Identity in the Internet-of-Things (IoT): New Challenges and Opportunities

  • Kwok-Yan Lam
  • Chi-Hung Chi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9977)


From digitization to datafication, Internet-of-Things (IoT) plays an important role as enabler in the value creation process from big data. As is expected, security has naturally become one main concern in the IoT deployment. Due to the unique features and requirements of IoT, including limited compute resources, power, bandwidth and massive number of deployed IoT objects, and its loosely coupled networked architecture, new strategies and techniques are needed to provide feasible and practical solutions to IoT security. While substantial research efforts have been focusing on the lightweight communication protocols and cryptography/compression engines, one fundamental science question being asked is on the notion of “Identity in the Internet-of-Things” (or IDoT). In this paper, we would like to first explore the concept of IDoT and analyze why it is so unique as compared to the concept of “Identity of Users” (IDoU) in traditional networks and systems. Then we will survey on attribute-based, multi-factor authentication as an important approach to put this IDoT concept into practice. We will conclude this paper with open research issues in this direction.


Authentication Scheme Cloud Store Information Category Uniform Resource Identifier Physical Unclonable Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Palattella, M.R., Accettura, N., Vilajosana, X., Watteyne, T., Grieco, L.A., Boggia, G., Dohler, M.: Standardized protocol stack for the internet of (important) things. IEEE Commun. Surv. Tutorials 15(3), 1389–1406 (2013)CrossRefGoogle Scholar
  2. 2.
    Granjal, J., Monteiro, E., Silva, J.S.: Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun. Surv. Tutorials 17(3), 1294–1312 (2015)CrossRefGoogle Scholar
  3. 3.
    Zhao, K., Ge, L.: A survey on the internet of things security. In: Proceedings of Ninth IEEE International Conference on Computational Intelligence and Security (2013)Google Scholar
  4. 4.
    Sathish Kumar, J., Patel, D.R.: A survey on internet of things: security and privacy issues. Int. J. Comput. Appl. 90(11), 20–26 (2014)Google Scholar
  5. 5.
    McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: NISTIR 8114: Draft Report on Lightweight Cryptography. Technical Report, National Institute of Standards and Technology, U.S. Department of Commerce, August 2016Google Scholar
  6. 6.
    Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varc, K., Verbauwhede, I.: SPONGENT: the design space of lightweight cryptographic hashing. IEEE Trans. Comput. 62(10), 2014–2053 (2013)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Eisenbarth, T., Kumar, S.: A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 24(6), 522–533 (2007)CrossRefGoogle Scholar
  8. 8.
    Mouha, N.: The design space of lightweight cryptography. IACRA Cryptology ePrint Archive (2015)
  9. 9.
    Jaffey, T.: MQTT and CoAP, IoT Protocols. Eclipse Newsletter.
  10. 10.
    IBM, Eurotech. MQ Telemetry Transport (MQTT) V3.1 Protocol Specification (2010).
  11. 11.
    Shelby, Z., Hartke, K., Bormann, C.: Constrained Application Protocol (CoAP). Draft-IETF-Core-CoAP-18, June 20 (2013)Google Scholar
  12. 12.
    Wikipedia. Multi-factor Authentication.
  13. 13.
    Maes, R., Verbauwhede, I.: Physically unclonable functions: a study on the state of the art and future research directions. In: Sadeghi, A.-R., Naccache, D. (eds.): Towards Hardware-Intrinsic Security, pp. 3–37. Springer, Heidelberg (2010). Wikipedia. Physical unclonable functionGoogle Scholar
  14. 14.
    Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? a security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33027-8_17 CrossRefGoogle Scholar
  15. 15.
    Wikipedia. International Mobile Station Equipment Identity.
  16. 16.
    Williamson, G.: Enhanced authentication in online banking. J. Econ. Crime Manage. 4(2), 18–19 (2006)Google Scholar
  17. 17.
    Internet Assigned Numbers Authority (IANA).
  18. 18.
    Shi, W., Cao, J., Zhang, Q., Li, Y., Xu, L.: Edge computing: vision and challenges. IEEE Internet of Things J. 3(5) (2016)Google Scholar
  19. 19.
    Wikipedia. Attribute-based Encryption.
  20. 20.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). doi: 10.1007/11426639_27 CrossRefGoogle Scholar
  21. 21.
    Guo, S.Q., Zeng, Y.P.: Attribute-based signature scheme. In: Proceedings of IEEE International Conference on Information Security and Assurance (2008)Google Scholar
  22. 22.
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19074-2_24 CrossRefGoogle Scholar
  23. 23.
    Anada, H., Arita, S., Sakurai, K.: Attribute-based signatures without pairings via the fiat-shamir paradigm. In: Proceedings of the 2nd ACM Workshop on ASIA Public-Key Cryptography (2014)Google Scholar
  24. 24.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006)Google Scholar
  25. 25.
    Bethencourt, J., Sahai, A. Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy (2007)Google Scholar
  26. 26.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-70936-7_28 CrossRefGoogle Scholar
  27. 27.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of 16th ACM Conference on Computer and Communications Security (2009)Google Scholar
  28. 28.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_31 CrossRefGoogle Scholar
  29. 29.
    Okamoto, T., Takashima, K.: Efficient attribute-based signatures for non-monotone predicates in the standard model. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 35–52. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19379-8_3 CrossRefGoogle Scholar
  30. 30.
    Wang, H., Lymberopoulos, D., Liu, J.: Sensor-based user authentication. In: Abdelzaher, T., Pereira, N., Tovar, E. (eds.) EWSN 2015. LNCS, vol. 8965, pp. 168–185. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-15582-1_11 Google Scholar
  31. 31.
    Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 349–364. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45472-5_23 Google Scholar
  32. 32.
    Hayaski, E., Das, S., Amini, S., Hong, J., Oakley, I.: “Casa” Context-Aware Scalable Authentication. In: Proceedings of the 9th Symposium on usable Privacy and Security (2013)Google Scholar
  33. 33.
    Kayacik, G., Just, M., Baillie, L., Aspinall, D., Micallef, N.: Data driven authentication: on the effectiveness of user behaviour modelling with mobile device sensors. In: Proceedings of the Workshop on Mobile Security Technologies (MOST) (2014)Google Scholar
  34. 34.
    Shi, E., Niu, Y., Jakobsso, M., Chow, R.: Implicit authentication through learning user behavior. In: Proceedings of the 13th International Conference on Information Security (2011)Google Scholar
  35. 35.
    Singh, K., Muthukkumarasamy, V.: Using physiological signals for authentication in a group key agreement protocol. In: Proceedings of 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (2011)Google Scholar
  36. 36.
    Gehani, A., Chandra, S: PAST: probabilistic authentication of sensor timestamps. In: Proceedings of 22nd Annual Computer Security Applications Conference (ACSAC 2006) (2006)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringNanyang Technological UniversitySingaporeSingapore
  2. 2.Data61CSIROGeraldtonAustralia

Personalised recommendations