Skip to main content
SpringerLink
Log in

Fixing User Authentication for the Internet of Things (IoT)

Integrating FIDO and OAuth into IoT

  • Schwerpunkt
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Abstract

Over the last few years Internet of Things products have become known for their weak security. News articles regularly describe security vulnerabilities of cars, surveillance cameras, kettles, and other IoT devices. There are, however, recent standardization activities addressing some of these security challenges. This article describes how the work of the IETF and the FIDO Alliance can lead to improved security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Literature

  1. H. Tschofenig, et al. “Architectural Considerations in Smart Object Networking”, RFC 7452, March 2015. <http://www.rfc-editor.org/info/rfc7452>.

  2. ISOC, “The Internet of Things (IoT): An Overview”, October 2015. <http://www.internetsociety.org/sites/default/files/ISOC-IoT-Overview-20151221-en.pdf>

  3. Z. Shelby, et al. “CoRE Resource Directory”, (work in progress), October 2015, <https://tools.ietf.org/html/draft-ietf-core-resource-directory>

  4. OMA, “LightweightM2M v1.0”, December 2015. <http://technical.openmobilealliance.org/Technical/technical-information/release-program/current-releases/oma-lightweightm2m-v1-0>

  5. L. Seitz, et al. “Authorization for the Internet of Things using OAuth 2.0”, (work in progress), December 2015. <https://tools.ietf.org/html/draft-ietf-ace-oauth-authz>

  6. W. Denniss et al. “OAuth 2.0 for Native Apps”, (work in progress), February 2016. <https://tools.ietf.org/html/draft-ietf-oauth-native-apps>

  7. Rob Coombs, “Securing the Future of Authentication with ARM TrustZone-based Trusted Execution Environment and Fast Identity Online (FIDO)”, May 2015.

  8. FIDO, “FIDO Privacy”, January 2016. <https://fidoalliance.org/resources/FIDO__Privacy_White_Paper_Jan_2016.pdf>

  9. IETF OAuth, “OAuth Security Workshop 2016”, 2016. <https://infsec.uni-trier.de/events/osw2016>

Download references

Author information

Authors and Affiliations

  1. Götzendorfplatz 2, 6060, Hall in Tirol, Austria

    Hannes Tschofenig

Authors
  1. Hannes Tschofenig
    View author publications

    You can also search for this author in PubMed Google Scholar

Additional information

Hannes Tschofenig is employed by ARM Limited. Prior employers include the European Data Protection Supervisor, Nokia/Nokia Networks, and Siemens. Currently, he is co-chair of the FIDO Alliance Privacy and Public Policy Working Group. E-Mail: Hannes.Tschofenig@arm.com

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tschofenig, H. Fixing User Authentication for the Internet of Things (IoT). Datenschutz Datensich 40, 222–224 (2016). https://doi.org/10.1007/s11623-016-0582-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-016-0582-1

Search

Navigation