A physically deployed, multi-layer secure IoT gateway on Raspberry Pi 5 — combining MQTT, nftables, HMAC integrity, Suricata IDS, and AI-driven anomaly detection.
3 simulated sensor nodes — temperature · humidity · pressure — publishing HMAC-signed MQTT messages with DB-persisted FCnt counters
Mosquitto 2.x with TLS 1.2+, password authentication, per-device ACL rules, and WireGuard VPN tunneling
nftables stateful firewall (whitelist + rate-limit + auto-block) · Suricata IDS · HMAC-SHA256 verification · FCnt replay protection
Python collector → SQLite · Isolation Forest anomaly detection (480 training windows, score threshold 0.15)
Flask REST API (4 endpoints) · Grafana 13 dashboard (3 panels: telemetry, alerts, gateway stats)
Captured MQTT frame retransmitted with stale FCnt. DB-persisted counter rejects any frame with FCnt ≤ last accepted.
5/5 detected · <1s MTTDPayload body modified in transit with fabricated MAC string. Timing-safe compare_digest catches every mismatch.
5/5 detected · <1s MTTDnmap SYN scan against gateway interface. nftables rate-limiter activates, dropping excess SYN packets automatically.
100% blocked · rate-limit activeValid HMAC packets with fixed RSSI and 10× normal rate — simulating a software radio. Isolation Forest flags behavioral deviation.
Score 0.256 → 0.114 · Δ=0.14Python pipeline, sensor simulator, HMAC engine, Flask API, SQLite schema, Grafana dashboard, Isolation Forest model, anomaly injection simulation, LaTeX report, README.
RPi5 OS setup, Mosquitto TLS+ACL, nftables firewall, Suricata IDS, TLS certificate generation, attack simulations (replay, HMAC, port scan), systemd service units, GitHub SSH setup.
Source code, documentation, and full LaTeX report available on GitHub.