Avaliação de conformidade de requisitos de autenticação em gateways IOT

Detalhes bibliográficos
Ano de defesa: 2022
Autor(a) principal: GOMES, Diego Ribeiro lattes
Orientador(a): LINS, Fernando Antonio Aires
Banca de defesa: DOMINGUES, Jeísa Pereira de Oliveira, CORREIA NETO, Jorge da Silva, ROSA, Nelson Souto
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal Rural de Pernambuco
Programa de Pós-Graduação: Programa de Pós-Graduação em Informática Aplicada
Departamento: Departamento de Estatística e Informática
País: Brasil
Palavras-chave em Português:
Área do conhecimento CNPq:
Link de acesso: http://www.tede2.ufrpe.br:8080/tede2/handle/tede2/8674
Resumo: Within the Internet of Things, gateways are devices that play a strategic role in the communication of devices with the external environment. Gateways help with the problem of heterogeneity, acting to conduct the communication of devices even if they use different protocols. However, given its centralized and strategic position in an IoT network, gateway security becomes even more relevant. A successful attack on this device could leave everything inside the Internet of things (IoT) system vulnerable. In this context, considering traditional security requirements, authentication is incredibly important in IoT systems, since it is important that devices go through an authentication process before being inserted into the environment. In this dissertation, the main objective is to evaluate the authentication compliance levels of IoT gateways currently used in the community. For this, an evaluation methodology was developed, described in Business Process Model and Notation (BPMN), to evaluate authentication requirements in IoT gateways. Consequently, it was possible to analyze and select several authentication requirements published by internationally recognized technical organizations, such as IoTSF and OWASP. The gateways currently used in IoT were surveyed, installed, and configured, and the requirements inspection process was performed. In terms of results, it was possible to observe that current gateways, in their default configuration, can only meet approximately 66% of the authentication requirements presented by technical organizations.