Known Unknowns: Indeterminacy In Authentication In IoT
Published 2020 · Computer Science
Abstract The Internet of Things (IoT), comprising a plethora of heterogeneous devices, is an enabling technology that can improve the quality of our daily lives, for instance by measuring parameters from the environment (e.g., humidity, temperature, weather, energy consumption, traffic, and others) or our bodies (e.g., health data). However, as with any technology, IoT has introduced a number of security and privacy challenges. Indeed, IoT devices create, process, transfer and store data, which are often sensitive, and which must be protected from unauthorized access. Similarly, the infrastructure that links with IoT, as well as the IoT devices themselves, is an asset that needs to be protected. The focus of this work is examining authentication in IoT. In particular, in this work we conducted a state-of-the-art review of the access control models that have been proposed, including both traditional access control models and emerging models that have recently been proposed and are tailored for IoT. We identified that the existing models cannot cope with indeterminacy, an inherent characteristic of IoT, which hinders authentication decisions. In this context, we studied the two known components of indeterminacy, i.e., uncertainty and ambiguity, and proposed a new model that handles indeterminacy in authentication in IoT environments.