Skip to main content
SpringerLink
Log in

Privacy-Aware Authentication in the Internet of Things

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9476))

Included in the following conference series:

Abstract

Besides the opportunities offered by the all-embracing Internet of Things (IoT) technology, it also poses a tremendous threat to the privacy of the carriers of these devices. In this work, we build upon the idea of an RFID-based IoT realized by means of standardized and well-established Internet protocols. In particular, we demonstrate how the Internet Protocol Security protocol suite (IPsec) can be applied in a privacy-aware manner. Therefore, we introduce a privacy-aware mutual authentication protocol compatible with restrictions imposed by the IPsec standard and analyze its privacy and security properties. With this work, we show that privacy in the IoT can be achieved without proprietary protocols and on the basis of existing Internet standards.

The full version of this extended abstract is available in the IACR Cryptology ePrint Archive.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In the full version of this paper we adapt the HPVP model [9] to prove the required properties of mutual authentication protocols following the IPsec standard.

References

  1. Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Armknecht, F., Chen, L., Sadeghi, A.-R., Wachsmann, C.: Anonymous authentication for RFID systems. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 158–175. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Armknecht, F., Sadeghi, A., Scafuro, A., Visconti, I., Wachsmann, C.: Impossibility results for RFID privacy notions. Trans. Comput. Sci. 11, 39–63 (2010)

    MathSciNet  Google Scholar 

  4. Armknecht, F., Sadeghi, A.-R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Burmester, M., de Medeiros, B., Motta, R.: Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. IJACT 1(2), 79–90 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  6. Coisel, I., Martin, T.: Untangling RFID privacy models. J. Comput. Netw. Commun. 2013, 710275:1–710275:26 (2013)

    Google Scholar 

  7. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (2008)

    Google Scholar 

  8. Gross, H., Wenger, E., Martín, H., Hutter, M.: PIONEER—a prototype for the internet of things based on an extendable EPC Gen2 RFID tag. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 54–73. Springer, Heidelberg (2014)

    Google Scholar 

  9. Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Hermans, J., Peeters, R., Preneel, B.: Proper RFID privacy: model and protocols. IEEE Trans. Mob. Comput. 13(12), 2888–2902 (2014)

    Article  Google Scholar 

  11. Hummen, R., Shafagh, H., Raza, S., Voigt, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based internet of things. In: SECON, pp. 284–292. IEEE (2014)

    Google Scholar 

  12. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard), Sept. 2010. Obsoleted by RFC 7296, updated by RFCs 5998, 6989

    Google Scholar 

  13. Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (2005)

    Google Scholar 

  14. Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the internet of things. Ad Hoc Netw. 11(8), 2710–2723 (2013)

    Article  Google Scholar 

  15. Paise, R., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: ASIACCS, pp. 292–299. ACM (2008)

    Google Scholar 

  16. Peeters, R., Hermans, J., Fan, J.: BIHOP: proper privacy preserving mutual RFID authentication. In: RFIDSec Asia, pp. 45–56. IOS Press (2013)

    Google Scholar 

  17. Rescorla, E., Modadugu, N.: atagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard), January 2012

    Google Scholar 

  18. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank the anonymous reviewers for their valuable comments. This work has been supported by the Austrian Science Fund (FWF) under the grant number TRP251-N23 (Realizing a Secure Internet of Things - ReSIT), the FFG research program SeCoS (project number 836628) and by EU Horizon 2020 through project Prismacloud (GA No. 644962).

Author information

Authors and Affiliations

  1. Graz University of Technology, Inffeldgasse 16a, 8010, Graz, Austria

    Hannes Gross, Daniel Slamanig & Raphael Spreitzer

  2. University of Maribor, Smetanova Ulica 17, 2000, Maribor, Slovenia

    Marko Hölbl

Authors
  1. Hannes Gross
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marko Hölbl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Slamanig
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raphael Spreitzer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hannes Gross .

Editor information

Editors and Affiliations

  1. Department of Computer Science, UNC Chapel Hill, CHAPEL HILL, North Carolina, USA

    Michael Reiter

  2. Départment d'Informatique, Ecole Normale Supérieure, Paris, French Southern Territories

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Gross, H., Hölbl, M., Slamanig, D., Spreitzer, R. (2015). Privacy-Aware Authentication in the Internet of Things. In: Reiter, M., Naccache, D. (eds) Cryptology and Network Security. CANS 2015. Lecture Notes in Computer Science(), vol 9476. Springer, Cham. https://doi.org/10.1007/978-3-319-26823-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26823-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26822-4

  • Online ISBN: 978-3-319-26823-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation