A Secure Edge Gateway Architecture for Wi-Fi-Enabled IoT

TL;DR

This paper introduces a lightweight, secure edge gateway architecture for Wi-Fi IoT networks that enhances security and resilience by monitoring traffic and preventing attacks with minimal performance impact.

Contribution

The paper proposes a novel edge gateway design that improves Wi-Fi IoT security through adaptive filtering and lightweight policies, suitable for medium-sized networks.

Findings

Reduced spoofing incidents by 87%

Improved recovery time after deauthentication by 42%

Minimal impact on network latency and throughput

Abstract

This paper presents a Secure Edge Gateway Architecture for Wi-Fi-Enabled IoT designed to strengthen local network protection without altering existing infrastructure. The proposed gateway acts as an intermediate control point between Wi-Fi access points and the core network, monitoring traffic, isolating untrusted devices, and preventing common wireless attacks such as spoofing, deauthentication, and unauthorized access. The design focuses on adaptive traffic filtering and lightweight policy enforcement instead of complex analytical models, making it suitable for medium-sized network environments. The prototype gateway was deployed in a real office with around 70 total devices, including 28 IoT units such as sensors, cameras, and smart controllers. Over ten days of continuous operation, the system reduced successful spoofing incidents by 87% and improved recovery time after deauthentication by 42%, while increasing network latency by only 3.1% and reducing throughput by less than 4% compared to a baseline WPA3 configuration. These results confirm that implementing security functions at the edge layer can significantly improve the resilience of Wi-Fi-enabled IoT environments without introducing noticeable overhead or requiring specialized hardware.