Using Wi-Fi Enabled Internet of Things Devices for Context-Aware Authentication
The increasing spread and adoption of the Internet of Things allows for novel methods to gather information about a user’s context, which can be used for enhanced authentication. In this article, we focus on context-aware authentication using information about Wi-Fi networks from a user’s wearables or nearables. We propose an additional factor for multi-factor authentication based on the other devices present on the same Wi-Fi network. Devices periodically discover all available peer MAC addresses. During subsequent authentication attempts, the network state is compared to previous network states saved under functionally similar conditions. If the devices on the network change significantly, a flag is raised and further action can be triggered. We also demonstrate the solution as a proof of concept.
KeywordsInternet of Things Security Wi-Fi Authentication
This work was supported by the Grant Agency of the Czech Technical University in Prague, grant No. SGS16/234/OHK3/3T/13.
- 3.Hulsebosch RJ, Salden AH, Bargh MS, Ebben PWG, Reitsma J (2005) Context sensitive access control. In: Proceedings of the tenth ACM symposium on access control models and technologies. SACMAT’05, New York, NY, USA. ACM, pp 111–119Google Scholar
- 5.Covington MJ, Long W, Srinivasan S, Dev AK, Ahamad M, Abowd GD (2001) Securing context-aware applications using environment roles. In: Proceedings of the sixth ACM symposium on access control models and technologies. SACMAT’01, New York, NY, USA. ACM, pp 10–20Google Scholar
- 6.Bhatti R, Bertino E, Ghafoor A (2004) A trust-based context-aware access control model for web-services. In: Proceedings of the IEEE international conference on web services. ICWS’04, Washington, DC, USA. IEEE Computer Society, 184Google Scholar
- 8.Perera C, Zaslavsky A, Christen P, Compton M, Georgakopoulos D (2013) Context-aware sensor search, selection and ranking model for internet of things middleware. In: 2013 IEEE 14th international conference on mobile data management, vol 1, June 2013, pp 314–322Google Scholar
- 9.Roggen D, Bchlin M, Schumm J, Holleczek T, Lombriser C, Trster G, Widmer L, Majoe D, Gutknecht J (2010) An educational and research kit for activity and context recognition from on-body sensors. In: 2010 international conference on body sensor networks, June 2010, pp 277–282Google Scholar
- 10.Wang Y, Liu J, Chen Y, Gruteser M, Yang J, Liu H (2014) E-eyes: device-free location-oriented activity identification using fine-grained wifi signatures. In: Proceedings of the 20th annual international conference on mobile computing and networking. MobiCom’14, New York, NY, USA. ACM, pp 617–628Google Scholar
- 11.Adib F, Kabelac Z, Katabi D, Miller RC (2014) 3d tracking via body radio reflections. In: Proceedings of the 11th USENIX conference on networked systems design and implementation. NSDI’14, Berkeley, CA, USA. USENIX Association, pp 317–329Google Scholar
- 12.Shi C, Liu J, Liu H, Chen Y (2017) Smart user authentication through actuation of daily activities leveraging wifi-enabled IoT. In: Proceedings of the 18th ACM international symposium on mobile ad hoc networking and computing. Mobihoc’17, New York, NY, USA. ACM, pp 5:1–5:10Google Scholar
- 13.Agadakos I, Hallgren P, Damopoulos D, Sabelfeld A, Portokalidis G (2016) Location-enhanced authentication using the IoT: because you cannot be in two places at once. In: Proceedings of the 32nd annual conference on computer security applications. ACSAC’16, New York, NY, USA. ACM, pp 251–264Google Scholar
- 15.Shone N, Dobbins C, Hurst W, Shi Q (2015) Digital memories based mobile user authentication for IoT. In: 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing, Oct 2015, pp 1796–1802Google Scholar
- 16.Saied YB, Olivereau A, Zeghlache D, Laurent M (2013) Trust management system design for the internet of things: a context-aware and multi-service approach. Comput Secur 39:351–365Google Scholar