Uncertainty-aware authentication model for IoT

Mohammad Heydari, Alexios Mylonas, Vasilis Katos, Emili Balaguer-Ballester, Amna Altaf, Vahid Heydari Fami Tafreshi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Handling the process of authentication for the hundred million of computer embedded devices in Internet of Things (IoT) is not achievable without considering inherent IoT characteristics like scalability, heterogeneity, dependency and dynamism. In one hand, traditional and emerging access control models cannot handle indeterminate data access scenarios in IoT by applying deterministic access policies. On the other hand, moving towards resilient access control paradigms needs new attitudes and current manual risk analysis methods that rely on vulnerability calculations do not fit in IoT. This holds true as considering vulnerability as the key player in risk assessment is no longer efficient way to tackle with indeterminate access scenarios due to complicated dependency and scalability of IoT environment. Moreover, most of the IoT devices are not patchable so by discovering new vulnerabilities the vulnerable devices need to be replaced. Therefore, IoT needs agile, resilient and automatic authentication process. This work suggests a novel authentication method based on our previous work in which uncertainty was introduced as one of the neglected challenges in IoT. Uncertainty in authentication derived from incomplete information about incident happening upon authenticating an entity. Part of IoT characteristics makes such an uncertainty worse. Therefore, we have proposed an uncertainty-aware authentication model based on Attribute-Based Access Control (ABAC). Our prediction model is able to consider the uncertainty factor of mobile entities as well as fixed ones in authentication. In doing so, we have built our prediction model using boosting classifiers (AdaBoost and Gradient Boosting algorithms) besides voting classifier. We have compared the results with our previous work. Our designated model (AdaBoost) can achieve authentication performance with 86.54% accuracy.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers
EditorsSokratis Katsikas, Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Stefanos Gritzalis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Frank Pallas, Jörg Pohle, Angela Sasse, Weizhi Meng, Steven Furnell, Joaquin Garcia-Alfaro
PublisherSpringer Nature
Pages224-237
Number of pages14
ISBN (Electronic)9783030420482
ISBN (Print)9783030420475
DOIs
Publication statusPublished - 22 Feb 2020
Event5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg City, Luxembourg
Duration: 26 Sept 201927 Sept 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11980 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019
Country/TerritoryLuxembourg
CityLuxembourg City
Period26/09/1927/09/19

Keywords

  • Authentication
  • Internet of Things
  • Prediction model
  • Supervised learning
  • Uncertainty

Fingerprint

Dive into the research topics of 'Uncertainty-aware authentication model for IoT'. Together they form a unique fingerprint.

Cite this