Evaluating Cryptographic Security Requirements in IoT Gateways

The need to improve the security of devices and systems is widely acknowledged in the context of the Internet of Things (IoT). In theory, users will not adopt IoT solutions without evidence that preventive security measures have been taken to avoid problems such as unlimited data exposure and privacy violations. This is even more relevant when considering IoT gateways, as they act as a central resource for IoT systems to communicate with each other. A key resource is cryptographic security, which aims to improve the level of system protection by assessing the adoption of cryptographic security requirements. This paper presents and discusses the results of a study on the cryptographic security features of several gateways currently used by the IoT community. We discuss the encryption quality levels of these gateways and show that corrective actions must be urgently taken to improve security to an advanced level. The study is based on a solid methodology, described through a BPMN process, to support the engineering of cryptographic security requirements for IoT gateways. The methodology describes how to conduct the requirements adoption assessment, from the search and selection of specific requirements to their verification.