The Internet of Things (IoT) involves including electronics and software (e.g., communication software) in devices that are generally not considered computerized in nature or otherwise not considered capable of electronic control (e.g., standard embedded systems). Those devices are often referred to as cyber-physical (CP) devices/systems. Such cyber-physical systems typically present a significant challenge to network security, because those systems oftentimes lack meaningful security mechanisms. For example, cyber-physical systems typically lack the hardware underpinnings necessary for trustworthy key storage, boot, and execution within the components (e.g., systems-on-a-chip (SoCs)) and controllers that comprise the cyber-physical systems. Additionally, some IoT network stacks utilize non-optimized code for fragmentation and others do not have fragmentation support at all.
Various mechanisms have been employed to provide a higher level of network security for cyber-physical systems. For example, one approach involves establishing a network enclave such that low-security cyber-physical devices are “hidden” behind a gateway or router capable of higher security. In such systems, the cyber-physical gateway may be trusted to prevent the spread of malware that may originate from within the network enclave due to a lack of security of the cyber-physical devices. However, cyber-physical devices are increasingly connected to multiple networks simultaneously, which often makes the use of a cyber-physical gateway infeasible.