TY - JOUR
T1 - Known unknowns: Indeterminacy in authentication in IoT
AU - Heydari, Mohammad
AU - Mylonas, Alexios
AU - Tafreshi, Vahid Heydari Fami
AU - Benkhelifa, Elhadj
AU - Singh, Surjit
PY - 2020/10/1
Y1 - 2020/10/1
N2 - The Internet of Things (IoT), comprising a plethora of heterogeneous devices, is an enabling technology that can improve the quality of our daily lives, for instance by measuring parameters from the environment (e.g., humidity, temperature, weather, energy consumption, traffic, and others) or our bodies (e.g., health data). However, as with any technology, IoT has introduced a number of security and privacy challenges. Indeed, IoT devices create, process, transfer and store data, which are often sensitive, and which must be protected from unauthorized access. Similarly, the infrastructure that links with IoT, as well as the IoT devices themselves, is an asset that needs to be protected. The focus of this work is examining authentication in IoT. In particular, in this work we conducted a state-of-the-art review of the access control models that have been proposed, including both traditional access control models and emerging models that have recently been proposed and are tailored for IoT. We identified that the existing models cannot cope with indeterminacy, an inherent characteristic of IoT, which hinders authentication decisions. In this context, we studied the two known components of indeterminacy, i.e., uncertainty and ambiguity, and proposed a new model that handles indeterminacy in authentication in IoT environments.
AB - The Internet of Things (IoT), comprising a plethora of heterogeneous devices, is an enabling technology that can improve the quality of our daily lives, for instance by measuring parameters from the environment (e.g., humidity, temperature, weather, energy consumption, traffic, and others) or our bodies (e.g., health data). However, as with any technology, IoT has introduced a number of security and privacy challenges. Indeed, IoT devices create, process, transfer and store data, which are often sensitive, and which must be protected from unauthorized access. Similarly, the infrastructure that links with IoT, as well as the IoT devices themselves, is an asset that needs to be protected. The focus of this work is examining authentication in IoT. In particular, in this work we conducted a state-of-the-art review of the access control models that have been proposed, including both traditional access control models and emerging models that have recently been proposed and are tailored for IoT. We identified that the existing models cannot cope with indeterminacy, an inherent characteristic of IoT, which hinders authentication decisions. In this context, we studied the two known components of indeterminacy, i.e., uncertainty and ambiguity, and proposed a new model that handles indeterminacy in authentication in IoT environments.
KW - Access control
KW - Ambiguity
KW - Authentication
KW - Internet of Things
KW - Uncertainty
UR - http://www.scopus.com/inward/record.url?scp=85084481077&partnerID=8YFLogxK
U2 - 10.1016/j.future.2020.03.005
DO - 10.1016/j.future.2020.03.005
M3 - Article
AN - SCOPUS:85084481077
SN - 0167-739X
VL - 111
SP - 278
EP - 287
JO - Future Generation Computer Systems: The International Journal of eScience (FGCS)
JF - Future Generation Computer Systems: The International Journal of eScience (FGCS)
ER -