Enhanced IoT security through orchestrated policy enforcement gateways

The increasing number of IoT devices raises concerns about the amount of data they generate and – more importantly – their content, having security and privacy implications. The Things are mostly constrained by typical embedded design limitations from non-extensible functionalities to poor or nonexistent configuration; adding security features to these devices is therefore impractical. This paper presents a network security infrastructure suitable for IoT devices, which aims at offloading the security from the devices to the nearest network edge they are connected to. First, the SECURED architecture for the network edge device (NED) is detailed: its components, security policy refinement and translation, and the way it addresses mobility of the things. Then, the SHIELD architecture proposes to extend and strengthen the security of the IoT devices by leveraging the dynamic deployment of security controls with analytics, which permits orchestrated security at the entire infrastructure level – allowing a new threat detection paradigm.