An Architecture for Distributing and Enforcing IoT Security at the Network Edge

Distributed networks are now a reality, and enforcing security on a single place is no longer possible. This requires multiple devices to apply security policies at the network edge in order to limit unwanted traffic to leave the designated area, as well as implementing fine-grained policies similar to what micro-segmentation is offering. In order to achieve this goal, it is required to distribute device-specified security policies across the network in a secure and resilient way. This paper describes the design and implementation of a novel architecture for both distributing and enforcing security policies designed to protect simple IoT devices as well servers and workstations. The validation step on a real network, confirmed that it could be successfully used to improve the overall security by moving protection from the center towards the network edge.