT) (2016), 1–10. https://doi.org/10.1109/SIoT.2016.007
[13]
Fernando A Aires Lins and Marco Vieira. 2020. Security Requirements and Solutions for IoT Gateways: a Comprehensive Study. IEEE Internet of Things Journal 8, 11 (2020), 8667–8679. https://doi.org/10.1109/JIOT.2020.3041049
[14]
M. Imdad, D. Jacob, H. Mahdin, Z. Baharum, S. Shaharudin and M. Azmi. 2020. Internet of Things: Security Requirements, Attacks and Counter Measures. IEEE Access 18(2020), 1520.
[15]
M. Kamalrudin, AA Ibrahim and S. Sidek. 2018. A Security Requirements Library for the Development of Internet of Things (IoT) Applications. Requirements Engineering for Internet of Things (2018), 87–96. https://doi.org/10.1007/978-981-10-7796-8_7
[16]
Li Ning, Yasir Ali, Hu Ke, Shah Nazir, and Zhao Huanli. 2020. A Hybrid MCDM Approach of Selecting Lightweight Cryptographic Cipher Based on ISO and NIST Lightweight Cryptography Security Requirements for Internet of Health Things. IEEE Access 8(2020), 220165–220187.
[17]
DES NIST. 1980. Modes of Operation FIPS PUB 81.
[18]
OPC 2008. Unified Architecture. Retrieved March 3, 2022 from https://opcfoundation.org/about/opc-technologies/opc-ua/
[19]
OWASP Foundation 2001. OWASP Foundation | Open Source Foundation for Application Security. Retrieved Fev 19, 2022 from https://owasp.org/
[20]
P. Papcun, E. Kajati, D. Cupkova, J. Mocnej, M. Miskuf and I. Zolotova. 2020. Edge-enabled IoT gateway criteria selection and evaluation. Concurr. Computer Practice Exp 32, 13 (2020), e5219. https://doi.org/10.1002/cpe.5219
[21]
FIPS Pub. 2001. 186-2, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2. US Department of Commerce/National Institute of Standard and Technology 15 (January 2001).
[22]
R. Ankele, S. Marksteiner, K. Nahrgang, and H. Vallant. 2019. Requirements and Recommendations for IoT/IIoT Models to Automate Security Assurance Through Threat Modeling, Security Analysis and Penetration Testing. ACM Digital Library 18(2019), 1–8.
[23]
Secure Hash Standard. 1995. FIPS Pub 180-1. National Institute of Standards and Technology 17, 180(1995), 15.
[24]
ThingsBoard 2019. ThingsBoard IoT Gateway Documentation. Retrieved Mar 21, 2021 from https://thingsboard.io/docs/iot-gateway/
[25]
WebIOPi 2015. WebIOPi Gateway Documentation. Retrieved Mar 21, 2021 from http://webiopi.trouch.com/
[26]
WebThings 2017. WebThings Documentation. Retrieved Mar 21, 2021 from https://webthings.io/docs/
Index Terms
- Compliance Evaluation of Cryptographic Security Requirements on IoT Gateways
Recommendations
Security Evaluation of Authentication Requirements in IoT Gateways
AbstractIn the Internet of Things (IoT) context, gateways are devices that play a strategic role in the communication of things with the external environment. Gateways help with the problem of heterogeneity, acting to carry out the communication of the ...
Security Threats and Possible Countermeasures in IoT Applications Covering Different Industry Domains
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and SecurityThe world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently a plethora of interconnected smart devices have been deployed for diverse ...
Comments
Information & Contributors
Information
Published In
November 2022
167 pages
ISBN:9781450397377
DOI:10.1145/3569902
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 17 January 2023
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
LADC 2022
LADC 2022: Latin-American Symposium on Dependable Computing
November 21 - 24, 2022
Fortaleza/CE, Brazil
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 59Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)1
Reflects downloads up to 10 Oct 2024
Other Metrics
Citations
Cited By
View all- Gomes DLins FNóbrega OFelix EJesus BVieira M(2023)Security Evaluation of Authentication Requirements in IoT GatewaysJournal of Network and Systems Management10.1007/s10922-023-09754-z31:4Online publication date: 21-Jul-2023
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format