As the number of devices and sensors in an IoT based ecosystem grows, the system becomes more and more complex. For instance, many sensors and controllers do not support energy-intensive protocols such as Bluetooth or Wi-Fi, requiring the network to support multiple communication protocols. Also, the sheer size of the network makes it practically impossible to allow all devices to communicate directly with systems. About 72 percent of network infrastructure professionals deploy IoT gateways, to gain control over the ecosystem, in such a scenario. IoT gateways, placed on the edge of the network, offer connectivity to several “things” inside the network, using Wi-Fi, Ethernet, or any other available technology.
Gateways also perform a critical function of securing the IoT based network. The IoT gateway, being the Edge device between the Internet and the intranet is the point of entry for threat vectors, and the first line of defence for the system. As such, securing the IoT gateways is critical to secure the network.
Assign Strong Identities
One best practise for securing an IoT network is using the gateway to secure all things on the intranet. The basic step to secure IoT gateways is assigning an identity to the gateway device, preferably using X.509 Digital Certificates. Assigning an identity ensures commands issued to devices or sensors emancipate from a trusted device. Likewise, assign strong identities for the devices and sensors in the field. Providing identities allows setting up the gateway as a proxy between the platform and the devices in the field.
Gateway devices are susceptible to physical tampering. Hackers may extract and clone private keys, to launch spoofing or man-in-the-middle attacks. Embedding a Trusted Platform Module (TPM) device into the Gateway, or using Physical Unclonable Function (PUF) pre-empts such risks. These tools store the private keys of all Digital Certificates in a secure way, and ensure it does not leave the gateway.
Using IoT gateways to secure the network ensures fidelity to the three key core principles of security, viz: confidentiality, integrity, and authentication.