Skip to main content
SpringerLink
Log in

User Authentication for the Internet of Things

  • Conference paper
  • First Online:
Security Protocols XXVI (Security Protocols 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11286))

Included in the following conference series:

  • 625 Accesses

Abstract

The Internet of Things is coming to fruition, but current commercial offerings are dramatically insecure. The problem is not that many individual devices are vulnerable, but that there are billions of such devices and yet no concerted plan to make them secure. Since the IoT is here to stay, and will pervade the fabric of our society in a way that will make it impossible for any individual to opt out without retiring to a cave as a hermit, we must address the problem structurally, rather than with local band-aid fixes. This short position paper presents the basic requirements for a scalable user authentication solution for the Internet of Things. We hope it will stimulate a discussion leading to a coherent user authentication architecture for IoT. Our vision is that even the lowliest and most inexpensive of IoT devices ought to offer such basic security properties, but this will only happen if they are agreed upon and designed in from the start.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The Mirai botnet, which attacks IoT Linux-based IP cameras and home routers, is the one that most people remember, at the time of writing, but it is by no means an isolated incident.

  2. 2.

    https://www.gov.uk/government/publications/secure-by-design.

  3. 3.

    Confidentiality is the property of a system in which certain information may only be read by authorized users. Integrity is the property of a system in which certain information may only be altered by authorized users, and in compliance with designated constraints. Availability is the property of a system to which authorized users have access, with designated guarantees, regardless of attempts by unauthorized users to deny such access.

  4. 4.

    Don’t believe in airgaps.

  5. 5.

    SPW 2011, LNCS 7114.

Acknowledgments

Frank Stajano is grateful to the European Research Council for funding the past five years of his research on user authentication through grant StG 307224 (Pico).

Author information

Authors and Affiliations

  1. University of Cambridge, Cambridge, UK

    Frank Stajano

  2. Capgemini, London, UK

    Mark Lomas

Authors
  1. Frank Stajano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Lomas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Lomas .

Editor information

Editors and Affiliations

  1. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

  2. Masaryk University, Brno, Czech Republic

    Petr Å venda

  3. University of Cambridge, Cambridge, UK

    Frank Stajano

  4. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  5. Memorial University of Newfoundland, St. John's, NL, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stajano, F., Lomas, M. (2018). User Authentication for the Internet of Things. In: Matyáš, V., Švenda, P., Stajano, F., Christianson, B., Anderson, J. (eds) Security Protocols XXVI. Security Protocols 2018. Lecture Notes in Computer Science(), vol 11286. Springer, Cham. https://doi.org/10.1007/978-3-030-03251-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03251-7_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03250-0

  • Online ISBN: 978-3-030-03251-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation