Security Requirements and Solutions for IoT Gateways: A Comprehensive Study
Fernando Lins, Marco Vieira
Abstract
The need for improving the security level of Internet-of-Things (IoT) systems is growing. Users may refrain from using such systems if they realize that security measures are not in place. In this context, one of the most important IoT components has not received the necessary attention by the community: the gateway. IoT gateways play a central role in an IoT system as they solve heterogeneity issues. However, if compromised, gateways can be a source of security threats, and these threats become more relevant due to the gateway's central role. Gateways connect IoT devices and cloud services, and successful attacks on this component may exploit this fact. Using a well-known security requirements (SRs) engineering approach, this article evaluates and prioritizes SRs specifically for IoT gateways. The prioritization highlights a set of SRs that must be observed when evaluating and improving the gateway security level. Also, current solutions are detailed to support the enforcement of such SRs. Finally, a set of open challenges are discussed to highlight current research gaps that must be addressed to support SRs.