Abstract
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent current trust mechanisms. Given that identity is paramount to every security mechanism, such as authentication and access control, any vulnerable identity management mechanism undermines any attempt to build secure systems. While digital certificates are one of the most prevalent ways to establish identity and perform authentication, their provision at scale remains open. This provisioning process is usually an arduous task that encompasses device configuration, including identity and key provisioning. Human configuration errors are often the source of many security and privacy issues, so this task should be semi-autonomous to minimize erroneous configurations during this process. In this paper, we propose an identity management (IdM) and authentication method called YubiAuthIoT. The overall provisioning has an average runtime of 1137.8 ms . We integrate this method with the FIWARE platform, as a way to provision and authenticate IoT devices.
Highlights
The Internet of Things (IoT) allows everyday objects to connect to the Internet
We explore an authentication mechanism for IoT devices integrated on FIWARE
The paper explores the lack of secure provisioning, authentication, and communication mechanisms between devices independent of FIWARE, but that can be integrated into the platform so that devices that belong only to a trusted pool can be considered secure
Summary
The Internet of Things (IoT) allows everyday objects (equipped with computational and communicative capacity) to connect to the Internet. The realistic implementation of smart cities is challenged on all costs of design and operation, heterogeneity among devices, enormous data collection and analysis, information security, and sustainability. In this context, the European Commission made available the FIWARE platform [5], which is an open-source middleware developed to contribute to the creation of technologies aimed at the Internet of the Future and capable of meeting a wide range of requirements relevant for IoT platforms. Other available API functions are described in the official stack document [6] On these smart city platforms, one of the most important characteristics to consider is security and privacy [7,8,9]. If these systems are hacked or fail, it can lead to catastrophic consequences
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have