Security Evaluation of Authentication Requirements in IoT Gateways

In the Internet of Things (IoT) context, gateways are devices that play a strategic role in the communication of things with the external environment. Gateways help with the problem of heterogeneity, acting to carry out the communication of the devices even if they use different protocols. Their centralized and strategic position in an IoT network makes security a key concern, as an attack on this device may leave the entire system vulnerable. Considering the security requirements in IoT, authentication is essential since devices should be authenticated before being inserted into the environment. The main contribution of this paper is the evaluation of the authentication compliance levels of currently used IoT gateways. A methodology is proposed to assess authentication requirements in IoT gateways, making it possible to analyze and select various authentication requirements published by recognized technical organizations such as IoTSF and OWASP. Several gateways currently used were chosen, installed, and configured, and a requirements inspection process was performed. In terms of results, it is possible to observe that, in their default configuration, the current gateways can only meet approximately 66% of the authentication requirements proposed by technical organizations.